Answer

Bridge uses a hybrid key management approach that combines hardware security modules (HSM), with additional security measures including secure enclaves, trusted execution environments, encrypted storage, and policy-based controls. The system is designed for custodial wallets where Bridge maintains effective control of the private keys through secure enclaves, rather than offering self-custody options.

Wallet keys are held securely in segregated enclaves which makes them very safe and transactions can only happen in our trusted execution environment (TEE).

Bridge doesn’t hold in "cold" wallets right now but we get "cold" like properties with USDB. USDB is closed loop which means there is no open market for trading. This is a security feature because if the USDB is compromised, there is no utility outside of the Bridge Ecosystem. USDB can be frozen, destroyed or clawed back in the event of an issue. Because reserves are fully decoupled from the token, it adds another layer of security.

Bridge implements multiple audit mechanisms for infrastructure access, including: centralized logging of all web traffic and infrastructure activity, an intrusion detection system (IDS) for monitoring potential intrusions, role-based access controls with annual reviews, two-factor authentication for sensitive systems, and continuous security monitoring through Drata. All system logs are collected in a central location and can be queried by authorized users.

Bridge engages with a third-party to conduct penetration tests of our production environment at least annually. Bridge also utilizes automated tests to continuously evaluate security and application logic controls. The results are then reviewed by management and any high priority findings are tracked for resolution.

Bridge has robust cyber crime insurance coverage through Stripe. This covers both network security events and privacy events regardless of malicious intent.

Bridge's incident response plan requires users to report incidents within 24 hours to the Information Security Manager (ISM). The ISM conducts a preliminary investigation within 48 hours to assess severity (High/Medium/Low) and implements containment measures. For High/Medium incidents, the ISM works with Legal, HR, and Brand teams to execute communications plans. The incident response includes preserving forensic evidence, documenting root cause analysis, and conducting post-incident reviews to prevent recurrence.

Bridge wallets don’t transact directly with external wallets - they move to a withdrawal wallet before we send funds out. These require internal approvals for larger amounts.