DACC recognizes and prioritizes the responsibility of protecting client data, staff, systems, facilities, and internal information. Security is a core focus for DACC and a foundational component of our operations. “Paranoia as policy” is embraced by our operating and technical teams.
The operational nuances of an emerging industry, coupled with the risks facing all crypto asset holders, creates a complex threat landscape that cannot be sufficiently addressed with legacy defenses. DACC’s goal is to avoid mistakes and oversights and manage threats by starting with tangible risk management and a zero-trust approach. The cornerstone of this approach is DACC’s proprietary, off-chain, multi-signature cold storage of client private keys.
- Air-gapped cold storage
- CISO and security team with national security and financial services experience
- Private keys never exposed to operations staff
- Off-chain multi-signature required for all egress transfers
- Internal and external penetration testing
- Insider threat and anti-collusion controls
- Internal and external security review of source code
- Certified and whitelisted software on all endpoints
All operations requiring access to a client private key, or similarly sensitive systems or processes, are conducted within secure facilities that require staff members to authenticate their identities using a combination of biometric data, PIN codes, and proximity cards.
Our facilities utilize closed circuit 24x7 video monitoring, have 24x7 armed security, and industry leading intrusion detection, fire suppression and environmental control systems. Access to client private keys can only be accomplished in restricted areas by authorized staff members that require additional authentication protocols.
In addition to these enhanced protocols, restricted areas are “air-gapped”, meaning they have no network access – including and most especially internet access – and have specialized shielding to limit threats anticipated by sophisticated adversaries. This environemnt is consistent with what is required by Intelligence Community Directive (ICD) 705, Sensitive Compartmented Information Facilities (SCIF) – Physical and Technical Security Requirements. Our operations facilities are audited by third parties and have received SOC 1 Type 2, SOC 2 Type 2, and ISO 27001 certifications.
meet the security team
Chief Information Security Officer (CISO)
Adam has over 15 years of cyber security experience working in numerous highly regulated industries. This experience includes numerous roles within the US Intelligence Community and Department of Defense with several postings overseas. Additionally, Adam led cyber security engineering teams at Palantir Technologies, was a member of Microsoft’s National Security Group, and was an active duty US Marine. Adam holds several industry certifications.
Chief Technology Officer (CTO)
Sean has over 20 years of experience building and managing technology and security operations, most recently at Blue Ridge Capital as CISO and Trafelet & Company. Sean is a Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH).