Kiln

We have a business continuity and disaster recovery plan which we were certified for as part of our successful SOC 2 audit.

We have architected our platform to be resilient to underlying failure. Our main infrastructure is spread on 3 availability zones. In case of the loss of an availability zone we have a procedure to move resources on the remaining two. In case of the loss of all of our AWS availability zone in our main region, we can still access our Vault from a backup cloud provider location (Scaleway or another AWS region) and rebuild our infrastructure there. All of Kiln infrastructure is infrastructure as code (IAC) and stored in version controlled system (Git) and therefore can be recovered quickly. We run services in two additional clouds (Scaleway and OVH) which we could spin up in fast.

We routinely test the migration of validator servers to new infrastructure platforms.

By design Kiln collects a very small amount of data - only what is necessary to provide our service: customers' email addresses, organisation names, and public wallet addresses which customers are delegating from. All other data surfaced is public blockchain data or derived from it.

Kiln encrypts data at rest and in transit for all of our resources. We use tools like Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices.

Customer login data and organisation names are stored in industry-leading SaaS platform Auth0 (by Okta). Some analytics information is held in Segment (Twilio) and Mixpanel. Public wallet addresses are stored in AWS database services.

No, by design Kiln never has access to your assets. You are only delegating the rights to Kiln to validate the blockchain with your funds, but no other rights are transferred to Kiln.

On all dPOS chains, the staker always can unilaterally unstake their assets. It is therefore fully non-custodial at the protocol level.

On Ethereum, this is slightly complicated by the fact that validator exits are done by issuing a transaction that includes a message signed by the validator private key, which is held by Kiln. Kiln therefore enables customers to retrieve this pre-signed message such that they can exit unilaterally.

To fund a validator, the depositor issues a deposit transaction into the Beacon Chain deposit contract. This is the contract in which all the ETH staked sits - currently 34M ETH / $73B. It is not upgradeable.

The only address this ETH can go to upon exit of the validator is to the withdrawal_credentials address set by the depositor upon deposit

Kiln’s batch deposit contract is a thin layer on top of the Beacon Chain deposit contract, it ‘batches’ calls to this contract for gas optimisation and does not hold any assets

Kiln customers can exit validators unilaterally at any time by sending a pre-signed exit message which they can retrieve at any point from the Kiln API - specs

We have purpose built our Ethereum infrastructure to mitigate slashing risk as much as possible. Our anti-slashing practices are endorsed by the Ethereum Foundation, and we have written about them at length in this blog post.

• When a new stable release is available for validator client nodes, we start by using it in testnet. For dPoS protocols, there is one node to update, for Ethereum we upgrade with a canary deployment method (test on 5 nodes, then 10, then 100 etc.)

• Once we judge the testnet nodes are stable, we roll out the upgrade to mainnet (canary deployment for eth, direct roll out for dPoS)

• Our infrastructure team uses alerting and monitoring during this multi-step release process to make sure everything works correctly, if anything wrong happens during a release, we have processes to roll back.

Kiln is a multi-disciplinary team of 85+ composed of blockchain industry experts from companies such as Google, Consensys, Ledger, Circle, Fireblocks, Blockdaemon and Chainalysis. We are proud to have $13b+ stake under management across 50+ blockchains, top-tier performance, and 0 security incidents.

We employ a comprehensive multi-layered security infrastructure that includes SOC2 Type II certification, multi-cloud deployment across providers like AWS, GCP, and OVH, with all sensitive information secured in Hashicorp Vault⁠ instances⁠. The infrastructure features strict access controls, network isolation per blockchain, and geographic distribution of validators for resilience⁠⁠. Security measures include automated GitOps workflows, continuous monitoring, and regular security audits⁠. The platform is protected by multiple layers of anti-slashing protection endorsed by the Ethereum Foundation, and is backed by insurance coverage from providers like Amtrust and MunichRe.