Client Overview
Crossmint is an all-in-one platform that enables businesses to integrate wallets, stablecoins, and other blockchain primitives into their products, AI agents, or apps. Trusted by leading financial institutions such as MoneyGram and Santander Bank, as well as thousands of startups, Crossmint provides the infrastructure to make blockchain technology accessible and reliable for both enterprises and developers.
With a commitment to transparency and open innovation, Crossmint is developing a non-custodial system designed to be fully open-sourced, ensuring every layer of its technology can be independently verified and trusted.
Key Security Challenges
As Crossmint prepared to launch its non-custodial infrastructure, it faced two complex security challenges:
Multi-Adversary Trust Model
Because Crossmint’s system is designed to be non-custodial, it needed to defend against multiple potential adversaries simultaneously. These included external attackers attempting to compromise its infrastructure, malicious host applications trying to extract user keys, and even internal risks such as potential privilege misuse.
Zero-Trust Non-Custodial Architecture Design
Since the system would be open-sourced, every mechanism - cryptographic key derivation, encrypted secret distribution, and communication authentication - had to withstand public scrutiny. Crossmint required independent validation to ensure the entire design was both technically sound and resilient under a zero-trust model.
Halborn’s Solutions
Halborn partnered with Crossmint as more than an auditor, acting as an extension of their security and architecture team. The engagement went far beyond traditional code review. Halborn’s engineers worked hand-in-hand with Crossmint to assess, refine, and reinforce the security design of the entire system.
The collaboration included:
Reviewing and validating the underlying cryptographic assumptions in key management and authentication flows.
Brainstorming architectural improvements that strengthened Crossmint’s defenses across all layers.
Prototyping enhanced authentication mechanisms that demonstrated real-world improvements in security resilience.
Crossmint’s Risk Director, Jon Eichhorn, reflected on the partnership: “Halborn provides a quality review process and a positive experience throughout the engagement while performing an in-depth technical analysis. Their review gives us additional comfort in our solutions, knowing they have been audited by a qualified, independent organization.”
Halborn’s hands-on, proactive approach helped Crossmint reinforce its multi-adversary protection model while preserving user control and transparency.
Outcomes Beyond the Core Audit
The collaboration delivered meaningful results that extended beyond the scope of a standard audit:
Crossmint implemented several improvements that enhanced the robustness of its product offering and strengthened customer confidence.
The engagement produced a detailed public report, offering additional assurance to institutions and developers adopting Crossmint’s solutions.
Going Above and Beyond
Halborn’s ability to engage deeply with Crossmint’s engineering team and co-develop secure architectural strategies exemplified its Secure by Design philosophy. Rather than simply identifying risks, Halborn contributed to the creative process of building resilient systems that anticipate and withstand modern attack vectors.
For a company building the foundational infrastructure of enterprise-grade blockchain adoption, Crossmint gained more than a security partner. It gained a trusted collaborator helping define how zero-trust, non-custodial systems can be both open and secure.
