Self-custody execution infrastructure for trading firms.

Architecture

Signing co-located with builders

Block builders operate in specific data centers. Latency-sensitive trading requires your signing path to be in the same region as the active builder. CrypDefi runs signing infrastructure in multiple regions, co-located with builder endpoints and your algorithms. Your signer is always close to the action, not stuck in a single fixed location.

Hot path on top, control plane below. Strategy, risk, signing, and routing run on a short, in-region path. Strategy rules, trade log, IAM, and treasury live off-path and compile into the runtime envelope ahead of time. Nothing crosses at runtime.

Enclave library

Custom enclaves with embedded policies

Pre-built signing environments for venues, strategies, and execution patterns. Each ships with a deployment guide and default policy. Filterable by chain, venue, and use case.

Hyperliquid

Co-located signing for Hyperliquid perps. Tuned for sub-block latency and order-book strategies.

Hyperliquid

Raydium

Solana AMM signing path. Optimized for swap routing and LP rebalancing inside one slot.

Solana

SolFi

Signing enclave for SolFi market making. Inline policy with venue-specific risk limits.

Solana

Uniswap

Uniswap v3 / v4 signing across mainnet and major L2s. Shared policy and audit envelope.

EthereumBaseArbitrum

Aerodrome

Base-native AMM signing path. MEV-protected routing on by default.

Base

XRPL

Native XRPL signing enclave for payments, DEX, and tokenized asset workflows.

XRPL

Sushiswap

Multi-chain Sushi signing across EVM venues. One signer, per-chain policy.

EthereumArbitrumBase

Filterable catalog and per-enclave deployment guides ship in v1.1.

Signing engine

Sub-1ms signing, where the action is

The signing engine is payload-aware and runtime-compiled. Policies and payload validations are compiled for your use cases, ahead of time and present inline with the signing engine. No external API calls needed for signature but with maximal control over what you sign. Validation runs in the same enclave, in the same hot path, in microseconds.

Deploy the enclave into your environment. The hot path is a local RPC call to the signer — no remote round-trip, no extra network hop.

use crypdefi::{Client, Tx};

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    // Provisions a secure signing environment and returns a ready client.
    let client = Client::deploy()
        .region("eu-central-1")
        .chain("ethereum")
        .await?;

    // First call generates the key inside the secure environment.
    let wallet = client.wallet().await?;
    println!("address: {}", wallet.address());

    // Sign and submit. Keys never leave the secure environment.
    let tx = Tx::transfer(wallet.address(), "0xdAC1...1ec7", "100 USDC");
    let receipt = client.send(tx).await?;
    println!("landed in block {}", receipt.block_number);

    Ok(())
}

Validator-aware routing and public latency benchmarks are landing this quarter.

Indicative latency. Full p50/p95/p99/p99.9 benchmarks publishing in v1.1.

Policy engine

Composable policy. No tradeoffs

We ship a curated library of pre-built policy components. Deploy as-is, or compose multiple components into a custom enforcement profile. Custom policies, built and certified by the CrypDefi team, are available on request. Self-authored YAML policy authoring is on the roadmap; for now, policy is curated to keep enforcement guarantees tight.

MEV protection

Private routing, with explicit fallback

Routes through private order flow infrastructure connected to leading block builders by default. Falls back to your declared policy when private routing isn't available.

ashburn

secaucus

salt lake city

dublin

london

amsterdam

frankfurt

tokyo

singapore

crypdefi locationblock builder

builder topology

Deployment & security

On-prem by default. Audited by design

Deploy the enclave directly into your environment | your data center, cloud account, or colo. Keys, policy, and the hot path stay inside your perimeter. CrypDefi never holds your signing material, and composes with your existing custody stack | Fireblocks, Fordefi, Copper, Ledger, BitGo, or internal.