A shared-treasury signing console where money moves only when a threshold of owners agree — and every signer sees the exact transaction before they sign. We coordinate and verify. We never touch a key or a coin.
The ~$1.5B Bybit theft in 2025 didn't break any smart contract. Attackers poisoned the signing interface so honest owners approved a malicious transaction that looked normal — a blind signature. The keys were fine. The contracts were fine. The screen lied.
Most multisig tooling shows you an opaque blob and asks you to trust it. The layer that decides what you're actually signing is exactly where the money is lost — and exactly the layer Lion Signet replaces.
Lion Signet is not a wallet and not a bank. It's the coordinator in the middle — it gathers each owner's cryptographic approval, verifies every one, enforces the threshold and policy, and combines them into a single authorization. It holds no key and no coin, so it cannot move funds, even if our servers were fully compromised.
Each owner's signing key is derived in their own browser from a wallet signature. It never leaves the device.
Collects approvals, verifies each signature, enforces M-of-N + policy, aggregates into one authorization.
A smart contract that holds the treasury and releases funds only against a valid M-of-N authorization it verifies itself.
OWNERS LION SIGNET ON-CHAIN VAULT (wallets) (coordinator) (smart contract) │ │ │ │ sign the exact tx │ verify each sig, │ verify the M-of-N │ ───────────────────► │ enforce M-of-N + policy, │ authorization, then │ (approval) │ aggregate ──────────────► │ move funds itself │ │ │ keys: yours holds NOTHING funds: on-chain
Register with your wallet. Connect MetaMask (or any injected EVM wallet) and sign once — your approval key is derived from that signature and never stored. Reconnect the same wallet on any device to recover the same identity. No seed phrase to lose.
Never us. The treasury sits in a smart contract that you control through your keys. There are two ways to run it, and in both the coordinator is powerless over the money:
Funds stay in Safe's audited, battle-tested contracts — securing $100B+ and owned/controlled by your Safe owners. Safe maintains the protocol. We're just the better signing screen on top. Adopting us never means moving your money.
An immutable, no-admin contract you deploy. Nobody upgrades or maintains it — the only authority is your M-of-N signatures, verified on-chain (EIP-197 pairing). If we vanished tomorrow, your funds keep working.
To move funds an attacker needs M distinct owners' valid signatures over that exact transfer. That reduces to the owners' keys and the threshold — here's every angle, including where we don't yet claim perfection.
You'd have to break BLS over BN254 — deriving a private key from a public one — which is computationally infeasible. Each transfer digest binds (vault, recipient, token, amount, nonce), so a signature can't be replayed onto another transfer or reused after the nonce is spent.
That's exactly what M-of-N is designed to make hard: compromising one owner is never enough. Each owner's key lives only in their own browser/wallet — never on our servers — so an attacker must independently compromise M separate people's devices. Tricking owners into signing a bad transfer (the Bybit vector) is blocked: every owner's app recomputes the digest locally and refuses to sign anything that doesn't match what's shown.
It has no keys, so it still can't move funds. The worst a fully-hacked coordinator can do is refuse service or show wrong data — and because owners verify the digest independently, a lying coordinator can't trick them into authorizing a bad transfer, and the on-chain vault only accepts a genuine M-of-N aggregate.
Owner collusion at or above the threshold is unfixable by design — that's what "M owners can move funds" means; choose your set accordingly. Our own vault contract isn't audited yet (which is why we recommend the Safe path first), and a compromised wallet compromises its derived key. No hand-waving.
Custody is a trust business. Asking a treasury to move into a brand-new contract that holds funds means asking them to trust our code with their money — which takes audits, insurance and a track record measured in years. Sitting on top of Safe clears that wall entirely:
Connect a wallet, sign once, key derived from the signature. Nothing stored; the wallet is your backup.
M approvals over BN254 collapse into one constant-size signature — non-interactive, no signing rounds.
The aggregate verifies on a real EVM via the EIP-197 pairing precompile, then the vault does the transfer.
Every signer's app recomputes the digest locally and refuses to sign a mismatch. No opaque blobs.
Recipient allowlists and per-transfer caps — the coordinator refuses to aggregate a violating transfer.
Rotate a key or change the threshold — authorized by the current M-of-N, never by us.
Every transfer and config change, timestamped — with an optional tamper-evident on-chain checkpoint.
Approve without revealing which owners signed — openable only by a designated audit authority.
Coordinate proposals with your co-signers in a room per vault — decentralized, with no central chat server.
Don't trust. Verify.
Your keys. Your chain. Your coins. We only prove that everyone who had to agree, did — and that what you signed is exactly what moves. The coordinator is a witness, never a warden.