// non-custodial · m-of-n · your keys, your chain

A shared-treasury signing console where money moves only when a threshold of owners agree — and every signer sees the exact transaction before they sign. We coordinate and verify. We never touch a key or a coin.

keys: yours· funds: on-chain· coordinator: holds nothing· signing: in your browser
// 01 · the lesson of every big hack

The vault didn't break. The screen did.

The ~$1.5B Bybit theft in 2025 didn't break any smart contract. Attackers poisoned the signing interface so honest owners approved a malicious transaction that looked normal — a blind signature. The keys were fine. The contracts were fine. The screen lied.

⚠ the real attack surface

Most multisig tooling shows you an opaque blob and asks you to trust it. The layer that decides what you're actually signing is exactly where the money is lost — and exactly the layer Lion Signet replaces.

// 02 · how it works

Three layers. We're the one that can't steal.

Lion Signet is not a wallet and not a bank. It's the coordinator in the middle — it gathers each owner's cryptographic approval, verifies every one, enforces the threshold and policy, and combines them into a single authorization. It holds no key and no coin, so it cannot move funds, even if our servers were fully compromised.

layer 01

Owners

Each owner's signing key is derived in their own browser from a wallet signature. It never leaves the device.

holds → the keys
layer 02

Lion Signet

Collects approvals, verifies each signature, enforces M-of-N + policy, aggregates into one authorization.

holds → nothing
layer 03

On-chain vault

A smart contract that holds the treasury and releases funds only against a valid M-of-N authorization it verifies itself.

holds → the funds
  OWNERS                    LION SIGNET                   ON-CHAIN VAULT
  (wallets)                 (coordinator)                 (smart contract)
     │                          │                             │
     │  sign the exact tx       │  verify each sig,            │  verify the M-of-N
     │  ───────────────────►    │  enforce M-of-N + policy,    │  authorization, then
     │  (approval)               │  aggregate ──────────────►  │  move funds itself
     │                          │                             │
   keys: yours              holds NOTHING                 funds: on-chain

Register with your wallet. Connect MetaMask (or any injected EVM wallet) and sign once — your approval key is derived from that signature and never stored. Reconnect the same wallet on any device to recover the same identity. No seed phrase to lose.

// 03 · who holds the money

Where do the funds live — and who owns the contract?

Never us. The treasury sits in a smart contract that you control through your keys. There are two ways to run it, and in both the coordinator is powerless over the money:

On top of Gnosis Safe

Funds stay in Safe's audited, battle-tested contracts — securing $100B+ and owned/controlled by your Safe owners. Safe maintains the protocol. We're just the better signing screen on top. Adopting us never means moving your money.

Your own vault contract

An immutable, no-admin contract you deploy. Nobody upgrades or maintains it — the only authority is your M-of-N signatures, verified on-chain (EIP-197 pairing). If we vanished tomorrow, your funds keep working.

// 04 · threat model — the honest answers

"Can it be hacked?"

To move funds an attacker needs M distinct owners' valid signatures over that exact transfer. That reduces to the owners' keys and the threshold — here's every angle, including where we don't yet claim perfection.

Forge the signatures?

You'd have to break BLS over BN254 — deriving a private key from a public one — which is computationally infeasible. Each transfer digest binds (vault, recipient, token, amount, nonce), so a signature can't be replayed onto another transfer or reused after the nonce is spent.

Get several approvals from different owners? the core question

That's exactly what M-of-N is designed to make hard: compromising one owner is never enough. Each owner's key lives only in their own browser/wallet — never on our servers — so an attacker must independently compromise M separate people's devices. Tricking owners into signing a bad transfer (the Bybit vector) is blocked: every owner's app recomputes the digest locally and refuses to sign anything that doesn't match what's shown.

Compromise the coordinator (your servers)?

It has no keys, so it still can't move funds. The worst a fully-hacked coordinator can do is refuse service or show wrong data — and because owners verify the digest independently, a lying coordinator can't trick them into authorizing a bad transfer, and the on-chain vault only accepts a genuine M-of-N aggregate.

What we don't claim honesty

Owner collusion at or above the threshold is unfixable by design — that's what "M owners can move funds" means; choose your set accordingly. Our own vault contract isn't audited yet (which is why we recommend the Safe path first), and a compromised wallet compromises its derived key. No hand-waving.

// 05 · go-to-market

Why "on top of Safe" is the safer path

Custody is a trust business. Asking a treasury to move into a brand-new contract that holds funds means asking them to trust our code with their money — which takes audits, insurance and a track record measured in years. Sitting on top of Safe clears that wall entirely:

// 06 · what's inside

Capabilities

Wallet-derived identity

Connect a wallet, sign once, key derived from the signature. Nothing stored; the wallet is your backup.

Aggregate BLS multisig

M approvals over BN254 collapse into one constant-size signature — non-interactive, no signing rounds.

On-chain settlement

The aggregate verifies on a real EVM via the EIP-197 pairing precompile, then the vault does the transfer.

Anti-blind-sign

Every signer's app recomputes the digest locally and refuses to sign a mismatch. No opaque blobs.

Hosted policy

Recipient allowlists and per-transfer caps — the coordinator refuses to aggregate a violating transfer.

Owner-set governance

Rotate a key or change the threshold — authorized by the current M-of-N, never by us.

Operations history

Every transfer and config change, timestamped — with an optional tamper-evident on-chain checkpoint.

Threshold privacy + audit

Approve without revealing which owners signed — openable only by a designated audit authority.

Member chat

Coordinate proposals with your co-signers in a room per vault — decentralized, with no central chat server.

Don't trust. Verify.

Your keys. Your chain. Your coins. We only prove that everyone who had to agree, did — and that what you signed is exactly what moves. The coordinator is a witness, never a warden.

— signed, the cypherpunks were right · lion-signet-v1