Last updated 8 months ago
The security of Cardano's treasury comes down to how its private keys are stored and protected. ADA's treasury safeguards share key vulnerabilities with systems that have failed elsewhere.
MyKey’s Iso-CAR architecture eliminates the vulnerabilities inherent in current models by reimagining key custody from the ground up. This is entirely new technology.
This is the total amount allocated to Isomorphic Cryptographic Asset Repository (Iso-CAR).
Please provide your proposal title
Isomorphic Cryptographic Asset Repository (Iso-CAR)
Enter the amount of funding you are requesting in ADA
95000
Please specify how many months you expect your project to last
6
Please indicate if your proposal has been auto-translated
No
Original Language
en
What is the problem you want to solve?
The security of Cardano's treasury comes down to how its private keys are stored and protected. ADA's treasury safeguards share key vulnerabilities with systems that have failed elsewhere.
Supporting links
Does your project have any dependencies on other organizations, technical or otherwise?
No
Describe any dependencies or write 'No dependencies'
No Dependencies
Will your project's outputs be fully open source?
No
License and Additional Information
Each separate user will need a separate license or role based access.
Please choose the most relevant theme and tag related to the outcomes of your proposal.
Security
Describe what makes your idea innovative compared to what has been previously funded (whether by you or others).
Iso-CAR is created as the first of its kind. It utilizes an isomorphic method with quantum-secure cryptography data compression in a way that only the owner of the asset has any knowledge of the type or amount of the digital asset. Iso-CAR's architecture eliminates the need for traditional wallets or custodial storage. This is achieved by implementing a frontend external key management (EKM) hierarchical deterministic (HD) key management scheme that creates a cryptographic resolution capable of completely severing connections to any previous digital footprint of any prior key association.
Describe what your prototype or MVP will demonstrate, and where it can be accessed.
The prototype will demonstrate a testable, demoable working sandbox environment for ADA key management. Accessable and usable features will include: Digital asset deposit and withdrawal mechanics; an external key management system (EKM); data packing techniques, like data compression; isomorphic quantum-secure data hash packing; a lattice-based cryptographic hash function; a workflow integration with permissios and access controls; private internet access (PIA) Channel-Based Transmission; Distributed Tunnel Mesh; Tunnel Layer Encryption; Repository Sectoring.
Describe realistic measures of success, ideally with on-chain metrics.
Please describe your proposed solution and how it addresses the problem
Iso-CAR (Isomorphic Cryptographic Asset Repository)
Iso-CAR is a post-quantum-resistant, off-network, non-custodial digital asset storage platform designed to address the vulnerabilities that have repeatedly led to catastrophic losses in the blockchain sector: private key compromise, centralized custody breaches, on-chain traceability, and dependency on exposed network infrastructure. In an environment where billions in value have been lost due to these weaknesses, Iso-CAR represents a fundamental redesign of digital asset custody — removing the concept of a “wallet” from both the operational workflow and the attack surface.
Rather than maintaining long-lived private keys tied to a persistent on-chain address history, Iso-CAR uses a hardened, hierarchical deterministic (HD) External Key Management (EKM) system. For every deposit, a new child key is generated through hardened derivation paths that are cryptographically unlinkable to previous keys or transactions. Even if a single deposit key were compromised, no other holdings could be inferred or accessed. This per-deposit key derivation is one of the most important distinctions from other custody models, as it systematically severs the forensic and analytical linkages that can reveal patterns, holdings, or ownership.
All Iso-CAR operations occur off-network. Key handling, signing, and transaction preparation happen on isolated, hardened interface devices that have no open-internet connectivity. These devices run compartmentalized operating systems, where activities are segmented into secure environments to minimize the risk of cross-contamination or lateral movement. Once a transaction is prepared and secured, it is transmitted via a private, channel-based, multi-hop tunnel — a Private Internet Access (PIA) system engineered specifically for this platform. Unlike consumer VPNs, this tunnel encrypts data before entry and preserves that encryption across all hops, revealing minimal metadata to any intermediary and only allowing decryption at the final authorized endpoint.
The repository receiving these transactions is itself fully disconnected from the open web. It is built on a “sectoring” model, where each client or asset class has a dedicated physical and logical partition. No commingling of data or keys occurs across sectors, and trust boundaries are enforced not just logically but also operationally. Within each sector, multi-master replication ensures that there is no single point of failure; should a hardware fault occur, another replicated node can seamlessly continue operations. Role-Based Access Control (RBAC) policies govern who can deposit, withdraw, audit, or administer each sector. These policies can enforce separation of duties, such as granting one party deposit rights but not withdrawal rights. Every action within the repository generates a unique cryptographic hash that is chained into an immutable Proof-of-Action (PoA) log, creating an evidentiary-quality chain of custody suitable for regulatory, forensic, or governance review.
Iso-CAR also introduces isomorphic data packing — a cryptographic technique that allows the structural relationships of encrypted data to be preserved without revealing the underlying plaintext. This enables certain operations, such as organization, verification, or structural analysis, to be performed without decryption. When combined with compression, the result is a secure, bandwidth-efficient, and storage-efficient transfer and storage process. All cryptographic primitives are lattice-based and post-quantum-resistant, ensuring the confidentiality and integrity of stored data even in the advent of powerful quantum computing capabilities.
This architecture offers clear advantages over multiparty computation (MPC) wallets, which require online coordination among key shares and often leave transactional metadata or timing patterns that can be exploited. It also surpasses hardware security module (HSM) vault approaches, which are frequently network-managed, may still be tied to static key associations, and often depend on the operational security of the vendor. In Iso-CAR, the asset owner retains sole control over keys — no custodian or provider ever has the ability to sign on the owner’s behalf.
The privacy model is equally robust. Because each deposit uses a fresh, unlinkable key, blockchain analytics tools cannot associate multiple transactions to the same entity without direct access to the repository’s internal records. Even in scenarios where a single transaction is public, no further exposure of the entity’s total holdings or historical activity occurs. This privacy-by-architecture is particularly valuable for large treasuries, such as Cardano’s, where governance participants may wish to move funds without revealing strategy or exact balances to external observers.
Iso-CAR’s layered security model can be summarized in four independent but mutually reinforcing forms of isolation: hardware isolation via dedicated, air-gapped interface devices; cryptographic isolation through lattice-based post-quantum encryption; network isolation with a private, distributed, layered-encryption tunnel mesh; and operational isolation with sectoring, RBAC, and immutable PoA logs. Each layer is designed to withstand attack independently, meaning that breaching one layer does not expose the others.
From an implementation standpoint, Iso-CAR requires no inbound web APIs, no reliance on public cloud infrastructure, and no trust in external custodians. Deployment involves provisioning the isolated interface devices, configuring the private tunnel, setting up the sectored repository, and integrating RBAC and logging with the organization’s governance framework. Once in place, the operational workflow is straightforward: deposits and withdrawals are initiated from the isolated device, processed via the tunnel, and recorded in the sector’s PoA log.
For Cardano’s ecosystem, the potential impact is significant. Other major networks have lost substantial treasury or ecosystem funds to attacks that exploited the exact vulnerabilities Iso-CAR is designed to eliminate. High-profile examples include bridge exploits such as Ronin and Harmony Horizon, custodian breaches like Fortress Trust, and exchange hot wallet hacks at platforms like BitMart. In each of these cases, the underlying cause was key compromise, exposure of signing infrastructure, or exploitable linkages between transactions. Iso-CAR’s architecture addresses all of these root causes by design.
Integrating Iso-CAR into Cardano’s treasury or governance processes would deliver multiple benefits:
First, it would ensure that treasury keys are never exposed to online threats or stored in systems vulnerable to intrusion. Second, it would allow treasury operations — including disbursements to Catalyst-funded projects — to occur with complete separation of duties and a tamper-proof chain of custody. Third, it would insulate the treasury from future quantum computing threats through the adoption of post-quantum cryptography now, rather than waiting until such threats are imminent. Finally, it would protect the privacy of governance-controlled transactions by ensuring that on-chain activity cannot be trivially linked to treasury addresses.
Iso-CAR is also asset-agnostic, meaning it could be extended to secure other critical keys in the Cardano ecosystem, such as those for sidechains, Layer 2 solutions, or enterprise integrations. This flexibility, combined with its non-custodial design and governance compatibility, positions Iso-CAR as a security foundation for Cardano’s long-term growth and stability.
In conclusion, Iso-CAR is not simply an incremental improvement on existing custody solutions — it is a rethinking of how digital asset custody should work in a hostile and rapidly evolving threat environment. By combining walletless operation, post-quantum cryptography, off-network architecture, and sector-based repository management, it offers privacy, resilience, and provable control unmatched by MPC or HSM-based solutions. For the Cardano community, adopting Iso-CAR for treasury operations would not just mitigate risk; it would set a new global standard for how Layer 1 networks protect their most valuable resources.
Please define the positive impact your project will have on the wider Cardano community
Positive Impact on the Wider Cardano Community
The Cardano community has built one of the most robust and forward-thinking governance systems in the blockchain industry, underpinned by a treasury worth over 1.7 billion ADA. This treasury is not just a pool of funds — it is the lifeline of the ecosystem, fueling continuous protocol development, funding Project Catalyst innovations, supporting community-driven initiatives, and sustaining the long-term vision of a decentralized, equitable, and secure global financial operating system.
Despite its strengths, Cardano’s treasury — like any large concentration of digital assets — remains an attractive target for sophisticated cyber adversaries, state-sponsored actors, and insider threats. History across the blockchain industry has proven that even well-protected systems, including those with multi-signature controls, regulated custodians, and on-chain smart contract safeguards, can suffer catastrophic losses when private keys are compromised or custody infrastructure is breached.
High-profile examples — such as the Ronin Bridge ($620M), Harmony Horizon ($100M), Poly Network ($610M), Wormhole ($300M), Fortress Trust ($12–15M), and BitMart ($196M) incidents — all demonstrate a simple truth: the loss of control over signing keys or the compromise of the systems that protect them can render every other layer of security irrelevant. These attacks were not limited to Layer 2 bridges or DeFi protocols; custodians, centralized exchanges, and hybrid governance systems have all suffered similar fates.
Our project directly addresses this root vulnerability by introducing Iso-CAR (Isomorphic Cryptographic Asset Repository) — a walletless, non-custodial, quantum-secure, and completely off-network key management platform — into the Cardano treasury security model. By integrating Iso-CAR into the governance processes that manage treasury disbursements, the Cardano community can effectively eliminate entire categories of risk that have caused billions of dollars in losses across the industry.
Direct Positive Impacts on the Cardano Community
Iso-CAR removes private keys from personal devices, custodian-controlled systems, and the cloud. All key generation, storage, and signing happen within an isolated, air-gapped environment using hardened hierarchical deterministic (HD) derivation. Even if a governance member’s laptop or custodian partner is compromised, attackers gain nothing without physical access to the Iso-CAR environment.
Every key-related action in Iso-CAR is recorded in a tamper-evident, cryptographically hashed chain-of-custody log. Governance members can review these logs without exposing sensitive operational details, making insider misuse detectable and provable.
The project integrates lattice-based post-quantum cryptography, ensuring that treasury keys remain secure even in the face of future quantum computing threats. This not only protects current assets but also ensures that Cardano maintains operational continuity for decades.
Iso-CAR operates off-network with automated multi-master replication and repository sectoring. The system remains functional and secure even during extended internet outages, infrastructure disruptions, or attempts at censorship.
Our solution is not a disruptive overhaul — it complements Cardano’s existing treasury approval processes. Multi-party approval remains intact, but signing keys are shielded from digital exfiltration and physical tampering.
Once deployed, Iso-CAR offers predictable, low operational costs while providing security levels typically reserved for classified government systems. This ensures that Catalyst funds are used effectively without introducing recurring high-cost custodial fees.
Wider Ecosystem Benefits Beyond Treasury Security
While our initial focus is on securing the Cardano treasury itself, the same Iso-CAR infrastructure can be extended to other large ADA holdings and mission-critical operations within the Cardano ecosystem:
• Decentralized Autonomous Organizations (DAOs) holding multi-million ADA treasuries.
• Catalyst-funded projects that receive large disbursements and need secure storage before deployment.
• Layer 2 networks and sidechains that interact with Cardano and require secure custody of bridge reserves.
• Enterprise and government partners leveraging Cardano for high-value asset tokenization.
By providing an open demonstration sandbox as part of this project, we will give the community — from developers to governance participants — the opportunity to directly test and evaluate the technology, ensuring transparency and trust in its design and performance.
Reputation and Competitive Advantage for Cardano
Cardano has already earned a reputation for scientific rigor, peer-reviewed research, and methodical governance. By proactively adopting Iso-CAR’s advanced security measures, Cardano can set a new global benchmark for Layer 1 treasury protection. This has several cascading benefits:
• Investor Confidence: Large holders and institutional partners will see Cardano as the safest blockchain for long-term treasury storage.
• Ecosystem Growth: More projects and DAOs will choose Cardano for treasury management due to the proven, battle-hardened security model.
• Media Narrative: Headlines shift from “treasury lost to hackers” to “Cardano leads industry with unbreachable treasury model.”
• Community Trust: Every ADA holder benefits from knowing that the protocol’s core financial resources are protected by the most advanced security architecture available.
Tangible, Measurable Outcomes
By the conclusion of this project, the Cardano community will have:
• A fully operational, testable sandbox demonstrating all Iso-CAR core features.
• Documented integration pathways for embedding Iso-CAR into treasury workflows.
• Independent security review results confirming the robustness of the architecture.
• A public demonstration video and close-out report ensuring accountability and transparency.
The measurable outcomes include a documented reduction in attack surface for the treasury, the elimination of specific high-probability attack vectors, and the successful simulation of governance-controlled ADA transactions under secure conditions.
Long-Term Strategic Impact
Integrating Iso-CAR is not just a defensive measure — it’s a strategic investment in Cardano’s resilience. This project ensures that:
• Cardano’s treasury remains intact regardless of evolving cyber threats.
• The ecosystem’s financial backbone is insulated from the fate of other blockchains and custodians that have suffered catastrophic losses.
• The Cardano community gains a permanent competitive differentiator in security — one that will be difficult for other blockchains to match without major architectural changes.
In short, this project directly strengthens Cardano’s security, stability, and credibility, ensuring the network’s resources can continue fueling innovation and growth for the long term.
If adopted, this proposal will not only make Cardano’s treasury significantly more secure but will also elevate the entire ecosystem’s security standards, cementing Cardano’s position as the most resilient and governance-focused blockchain platform in the world.
What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?
Capability to Deliver with High Trust and Accountability
Our team combines deep technical expertise, real-world operational experience, and a proven record of delivering secure, auditable blockchain infrastructure for mission-critical environments. We have designed this project from the outset to be executed in a transparent, milestone-driven manner, ensuring trust with the Cardano community and alignment with Catalyst’s funding accountability requirements.
Dr. Dave – CEO/CTO – Lead Architect
Dr. Dave spent decades creating new technology to investigate cyber-crimes at a US Federal Government Agency and is an accomplished architect of high-security systems, specializing in cryptography, secure networking, and blockchain integrations. He has designed classified-grade secure systems for government and private sector clients, authored cryptographic protocols, and pioneered the Iso-CAR (Isomorphic Cryptographic Asset Repository) architecture. His work emphasizes quantum-secure, walletless, and air-gapped storage models that remove entire categories of cyberattack vectors.
Greg Favitta – Co-Founder and Chief Operations Officer, MyKey Technologies
Greg Favitta brings over 8 years of experience helping Federal and State Law Enforcement, Federal and State Regulators, Large Banks, Cryptocurrency Exchanges, and Layer 1/Layer 2 blockchains implement, expand, and operationalize Blockchain Intelligence and Cryptocurrency Anti-Money Laundering (AML) programs.
Greg has worked globally with public and private sector entities to deploy training programs, integrate investigative and compliance tooling, and deliver consulting services that strengthen crypto-related compliance and intelligence operations.
An active participant in the digital asset space since early 2016, Greg has combined regulatory expertise with practical blockchain security implementations, providing clients with secure, transparent, and regulator-friendly operational models.
Greg holds a Bachelor of Science in Molecular Biology from George Mason University, where he concentrated in genetics and marine conservation. This scientific background reinforces his methodical, data-driven approach to complex problem-solving — an approach that directly informs the design and deployment of secure blockchain infrastructure like Iso-CAR.
Our Approach to Trust and Accountability
We have structured this project with clear milestones, defined deliverables, acceptance criteria, and evidence of completion for each phase. Funding will only be drawn when measurable outcomes are delivered and verified, ensuring alignment with Catalyst’s transparency and performance standards.
Trust and accountability are built into every layer of the process:
• Open Design & Documentation – The system architecture, governance workflow integrations, and sandbox test results will be shared with the Cardano community for review and feedback.
• Tamper-Evident Development Practices – All development work will be version-controlled, with cryptographic hashes proving the integrity of code and documentation from design to deployment.
• Community Testing Access – The sandbox environment will be accessible to governance participants and technical community members for hands-on evaluation prior to any production recommendations.
• Third-Party Review – We will engage with security experts throughout the Cardano community to review the architecture, cryptography, and operational design, ensuring unbiased validation of security claims.
• Catalyst Reporting Compliance – We will meet or exceed all Catalyst requirements, including milestone evidence uploads, interim reports, a public-facing demonstration video, and a final close-out report.
Feasibility Validation Plan
Our validation strategy is designed to confirm the technical feasibility, governance compatibility, and operational resilience of the Iso-CAR prototype before recommending integration into Cardano’s treasury operations.
1. Architecture & Governance Workflow Validation
o Complete a detailed architecture document specifying Iso-CAR integration with Cardano’s treasury governance model.
o Review with technical advisors and governance representatives to ensure compatibility without disrupting existing approval processes.
2. Incremental Functional Testing
o Develop and test core components individually, including the External Key Management system, deposit/withdrawal mechanics, and access control layers.
o Use staged testing to identify and resolve issues before integrating into the full sandbox.
3. Security Layer Verification
o Implement advanced security features — such as isomorphic quantum-secure data hash packing, lattice-based cryptographic hashing, private encrypted transmission tunnels, and repository sectoring — in isolation first.
o Conduct internal penetration testing and simulated attack scenarios to confirm robustness.
4. Governance Demonstration and Feedback Loop
o Host a live demonstration of the sandbox for governance stakeholders, allowing them to perform transactions, review logging, and evaluate usability.
o Collect structured feedback to refine functionality and user experience.
5. Independent Security Audit
o Commission an external security review to evaluate architecture, code integrity, and operational processes.
o Address any findings in a documented remediation phase before final delivery.
Why We Can Deliver
We are uniquely positioned to deliver this project because we bring together:
• Technical Depth – Proven cryptographic engineering and blockchain integration skills capable of implementing walletless, quantum-secure, air-gapped custody solutions.
• Operational Experience – Hands-on experience with regulatory environments, financial institution integrations, and law enforcement blockchain intelligence operations, ensuring the solution is both secure and governance-compliant.
• Global Perspective – Our work with international entities ensures we can anticipate and address challenges in multi-jurisdictional security and compliance contexts.
• Track Record of Delivery – We have successfully delivered high-security, auditable systems in both the public and private sectors, meeting deadlines, staying within budget, and passing stringent third-party evaluations.
Alignment with the Cardano Community’s Values
The Cardano ecosystem values transparency, security, decentralization, and scientific rigor. This project directly reinforces those values by:
• Ensuring the long-term safety of treasury funds that support the ecosystem’s growth.
• Introducing a scientifically grounded, peer-review-friendly security model based on advanced cryptography and secure architecture.
• Providing transparent, testable evidence of functionality before any production deployment.
• Maintaining full compatibility with existing governance workflows, preserving community decision-making power while enhancing its security foundation.
Long-Term Impact of a Successful Delivery
A successful implementation of this project will provide the Cardano community with:
• A proven, quantum-secure, walletless, off-network custody model for high-value ADA holdings.
• A live demonstration environment that can be adapted for DAOs, Catalyst-funded projects, enterprise treasury operations, and Layer 2 bridge reserves.
• Increased community trust in treasury security, leading to stronger participation in governance and greater willingness from stakeholders to hold and stake ADA long-term.
• A competitive differentiator positioning Cardano as the most secure Layer 1 treasury in the industry — setting a benchmark other blockchains will struggle to match.
Conclusion
We have the capability, the accountability framework, and the technical and operational expertise to deliver this project to the highest standards. By combining advanced cryptography, proven secure architecture, and a transparent, milestone-driven development process, we will validate not only the feasibility of Iso-CAR but also its readiness to safeguard Cardano’s most valuable resource: its treasury.
This project is not an abstract research initiative. It is a practical, buildable, and demonstrable security enhancement that directly addresses the vulnerabilities seen across the blockchain industry — vulnerabilities that have cost other ecosystems billions. By executing this work within the Catalyst framework, we will provide the Cardano community with a working proof that the future of its treasury can be both innovative and unbreachable.
Milestone Title
Architecture & Prototype Environment Setup
Milestone Outputs
Completion of the detailed technical architecture for the key management sandbox, including governance workflow integration design. Deployment of secure prototype infrastructure, including configured servers, networking, and baseline security setup.
Acceptance Criteria
Architecture and workflow documents reviewed and approved by the Lead Architect. Sandbox infrastructure deployed and configured, passing all initial connectivity, performance, and baseline security tests without critical issues.
Evidence of Completion
Signed architecture and governance workflow documents, infrastructure configuration report, and initial security and connectivity test logs confirming the secure operational readiness of the prototype sandbox environment.
Delivery Month
1
Cost
17500
Progress
20 %
Milestone Title
Integration of Core Key Management, Transaction Mechanics, and Governance Access Controls
Milestone Outputs
Development and integration of the External Key Management System (EKM). Full implementation of digital asset deposit and withdrawal mechanics within the sandbox. Deployment of governance role-based permissions and access controls.
Acceptance Criteria
End-to-end deposit and withdrawal transactions successfully executed in the sandbox environment. Governance-defined user roles correctly enforce access restrictions. QA confirms accurate transaction processing and secure role-based permissions.
Evidence of Completion
Demonstration video showing complete deposit and withdrawal flows, QA logs verifying correct functionality for each governance role, and finalized access control policy documentation aligning with Cardano governance requirements.
Delivery Month
2
Cost
23750
Progress
30 %
Milestone Title
Implementation of Security Layers Including QS Hashing, Encrypted Transmission, Repository Sectoring
Milestone Outputs
Implementation of data packing and compression modules, isomorphic quantum-secure data hash packing, lattice-based cryptographic hashing, PIA channel-based transmission, distributed tunnel mesh, tunnel layer encryption, and repository sectoring with redundancy.
Acceptance Criteria
All advanced security components function as intended in integrated testing. End-to-end secure transaction flows verified under operational load. Internal security review finds no critical vulnerabilities. Redundancy passes failure simulations without loss.
Evidence of Completion
Comprehensive technical documentation for each security feature, signed internal security review report, and transaction logs proving that secure operations and redundancy measures perform reliably under simulated stress and attack conditions.
Delivery Month
2
Cost
35625
Progress
30 %
Milestone Title
Final Testing, Governance Demonstration, Catalyst Project Close-out Report, and Demonstration Video
Milestone Outputs
Completion of full functional and security testing. Governance demonstration of the sandbox in a live environment. Submission of the Catalyst Project Close-out Report. Delivery of a public-facing demonstration video showing sandbox capabilities.
Acceptance Criteria
All features confirmed operational by governance testers. Final testing meets design specifications. Catalyst Project Close-out requirements for report and video are fully satisfied, with content approved for public release.
Evidence of Completion
Final testing report, signed governance approval form, link to public demo video, and submission confirmation of the Catalyst Project Close-out Report documenting all deliverables, results, and compliance with acceptance criteria.
Delivery Month
1
Cost
18125
Progress
20 %
Please provide a cost breakdown of the proposed work and resources
Team:
Dr. Dave – CTO/Lead Architect
Defines system architecture, oversees cryptographic components, ensures post-quantum compliance, designs repository sectoring, and reviews all security elements.
Alex – Lead Developer/Engineer
Develops EKM, deposit/withdrawal mechanics, data packing/compression, lattice hash integration, PIA transmission layer, distributed tunnel mesh, and repository sectoring implementation.
Greg and Eugene – Project Management
Oversees timeline, coordinates tasks, handles Catalyst updates, manages testing/QA schedules, and organizes documentation and demo delivery.
Total Budget: 95,000 ADA (approx: $76,000 USD)
Total Project Duration: 6 months
Role-Based Costs:
• Dr. Dave – CTO/Lead Architect (architecture, cryptography, security design)
168 hrs × $150/hr = $25,200
• Alex – Lead Developer/Engineer (full sandbox build & integration)
240 hrs × $125/hr = $30,000
• Greg/Eugene – Project Manager (coordination, QA, reporting, documentation)
168 hrs × $100/hr = $16,800
Additional Direct Costs:
• Hardware & Infrastructure (secure laptop/server, networking gear, storage): $3,500
Budget Allocation by Percentage:
• Senior Architect (Dr. Dave): 33%
• Lead Developer/Engineer (Alex): 39%
• Project Management (Greg/Eugene): 22%
• Hardware & Infrastructure: 5%
Total Project Cost: ~$76,000 USD
How does the cost of the project represent value for the Cardano ecosystem?
Cardano’s treasury holds over 1.7 billion ADA, funding protocol development, community projects, and ecosystem growth. Current governance safeguards—multi-sig controls, on-chain escrows, and regulated custodians—are strong, but they share vulnerabilities with systems that have suffered catastrophic breaches elsewhere.
Across the industry:
These incidents share a common weakness: private keys or custody infrastructure were accessible to attackers. Cardano’s treasury keys, while well-protected, still exist in human-controlled or custodian-controlled environments that sophisticated attackers can target.
Incident: Ronin Bridge (Axie Infinity)
Year: 2022
Loss: $620M
Weakness Exploited: Multi-sig compromise – 5 of 9 validator keys obtained via phishing/social engineering
Relevance to Cardano Treasury: Cardano treasury multi-sig signers could be targeted by similar attacks
How Iso-CAR Eliminates Risk: Iso-CAR keeps private keys off-network; phishing a signer’s laptop is useless without physical access to the secured repository
Incident: Harmony Horizon Bridge
Year: 2022
Loss: $100M
Weakness Exploited: 2-of-5 multi-sig; attacker compromised two keys
Relevance to Cardano Treasury: Same as above – minimal keys needed for quorum can be compromised
How Iso-CAR Eliminates Risk: Keys in Iso-CAR cannot be exfiltrated digitally; attacker would need physical breach of secure hardware
Incident: Poly Network
Year: 2021
Loss: $610M
Weakness Exploited: Smart contract exploit in cross-chain bridge
Relevance to Cardano Treasury: While Cardano treasury uses smart contracts, vulnerabilities can still exist
How Iso-CAR Eliminates Risk: Iso-CAR separates key management from smart contracts; keys remain offline even if contract logic is exploited
Incident: Wormhole Bridge
Year: 2022
Loss: $300M
Weakness Exploited: Verification bypass in bridge contract
Relevance to Cardano Treasury: Similar smart contract attack vectors possible
How Iso-CAR Eliminates Risk: Keys never exposed to network paths; no signing without Iso-CAR-controlled process
Incident: Fortress Trust (custodian)
Year: 2023
Loss: $12–15M
Weakness Exploited: Vendor cloud system compromise allowed attacker to move funds
Relevance to Cardano Treasury: Custodian compromise could target Catalyst ADA held at Zodia
How Iso-CAR Eliminates Risk: Iso-CAR is non-custodial; no third-party infrastructure with direct signing authority
Incident: BitMart Exchange
Year: 2021
Loss: $196M
Weakness Exploited: Hot wallet private keys stolen from exchange servers
Relevance to Cardano Treasury: Hot wallet model inherently risky
How Iso-CAR Eliminates Risk: Iso-CAR does not use hot wallets; storage is air-gapped and transaction keys are ephemeral
Incident: Mt. Gox Exchange
Year: 2014
Loss: ~$450M
Weakness Exploited: Poor operational security; insider theft suspected
Relevance to Cardano Treasury: Illustrates that human-managed key stores are long-term vulnerabilities
How Iso-CAR Eliminates Risk: Chain-of-custody logging and role-based physical access in Iso-CAR deter and detect insider abuse
Incident: Mixin Network
Year: 2023
Loss: $200M
Weakness Exploited: Cloud service database compromised; keys stolen
Relevance to Cardano Treasury: Even partial centralization of key storage is an attack vector
How Iso-CAR Eliminates Risk: Iso-CAR stores nothing in cloud; all keys isolated in dedicated physical repository
Incident: Wintermute
Year: 2022
Loss: $160M
Weakness Exploited: Compromised private key for DeFi market maker wallet
Relevance to Cardano Treasury: A single compromised treasury key could empty Cardano reserves
How Iso-CAR Eliminates Risk: Hardened HD derivation ensures each deposit has a new, unlinkable key; compromise of one key has no impact on other holdings
Incident: Nomad Bridge
Year: 2022
Loss: $190M
Weakness Exploited: Flawed smart contract initialization allowed anyone to drain funds
Relevance to Cardano Treasury: On-chain logic errors can have devastating impact
How Iso-CAR Eliminates Risk: Iso-CAR enforces out-of-band signing authorization; no contract flaw can bypass offline key custody
Terms and Conditions:
Yes
Dr David Utzke is the CEO and Chief Technology Officer at MyKey Technologies. Dr Dave is a Financial and Digital Asset Economist, Distributed Ledger Architectural Engineer, AI Engineer, educator, researcher, and author with experience in financial securities, cybersecurity, cybercrimes investigation, data security, heuristic and forensic analytics, cryptography, economic game theory, Extended Reality design, AI technologies, and quantum computing. Accomplishments include being a highly decorated member of the U.S. military as well as receiving numerous prestigious awards from the U.S. Dept. of Justice for application of unique investigative and analytic methods supporting high-profile investigations, and the IRS Commissioner’s Award for his pioneering work in developing tools and providing support in DLT, Digital Assets, AI, and XR in criminal and civil investigations. Dr. Dave holds a doctorate in Financial Economics and Data Security, MBA in Forensic Accounting and International Finance, MSc in Blockchain Engineering and Digital Currency Coding, completed post-doctoral work in Digital Asset Economics as well as Smart City Design with Technology Integration at MIT, and post-doctoral work in XR design at the University of Michigan’s XR Dept with a focus on ethical use, accessibility, social implications, privacy, and user security.
Greg Favitta is the Co-Founder and Chief Operations Officer at MyKey Technologies. Over the past 8 years Greg has helped Federal and State Law Enforcement, Federal and State Regulators, Large Banks, Cryptocurrency Exchanges, and L1's/L2's implement new or augment existing Blockchain Intelligence and Cryptocurrency Anti-Money Laundering programs through traing, tooling, and consulting services. He has been an active supporter of and followed the Digital Asset space closely since early 2016. Greg holds a Bachelor of Science in Molecular Biology from George Mason University where he concentrated on genetics and marine conservation.
Alex Zlobin is a seasoned technology entrepreneur and product strategist with over 25 years of experience across finance, software development, and emerging technologies. He is the founder of ARCHITECH NYC, a software development studio that builds scalable digital platforms and AI-powered systems for startups and enterprise clients. Alex brings a unique blend of financial rigor and technical innovation, leveraging AI, automation, and blockchain to accelerate product delivery and business growth.Alex began his career in banking and finance, holding leadership roles in risk management, investment strategy, and corporate banking. He later specialized in project management, leading large operational teams and driving complex initiatives across institutional investment platforms and enterprise finance systems. His financial background continues to shape his structured, metrics-driven approach to product development and operations.He holds an MBA from NYU Stern and the London School of Economics, with a focus on innovation and strategy. In technology, Alex has led the development of AI agents, knowledge platforms, marketplaces, digital asset custody systems, and zero-knowledge voting infrastructure. He has contributed to projects across fintech, logistics, automotive, retail, and civic technology. His work includes defining technical roadmaps, managing distributed teams, and advising early-stage startups on product-market fit, fundraising, and growth strategy.
Eugene Karp is an IT executive with over 20 years experience in IT strategy, operations, systems architecture and communications technology. He has significant expertise in strategic technology transformation, particularly cloud transformations, visioning and planning, and organizational change management. Eugene has experience in developing long-term tech strategies and ensuring alignment with project goals. He has maintained ownership of technical roadmap decisions and management of entire business technology functions across a number of new systems integrations. Eugene has managed cross-functional teams of 60+ including hiring, personal development and training. He has implemented Agile tools/processes in every service area (programming, BA, design, QA, infrastructure) and enacted formal staff management processes across a number of diverse projects.