Phase 1 Open Co-Creation membership applications are now open — founding member positions are limited. Apply now →
Phase 1 — Standard Co-Creation

The Global Standard for
Institutional Wallet Security

WSTA is an open industry alliance bringing together the world's leading exchanges, custodians, and wallet infrastructure providers to co-create the Wallet Security Standard — built by practitioners, designed for regulators.

Apply for Membership Read the WSS →
Alliance at a Glance
22Confirmed Members
14Core Co-Creators
3Membership Tiers
Dec '26WSS v1.0 Target
About WSTA

Industry consensus,
not academic theory

The digital asset industry operates some of the most complex security environments in the world — yet no unified, practitioner-validated security standard exists. Existing frameworks such as CCSS, ISO 27001, and SOC 2 were not designed for modern wallet architectures: MPC, threshold signatures, account abstraction, or cross-chain operations.

WSTA was founded to close this gap. We bring together institutions that actually run wallet infrastructure at scale — and turn their operational experience into a standard that regulators can reference and the industry can implement.

"The alliance's goal is not to judge which institution is safer — but to define what responsible institutional wallet security looks like, as a global industry."
01 — MANDATE

Built by practitioners, not committees

Every WSS provision originates from the real operations of member institutions — not theoretical security models or academic frameworks.

02 — SCOPE

Covers what CCSS cannot

MPC/TSS, smart contract wallets, AI-assisted monitoring, supply chain integrity, proof of reserves — technologies CCSS v3 does not address.

03 — DESIGN

Regulatory language, operational depth

WSS maps directly to MiCA Art. 70, Dubai VARA, MAS TRM, and FATF R.15 — giving regulators a reference they can cite and practitioners can execute.

04 — PRINCIPLE

Co-creation, not certification

Phase 1 produces the standard. Membership does not imply security endorsement, audit outcome, or compliance approval of any kind.

Membership

Three tiers, clear roles

WSTA operates a structured three-tier model. Each tier carries distinct eligibility criteria, rights, and responsibilities. No membership tier constitutes a security assessment or compliance endorsement.

Tier 01 — Core
Core Co-Creation
Exchanges · Custodians · Wallet Operators

Primary authors of the WSS. Members contribute first-hand operational knowledge and hold voting rights on standard provisions.

  • Full voting rights on all WSS provisions
  • Module ownership — 1 to 2 WSS domains
  • Founding Member recognition in all publications
  • Priority access to new WSS versions
  • Co-authorship credit in WSS v1.0
Membership does not constitute any security certification or compliance endorsement.
Tier 02 — Ecosystem
Ecosystem Co-Creation
MPC · HSM · Cloud Security · Infrastructure

Technical contributors providing implementation depth — MPC protocols, HSM infrastructure, and cryptographic feasibility input.

  • WSS technical module co-authorship
  • Industry technical leadership recognition
  • GTR × WSS integration priority access
  • Professional collaboration network
  • Early access to WSS working drafts
Participation does not imply endorsement or approval of member products or services.
Tier 03 — Observer
Observer / Advisory
Audit Firms · Academia · Industry Associations

Independent reviewers providing professional expertise, academic rigour, and regulatory perspective — without voting on final provisions.

  • Observer statement co-signing in WSS
  • Academic and research collaboration
  • WAA certification eligibility (2027)
  • Independent advisory standing
  • Privileged access to WSS development
Observer status is not a regulatory, audit, or assurance approval by WSTA.
Members

22 confirmed members

Covering Asia-Pacific, Middle East, and global institutional markets — with additional members in active discussion.

Core Co-Creation (14)
Ecosystem (4)
Observer / Advisory (4)
Exchanges & Custodians — Primary WSS Co-Authors
Bybit
Gate.io
HTX
Bitget
KuCoin
MEXC
Amber Group
BitMart
HKVAX
LBank
Redotpay
Matrixport
Toobit
DTC Pay
Wallet Technology Providers — Technical Module Contributors
Cobo
Safeheron
Cregis
AWS
Fireblocks (in discussion)
Audit Firms & Academic Institutions — Independent Reviewers
SlowMist
NTU Singapore
CSA Singapore
ATSEC
CertiK (in discussion)
Hacken (in discussion)
22Total Confirmed
Asia-PacificPrimary Coverage
Middle EastSecondary Coverage
NTU · CSA SGAcademic Backing
Wallet Security Standard

WSS v1.0 —
Fifteen control domains

A unified framework synthesising CCSS v3, ISO/IEC 27001:2022, SOC 2 TSC, EU MiCA, Dubai VARA, and MAS TRM into a single operationally-grounded standard for all VASPs.

CCSS v3ISO 27001:2022 SOC 2 TSCMiCA Art.70 VARAMAS TRMFATF R.15
Implementation Tiers — All VASPs
Baseline
Applicable to all VASPs. Meets MiCA / VARA / MAS minimum regulatory requirements.
Enhanced
For institutional-grade VASPs. Reflects the operational standards of WSTA founding members.
A.5.1
Key Generation & Storage
HSM/MPC generation, entropy, multi-party custody
A.5.2
Wallet Architecture & Access Control
Tiered architecture, RBAC, JIT access, MFA
A.5.3
MPC / TSS / Multi-Signature Management
Quorum thresholds, signer independence, audits
A.5.4
Hot, Warm & Cold Wallet Segregation
Balance thresholds, four-eyes transfers, physical controls
A.5.5
Transaction Authorisation & Approval
Risk-tiered workflows, AML/KYT, kill-switch
A.5.6
Key Rotation & Lifecycle Management
Rotation schedules, orchestration, secure destruction
A.5.7
Business Continuity & Disaster Recovery
RTO/RPO targets, geo-redundant backup, tested recovery
A.5.8
Security Monitoring & Incident Response
24/7 SIEM/UEBA, IR playbooks, regulator notification SLAs
A.5.9
Third-Party & Vendor Security
MPC due diligence, SBOM, exit strategies
A.5.10
Audit, Logging & Compliance Evidence
WORM storage, 5-year retention, inspection readiness
A.5.11
Smart Contract Wallet Security
ERC-4337, pre-deployment audit, upgrade governance
A.5.12
AI-Assisted Threat Detection
Model governance, human-in-the-loop, explainability
A.5.13
Supply Chain Security
SDK integrity, SBOM, dependency monitoring, firmware
A.5.14
Insider Threat Programme
Background checks, behavioural monitoring, access revocation
A.5.15
Proof of Reserves & Asset Attestation
Cryptographic PoR, zk-proofs, regulatory attestation
Governance Documents

Alliance Legal Framework

WSTA operates under a formal three-document legal framework governing member admission, membership terms, and alliance governance. All documents are subject to ongoing legal review prior to public release.

WSTA-ADM-001
Co-Creation Member
Admission Procedure

Defines the six-stage admission process, membership tier eligibility, required documentation, and public disclosure framework for all WSTA members.

Version v1.0
Phase Phase 1
Status ⏳ UNDER LEGAL REVIEW
WSTA-MBR-001
Alliance Membership
Agreement & Terms

Binding membership terms covering duration, renewal, fees, intellectual property, confidentiality, brand usage, suspension, termination, and dispute resolution.

Version v1.0
Governing Law Singapore
Status ⏳ UNDER LEGAL REVIEW
WSTA-GOV-001
Alliance
Governance Charter

Foundational governance document establishing committee composition, voting mechanisms, working group operations, financial governance, and amendment procedures.

Version v1.0
Articles 15 Articles
Status ⏳ UNDER LEGAL REVIEW
WSS-STD-001
Wallet Security Standard v1.0 Draft — Currently in co-creation. Public draft will be released upon WSS v1.0 finalisation in December 2026.
IN CO-CREATION
Roadmap

From co-creation to protocol

A structured two-year path from founding the alliance to publishing WSS v1.0 and establishing global industry adoption.

Sep 2025
–Jan 2026

Initiation

Alliance intent formed among founding institutions. WSS initial draft completed. Governance framework defined.

Completed
Jan 2026
–Apr 2026

Build Phase

22 founding members confirmed. GitHub repository established. Legal framework (NDA, MOU, Charter) finalised.

Completed
Apr 2026
–May 2026

Official Launch

NDA/MOU execution. Alliance formally constituted. Website live. Coordinated press release across member organisations.

In Progress
May 2026
–Sep 2026

Co-Creation Phase 1

Monthly working group sessions. Module ownership assignments. WSS domain drafts developed through structured member contributions.

Upcoming
Oct 2026
–Dec 2026

Finalisation & Publication

Full standard integration. Observer statements incorporated. WSS v1.0 officially published.

Upcoming
2027

Protocol Adoption & Phase 2

WSS adopted as industry protocol. WAA audit authorisation programme launched. Regulatory recognition outreach to VARA, SFC/HKMA, and MAS.

Future

Join the co-creation of the global wallet security standard

Applications are open for Phase 1 founding membership. Positions are limited and require an internal recommendation or direct alliance invitation. Membership is a substantive commitment — not a symbolic affiliation.

Apply for Membership General Enquiries
!

Important Notice: WSTA Phase 1 membership does not constitute, and shall not be represented as, any form of security certification, compliance endorsement, audit outcome, or Trust Mark award. All members are required to acknowledge this in writing before admission is confirmed. See the Admission Procedure (WSTA-ADM-001) for full terms.