Key Results
- Tholos Launched 18-24 months faster compared to building the MPC in-house
- Launched the first fully self-custodial MPC wallet for institutions
- Earned significant industry recognition with CCSS Certification
About Tholos
Tholos provides a fully self-custodial wallet for organizations that want to manage their digital assets without needing to trust centralized custodians. Offering an easy-to-use, Web3 native experience, Tholos serves funds, DAOs, institutions, and family offices.
Customers include Reverie, a VC fund investing in generational companies and protocols, and Reidar DAO, an investment DAO for community-based Web3 investing.
“We were going to build out our MPC implementation in-house but needed to hire expert applied cryptographers who are extremely hard to find. We looked at several products and open-source implementations, but it was only with Sodot that we found the combination of product excellence and team expertise we felt we could trust. This allowed us to save significant time and money, as well as focus on building the rest of our solution.” - Abraham Litwin-Logan, CEO at Tholos
Customer Challenge
Tholos recognized the markets’ need for small and medium organizations to self-custody digital assets. To do so they needed to provide their customers with MPC enabled wallets. This would offer the following key capabilities and benefits:
- Institutional-grade security for Tholos customers
- Vaults with signing thresholds, enhancing both security and usability
- Multichain support (including EVM blockchains, Solana, and soon Bitcoin)
- Native interactions with dApps (compared to multi-sig)
Understanding the advantages of MPC, Tholos understood the challenges of building MPC in-house. Recruiting, hiring, and integrating cryptographers into their development team would take a lot of time and effort. There are few cryptographers with expertise in MPC, so salaries can reach up to $400k per year. Tholos estimated it would take 1-2 cryptographers and 18 to 24 months to build their MPC libraries, including audits.
Tholos was concerned about licensing for future versions of any open-source code might change. Also, leveraging open-source code often means limited documentation and late patching that will be opaque, and could include breaking security updates. This would create opportunities for attackers while waiting for vulnerabilities to be patched.
To reduce time to market, Tholos looked at several MPC providers. They quickly found that most of the MPC solutions didn’t meet their needs. With some, it was mandatory for the provider to hold at least one of the secret shares, which Tholos felt compromised their ability to control the product’s design as well as ensure their customers' data privacy.
Tholos also looked at using smart contracts. Their concern was needing to create smart contracts for each chain, which then creates multiple attack surfaces for malicious actors. Using a blockchain-agnostic architecture with only one attack surface to defend, reaffirmed the need for Tholos to go with MPC.
With others, the product wasn’t robust enough, at times contained bugs, and generally was not in line with the high quality of experience they wanted to provide to customers. It also became clear that Tholos would still need cryptography expertise to implement these MPC solutions.
Building with Sodot MPC Infrastructure
Tholos started working with the Sodot team, which was building a highly performant and self-hosted MPC infrastructure. This infrastructure was purpose-built for companies to easily integrate market-leading, institutional-grade MPC into their products with just a few lines of code while maintaining full control.
Designed to run seamlessly for development teams, the integration of the Sodot MPC SDK moved very quickly for Tholos.
“It only took two weeks to integrate and was very straightforward to use,” says Litwin-Logan. “The SDK works smoothly and is ultra-fast. Another benefit is Sodot’s team, which is super helpful and extremely knowledgeable not only in cryptography but also in security.”
Using Sodot MPC infrastructure meant Tholos could focus on building and managing its core business and accelerate its go-to-market. The SDK simplified its cryptographic operations, so Tholos could build a superior wallet offering with high levels of security and performance for their own customers’ digital asset operations.
Outcome
Tholos estimates using the Sodot MPC SDK cut development time by 18 to 24 months. They also realized savings of at least $1M annually by not having to hire a team of cryptographers and developers to continuously maintain their MPC and support regular audits.
Tholos also saw success in developing and launching its self-custody service. During their six-month beta, more than two dozen organizations piloted the Tholos platform. At launch in March of 2024, Tholos announced their CCSS Tier 3 certification. Tholos is the 3rd provider to achieve what is the highest certification level and signifies adherence to the most stringent security practices in the industry.
The audit of Sodot’s MPC infrastructure by NCC Group contributed to the successful certification process. Lastly, the Sodot cryptography team's expertise in MPC, alongside robust technology, was cited as beneficial for Tholos in obtaining insurance coverage for its digital asset custody service.