.jpg)
The DAO behind the largest liquid staking protocol in digital assets just completed the most rigorous institutional security assessment available for digital asset platforms.
Nearly $22 billion in ETH is staked via the Lido protocol. Institutional allocators, ETPs, exchanges, and custodians all rely on stETH as collateral, as a yield instrument, and as a core position in digital asset portfolios. The question those institutions keep asking: how do we evaluate Lido's operational and security controls with the same rigor we apply to traditional counterparties?
Web3SOC was built to answer that question.
What Web3SOC Evaluates
Web3SOC is a standardized assessment framework developed by Cantina in collaboration with leading digital asset organizations. It evaluates platforms across four domains, weighted to reflect where institutional risk concentrates:
Operational (30%) covers governance structure, team organization, risk management, change control, and custody and key management. For Lido, this meant evaluating how a decentralized governance structure manages validator operations, contributor coordination, and decision-making at a scale where a single operational failure could affect billions in staked assets.
Financial Stability (20%) covers treasury transparency, reserves, solvency, collateral resilience, and liquidity risk management. With stETH integrated as collateral on major exchanges and backing regulated financial products, Lido's financial controls carry weight far beyond the platform itself.
Security (30%) covers smart contract architecture, application and infrastructure security, monitoring, and incident response. Lido's V3 architecture, launched in January 2026, introduced stVaults, a modular system that lets institutional operators customize vaults for specific custody, compliance, and yield requirements. The Web3SOC assessment validated the security foundation underneath that modularity.
Regulatory and Compliance (20%) covers legal posture, AML/CFT readiness where applicable, disclosure standards, and enterprise commitments. As institutional products built on stETH face regulatory scrutiny in multiple jurisdictions, the compliance posture of the underlying platform matters to every downstream partner.
Institutional Diligence for stETH at Scale
stETH’s institutional footprint has expanded across regulated ETPs, custody and wallet infrastructure, exchange collateral workflows, and DeFi integrations, including use in a regulated third-party ETP listed on Xetra, SIX, and Euronext.
Each of those integrations came with a diligence process, including key questions from institutional participants around governance structure, financial resilience, security management at the infrastructure level, and legal and compliance posture.
Web3SOC standardizes the answers. Instead of institutional counterparties running bespoke diligence processes for each evaluation, there is now a single, structured, evidence-backed assessment that speaks the language compliance teams already use.
What This Means for Institutional Evaluators
If you are evaluating stETH exposure for a fund, exchange, ETP, or custody product, Lido's Web3SOC report gives you a structured, evidence-backed assessment across the four domains that matter most. The report format is consistent across all Web3SOC-assessed platforms, so you can compare Lido's controls with those of any other assessed organization using the same framework.
Request access to Lido's private Web3SOC report here or contact Lido's institutional team directly.
What This Means for Other Digital Asset Platforms
When the platform with the most at stake completes this kind of assessment, it resets the baseline for institutional readiness. Allocators, exchanges, and custodians will increasingly expect this level of structured diligence from every platform they evaluate.
Web3SOC assessments are open to any digital asset platform.