In the first quarter of 2025, digital asset losses across the Web3 ecosystem exceeded $2 billion. Independent analyses attributed over 80% of that figure, approximately $1.63 billion, to access control failures and weaknesses in transaction governance. Less than 20% was linked to direct smart contract vulnerabilities.
These failure patterns reveals a much broader imbalance. While engineering teams have focused on securing contract logic, attackers are increasingly targeting the operational layers that control execution: systems, workflows, and human decision points.
In the sections below, we examine these operational breakdowns and how Cantina Multisig addresses them.
Targeted Weaknesses in Execution Infrastructure
The largest breach, involving Bybit, resulted in the theft of 400,000 ETH, which accounts for nearly 65% of access control-related losses that quarter. The attack succeeded through a coordinated compromise of multisig signer workflows and surrounding infrastructure. In this case and others, attackers bypassed traditional controls by targeting execution systems rather than code, exploiting unsecured devices, weak verification protocols, and fragmented authorization processes.
In over 80% of major incidents, compromised signers operated in environments lacking basic safeguards: no mechanism for verifying authentic intent, no access segmentation, and no operational oversight to pause or reject suspicious transactions.
This exposes a persistent weakness across high-value protocols. While organizations have hardened contract logic, the infrastructure handling transaction initiation and approval remains vulnerable.
Cantina's Role in the Authorization Process
Cantina Multisig addresses this operational gap by functioning as a trusted, independent signer integrated into high-value transaction workflows.
Instead of relying solely on key signatures, Cantina validates every transaction request through direct communication with authorized client personnel via predefined channels. Signatures are issued only after positive confirmation. Any deviation, irregularity, or lack of response blocks the transaction, ensuring that compromised client keys or devices cannot trigger unauthorized execution.
To clarify how Cantina Multisig differs from conventional implementations, consider these key distinctions:
Continuous Global Coverage
Cantina maintains on-call signing and response teams across the Americas, EMEA, and APAC. We triage transaction requests and incident alerts in real time. High-severity threats trigger immediate notifications to all active security signers, while standard activity follows structured escalation policies.
This global presence enables immediate action, regardless of client or event location. Every transaction receives full-context review and independent verification before execution.
Structured Incident Response
When detecting a major threat, Cantina coordinates a structured response. We assess severity and initiate communication immediately. If needed, we establish a war room with the client and relevant security teams. Cantina actively supports mitigation by halting transaction approvals, pausing contracts, or applying white-hat intervention techniques. For recoverable incidents, we support post-incident analysis and fund tracing alongside forensics teams.
Transaction Integrity Under Pressure
Cantina Multisig operates in environments where real-time decisions carry irreversible consequences. When systems face strain or attackers act within minutes, integrity depends on operational readiness, not assumptions about signer security. Our controls are both procedural and real-time, ensuring transactions proceed only with validated intent and clear accountability.
Practical Application: Two Primary Scenarios
Our model serves two key scenarios. During active incidents, Cantina acts as a real-time security partner, assessing threats, assembling teams, and initiating mitigation. We enforce signing safeguards, pause contract execution when needed, and support containment or recovery efforts. In routine transaction governance, we serve as a signing authority, verifying each request before approval through human-in-the-loop verification with authorized client personnel.
Trusted by Security-Mature Protocols
Organizations with significant value at stake have adopted Cantina Multisig as a foundational security component. These protocols understand the risk landscape and recognize that traditional multisig setups lacking verification discipline, global coverage, and structured response create vulnerabilities that code alone cannot address. Cantina closes this gap as an integrated, always-available partner, treating transaction signing as a critical security surface.
A Standard for Secure Execution
Cantina Multisig creates a security execution layer embedding human verification, protocol-level coordination, and live incident response into transaction approval.
In an environment where signer compromise, phishing, and silent transaction manipulation cause billions in losses, Cantina enforces intent validation, structured authorization, and pre-execution intervention capability. This system actively secures high-value assets in production under live threat conditions.
Contact us today to find out more.