One place for every control
you can't afford to miss

IntegrateDefendCertifyMonitor
darc · The Continuous OpSec Platform & Standard for Digital Assets
Integrate your systems
GitHub···
AWS···
Vercel···
Safe···
0x3f9…a1c2treasury safe4/7 signersadded
0x9b2…77deops safe3/5 signersadded
Checking GitHub defenses
12 repos · live
0%
28 of 28 checks passed
SD-1.01Branch protection on production branches· running
SD-1.02Signed commits required· running
SD-1.03Automated secret scanning· running
AC-1.01MFA on all accounts· running
DARC-2 CERTIFIED
+ SEAL certification
cert 0042 · share it with anyone
Connect your infra. AWS, GitHub, Google Workspace and beyond. DARC sees where you stand.
darc · The Continuous OpSec Platform & Standard for Digital Assets
Integrate your systems
GitHub12 repos
AWS3 accounts
Vercel6 projects
Safe2 multisigs
Checking GitHub defenses
28 of 28 checks passed
SD-1.01Branch protection on production branches12/12 repos✓ pass
SD-1.02Signed commits required12/12 repos✓ pass
SD-1.03Automated secret scanning12/12 repos✓ pass
AC-1.01MFA on all accounts18/18 members✓ pass
DARC-2 CERTIFIED
+ SEAL certification
cert 0042 · share it with anyone
Overall completion
92%
224 of 244 controls
DARC-2 · Activeaudit-readywatching 6 surfaces · live
224Passed4N/A3Failed5Review8Pending
Monitored surfaceslast check · just now
Frontend & DNS
4 domains
resolve to your servers
Dependencies
142 packages
pins unchanged
Multisig signers
4/7 · 3/5
signer set unchanged
Cloud infra
AWS 3 · GCP
configs steady
Source code
12 repos
branch protection on
On-chain
2 treasuries
outflows normal
By domainDARC-2
  • GV8/8
  • KM7/8
  • MS6/8
  • AC14/15
  • SD7/7
  • SC5/7
4 integrations
Connect your infra. AWS, GitHub, Google Workspace and beyond. DARC sees where you stand.Your posture is tested against hundreds of controls. Every gap, exposed.Fix your findings, build your defenses, get certified. Proof your partners can verify.Then DARC keeps watching. A live dashboard, continuously monitoring. If anything drifts, you get notified.
The Threat

Your code gets audited.
Your operations don't.

OpSec failures cost 6× more than code exploits: $4.8B+ stolen since 2024 through key compromise, social engineering, and insider access.

Real incidents below, mapped to the DARC controls that would have stopped them.

Bybit

$1.43B
Ethereum · Feb 2025

A fake signing screen got signers to approve a hidden transaction.

Preventable withMS-1.07Signers verify calldata

Signers verify the real transaction on clear-signing hardware, so a swapped screen is caught.

Zerion

$100K
Multi-chain · Apr 2026

A fake meeting compromised a staff device and exposed internal hot-wallet keys.

Preventable withGV-1.08Social-engineering training

Training on the fake-meeting vector plus segregated keys and a rehearsed compromise protocol kept the damage capped.

KelpDAO / LayerZero

$292M
Cross-chain · Apr 2026

Poisoned infrastructure behind the bridge's single verifier approved a fake message.

Preventable withSY-1.06Cross-chain risk check

A cross-chain risk check flags a single-verifier bridge before you adopt it.

Drift

$285M
Solana · Apr 2026

A long social-engineering con got council members to pre-sign an admin handover.

Preventable withMS-1.07Signers verify calldata

Signers verify what a transaction really does, so a disguised handover is refused.

Ronin

$624M
Ethereum · Mar 2022

One company controlled a 5-of-9 validator set, reached via a fake job offer.

Preventable withMS-1.08No single-entity threshold

No single entity can meet the threshold, so one breach can't move funds.

Curve

$570K
Ethereum · Aug 2022

The registrar's nameserver was compromised, hijacking DNS to a cloned frontend that inserted a malicious approval.

Preventable withFD-1.02MFA on registrar and DNS

MFA on registrar and DNS blocks the common account takeover and the domain stays a monitored asset, though a breach inside the registrar sits beyond any customer's control.

The DARC Standard & Platform

The standard sets the bar.
The platform keeps you above it.

DARC connects to your infrastructure and keeps you measured against a battle-tested operational security baseline, continuously. The platform does the work: it tracks your controls, flags drift the moment it happens, and pushes new protections as threats evolve. The standard underneath it sets the bar; the platform makes sure you stay above it.

Continuous monitoring

DARC is not a one-time check. Through the platform, your code repository, cloud infra, DNS, multisig wallets, and more, are monitored every day. Continuous by default, wherever possible.

Always-current controls

When the threat landscape shifts, controls are added or updated for every subscriber. We see incidents across the industry firsthand. That intelligence becomes a control update before most teams have even heard of the attack.

Team Portal

The weakest link is deep in the team.

Every DARC plan includes a team portal. Security travels down to every team member, with their own controls and scope-specific training.

›_

Onboarding a new employee? Get them to your security baseline from day one, controls assigned, training queued, contracts ready to sign.

01

Personal control view

Each team member sees their own controls and exactly what's expected of them. No more buried, stagnant security policies that nobody reads.

02

Trainings

Modules on the most common crypto-native attack vectors, recruiting scams, wallet drainers, clipboard swaps, fake meeting links.

03

Contracts

Ready-to-sign templates drafted to satisfy DARC controls, NDAs, security policies, acceptable use, and key holder agreements.

Forged in Practice

Built with SEAL

The Security Alliance

01

Practitioner-built

Every control in the DARC framework was written and reviewed by Wonderland and SEAL practitioners with hands-on incident experience.

02

Battle-tested

SEAL is one of the leading security organizations in digital assets. Their emergency response team has protected billions in on-chain assets across the industry's largest incidents.

03

Certification included

DARC Pro and Enterprise also grant your team the SEAL certification. Two certifications, one process.

The DARC Standard

Every breach starts in one of these 12 places.

Each domain below is a way digital-asset teams actually get compromised, and the controls that close it. The platform measures you against all of them, continuously. The full catalog is open and public.

Platform Plans

Pick Your Level of Coverage

Includes DARC-1 certificate
DARC Core
$1,000 / mo
$12,000 billed annually, save $3,000
  • DARC-1 certification
  • 85-control framework
  • 20 user seats
  • Team portal with role-based views
  • Real-time control monitoring
Most popular
Includes DARC-2 certificate
DARC Pro
$2,000 / mo
$24,000 billed annually, save $6,000
Everything in DARC Core, plus:
  • DARC-2 certification
  • SEAL certification included
  • 244-control framework
  • 50 user seats
Includes DARC-2 certificate
DARC Enterprise
Custom
Contact us for a tailored quote
Everything in DARC Pro, plus:
  • Unlimited seats
  • Full dependency mapping
  • Custom controls for your stack
  • Custom dependency monitoring
  • Priority response
Coming Soon
After DARC: Continuous Adversarial Testing

A continuous adversarial testing service combining AI and human red teams. We simulate real-world attacks against your organization on an ongoing basis to identify weaknesses before threat actors do. Available as an add-on to any DARC plan.

They're already looking.
What will they find?

Every incident on this page was preventable. See where your team stands before someone else checks.