A Zen Atlas Group product

Programmable
custody.

zenvault is the wallet engine for crypto products. Issue vault accounts, allocate per-asset addresses, sign transfers, gate every one of them through a policy you wrote, and read an audit log that doesn't lie.

Request access See the platform

6primitives

8lifecycle states

∞chains via canonical map

Vault · acc_7a2b1c3ehot · primary

live

Total balance

$1,848,818

+8.4%·30d

Mix6 assets6 chains

ETHEthereum

84.421

$308,372.80

USDTEthereum

412,000.00

$412,000.00

USDCBase

180,500.00

$180,500.00

BTCBitcoin

9.8421

$642,950.10

SOLSolana

1,240.0

$208,320.00

TRXTron

812,400

$96,675.60

Recenttxr_91a2b3c4+15,000.00 USDT

2m ago

Policy · liveapprove

Signature verifiedok
Ref matches transferwks_a3c4
Destination allowlistedext_wlt_4f8a
Under USD cap5k / 10k

What zenvault is

Six primitives. The whole API is verbs on them.

zenvault has a small surface on purpose. If a concept isn't in this list, it isn't in the API.

Vaults

Multi-asset accounts.

Create vault accounts, allocate per-asset deposit addresses, query balances. The same account holds ETH on Ethereum, USDC on Base, BTC on Bitcoin — addressed by one id.

Transfers

Internal, external, contract.

Vault to vault, to an allowlisted external wallet, to a one-time address, contract call, ERC-20 approve. All four use the same idempotent state machine.

Policy

A check before every signature.

Match the request against your transfer record. Verify the destination is allowlisted for the asset. Enforce a USD cap. Every decision is replayable.

Audit

Every mutation, every decision.

Actor, target, before, after, IP, user agent. Security-sensitive writes commit alongside their audit row in the same transaction.

Webhooks

State changes you can verify.

Every transfer transition emits a signed delivery. HMAC over (timestamp.body). Retried with capped exponential backoff and jitter for roughly three days.

Workspaces

Tenancy, scoped keys, rate limits.

One workspace per product, per environment. API keys are workspace-scoped and carry explicit scopes per resource. Rate budgets are per workspace, not pooled.

Transfer lifecycle

A guarded state machine. Every step recorded.

Every transfer moves through the same six states. Transitions are compare-and-swap; concurrent writers can't move a terminal transfer backwards. The policy check is in front of signing, so a rejected callback never reaches the chain.

Reconciliation polls non-terminal transfers every thirty seconds. Webhook deliveries and the reconciler converge on the same final answer — no drift, no orphans.

Transfer · txr_91a2b3c4broadcasting

created
POST /v1/transfers/external · idem-key f93b…
wks_a3c4 · src acc_7a2b · USDT · 5,000.00
11:42:08
policy
4 of 4 checks passed
sig ok · ref match · dest allowlisted · under cap
11:42:08
signing
handed to signer · external-tx-id stamped
customer-ref wks_a3c4:f93b…
11:42:09
broadcastinglive
tx accepted into mempool
0x6f4a…b21c · nonce 14 · gas 21.4 gwei
11:42:14
confirming
awaiting block inclusion
—
—
completed
block 19,420,118 · 12 confirmations
webhook delivered to your endpoint
—

Network · Ethereum

Block19,420,118

Gas21.4 gwei

Conf.1 / 12

Audit · last 24 hoursappend-only · 2,481 events

Volume by category

transferspolicyadminsecurity

11:42:14
transfer.broadcastingtxr_91a2b3c4
before: signing·after: broadcasting
system
system
11:42:08
cosigner.approvetxr_91a2b3c4
before: —·after: 4 of 4 policy checks passed
system
system
11:42:08
transfer.externaltxr_91a2b3c4
before: —·after: USDT_ETHEREUM · 5,000.00 · ext_wlt_4f8a
workspace:wks_a3c4
workspace:wks_a3c4
11:30:51
auth.refresh.reuse-detectedadmin_e8c2
before: session active·after: family revoked · 4 burned
system
system
11:14:22
external-wallet.createext_wlt_4f8a
before: —·after: ETH · 0x6f4a…b21c · allowlisted
admin:cedric@zenx.io
admin:cedric@zenx.io
10:58:07
api-credential.issuewks_a3c4
before: —·after: scopes: transfers:write, accounts:read
admin:cedric@zenx.io
admin:cedric@zenx.io
10:42:33
cosigner.rejecttxr_4a1c89e2
before: —·after: destination mismatch · expected 0x6f4a…
system
system

Audit

The system of record your auditors will actually read.

Every mutation records actor, target, before and after state, IP, and user agent. Security-sensitive writes commit alongside their audit row in the same database transaction — so the operation either succeeds together or rolls back together.

Replays of an already-decided cosigner callback return the prior answer verbatim. A reused refresh token doesn't just fail — it revokes its entire session family and logs the event.

Read the full security posture

Built for

Teams shipping crypto products at company scale.

Payment platforms

Issue wallets per merchant, collect on-chain, batch outbound payouts behind a policy gate.

OTC desks

Counterparty allowlists, trade-ticket-shaped policy, separation of duties between traders and approvers.

Exchanges

Hot/warm/cold topology by account purpose, internal transfers between vaults, settlement to user addresses.

Treasury teams

Workspace per product line. Credentials never cross. Aggregated views for finance and compliance.

See each use case in depth

Request access

Ready when you are.

We're working with a small cohort of teams in the run-up to general availability. Tell us about your product and we'll get you a workspace.

Request access Read the API

Programmablecustody.