Privy manages key reconstitution for 120M wallets, exposing risks

1 hour ago 15

Privy secures over 120 million wallets for more than 2,000 developer teams, processing a monthly volume exceeding $9 billion. The architecture behind them relies on two complementary technologies: AWS Nitro Enclaves, a form of trusted execution environment (TEE), and Shamir’s Secret Sharing (SSS), a cryptographic method for splitting a private key into fragments held by separate parties.

How the system actually works

Privy uses Shamir’s Secret Sharing to ensure no single entity ever holds a complete private key during normal operations. The fragments are distributed, and only when a user needs to sign a transaction do those shards come together, briefly, inside a secure enclave.

That enclave is the AWS Nitro system: an isolated computing environment designed to be completely sealed off from the rest of the cloud infrastructure, including Amazon itself.

The problem is that the reconstitution step, where the key shards are briefly assembled for signing, creates a window. A technique called Prime+Probe allows an attacker sharing the same physical machine to infer what computations are happening inside a supposedly isolated environment by monitoring patterns in the processor cache. AWS Nitro is specifically engineered to prevent this class of attack through strict isolation, but recent academic research has probed the limits of that isolation in cloud environments broadly. No confirmed end-to-end attack against Privy’s specific implementation has been publicly documented.

The audit flag that matters

A 2023 security audit flagged potential vulnerabilities in Privy’s Shamir’s Secret Sharing library related to exactly this threat model. The Cure53 audit identified weaknesses that could, under certain conditions, expose the system to cache side-channel exploitation. Privy subsequently added security features, including Blockaid transaction scanning integration as of March 2025.

Privy’s approach, TEE plus SSS, requires full key reconstruction at the moment of signing. A different class of solutions, called multi-party computation (MPC), is designed so the key is never fully assembled anywhere, at any time. Signing happens through a distributed mathematical process where each party contributes a fragment of the computation without ever seeing the complete key, eliminating the reconstitution window entirely.

What this means for Stripe and the broader market

Stripe’s acquisition of Privy in June 2025 was widely read as a signal that traditional fintech is serious about crypto infrastructure. The customer base that Privy serves through Stripe-integrated products includes everyday consumers who may have minimal understanding of what a private key even is.

Privy is not alone in using TEE-based approaches. Many competing wallet providers rely on similar architectures. If the cache side-channel threat matures from theoretical to practical, the exposure is industry-wide, not company-specific.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

Read Entire Article