Time as a Security Primitive
In February 2025, adversaries compromised the Gnosis Safe AWS infrastructure, leading to ByBit's $1.4 billion loss. It was the largest theft in cryptocurrency history. It settled instantly.
This wasn't an isolated incident. It's a symptom of a structural flaw in security models: the absence of time.
Speed Is the Feature. It's Also the Vulnerability.
Crypto transactions are atomic. They settle instantly, without intermediaries, across borders, at any hour. On the happy path, a routine transfer, a DeFi position adjustment, a payment to a known counterparty, this speed is a blessing. No bank holidays. No wire delays. No fussing around with phone calls.
On the sad path, this same property becomes the vulnerability. You signed a malicious transaction. Someone compromised your keys. The result is the same: funds move irreversibly, and there is no undo button. No compliance department to call. No fraud team to reverse the charge. The transaction is final before you've had time to realize something went wrong.
Every other mature financial system has internalized the value of delay. Credit card transactions have chargeback periods. Bank accounts can freeze if they detect risks. Real estate closings have escrow. These are deliberate friction points that exist because the humans using them are fallible, and because speed without safeguards can become a liability.
Crypto skipped this step entirely. The industry built the fastest, most efficient value transfer system in history, and forgot to build a pause button.
The Threat Taxonomy: One Root Cause
Look at the major categories of crypto loss and you'll find the same structural failure underlying all of them: irreversibility without reflection.
Phishing and blind signing. An adversary spoofs a trusted interface or crafts a transaction that looks routine but isn't. The user signs. The funds are gone. In 2025, phishing attacks targeting crypto users increased 40%, primarily through fake exchange interfaces. CertiK recorded $395 million in phishing losses in Q2 2025 alone. In every case, a delay between signing and execution would have created a window to detect the fraud.
Address poisoning and fat-finger errors. A user copies the wrong address from a poisoned transaction history or from a simple mistake and sends funds to the wrong destination. These losses are entirely preventable with a review window. But because execution is instant, the error becomes permanent before the user has closed their wallet app.
Private key compromise. An adversary gains access to a wallet's signing keys through malware, social engineering, or compromised infrastructure. Once they have the keys, they drain the wallet. Key compromises accounted for $1.7 billion in losses in the first half of 2025, the single largest attack vector. A timelock wouldn't prevent the key compromise itself, but it would prevent the adversary from silently extracting funds. Every outbound transaction would be visible and cancellable during the delay window.
Physical coercion. The $5 wrench attack is no longer a thought experiment. In 2025, CertiK documented 72 physical attacks on crypto holders: kidnappings, home invasions, torture. Reported incidents rose from 8 globally in 2022 to over 40 by mid-2025, with the true number estimated at 3-5x higher. These attacks work because crypto has no friction. An adversary can force a victim to sign a transaction and watch it settle in real time. A mandatory delay changes the calculus entirely. If a transaction can be canceled within 24 hours, the adversary can't confirm they'll receive the funds before law enforcement has time to respond. More time means more risk for attackers.
The common thread isn't a lack of encryption or key management. It's a lack of time. Every one of these threat vectors exploits the gap between signing and settlement. A gap that, in crypto, is effectively zero.
Timelocks: The Simplest Fix to the Hardest Problem
A timelock is a smart contract mechanism that inserts a mandatory delay between when a transaction is signed and when it executes. During this window, the transaction is visible on-chain and can be reviewed, verified, or canceled by the signer or a designated guardian.
The concept is straightforward: instead of "sign and settle," the model becomes "sign, wait, then settle. Unless someone objects." This inverts the default security posture from execute unless stopped to execute only if unchallenged.
This is not a new idea. It's a proven one that the crypto industry has inexplicably failed to apply where it matters most.
The Governance Precedent
Timelocks already secure hundreds of billions of dollars in DeFi. Just not in personal custody infrastructure.
Compound, one of the foundational lending protocols in DeFi, routes every governance action through a timelock contract with a mandatory 48-hour delay. Any proposal to change protocol parameters, add new markets, or modify risk settings must pass through this waiting period before execution. During that window, the community can review the change, flag issues, or exit the protocol if they disagree.
Aave uses the same architecture. Governance proposals pass through a timelock with a minimum 24-hour delay for standard changes and longer delays for critical upgrades. Uniswap, MakerDAO, and virtually every major DeFi protocol follows this pattern.
The logic is uncontroversial at the protocol level: no single transaction should be able to alter a system managing billions of dollars without giving stakeholders time to respond. The timelock provides that time. It's the difference between a governance system that can be flash-loan attacked and one that can't.
And yet: the same industry that considers a 48-hour delay non-negotiable for changing an interest rate parameter considers zero delay perfectly acceptable for moving a person's entire net worth.
Why Existing Defenses Don't Solve This
The standard response to crypto security concerns is some combination of hardware wallets, multisignature setups, and social recovery. These are all valuable tools, but none of them address the core problem.
Hardware wallets defend key material. They ensure that private keys never leave a secure device, which defends against remote key extraction. But they don't defend against signing a malicious transaction, falling for a phishing attack, or being physically coerced. Once the hardware wallet signs, execution is still instant.
Multisignature wallets distribute signing authority across multiple parties. This means an adversary needs to compromise multiple keys rather than one. But multisigs add coordination cost without adding time. If all required signers approve a transaction, whether willingly or under duress, it still executes immediately. A multisig doesn't help when the problem is that a bad transaction was authorized, not that authorization was too easy.
Social recovery helps you regain access to a wallet when keys are lost. It solves the "I forgot my seed phrase" problem, not the "I signed something I shouldn't have" problem. It operates after the fact of key loss, not before the fact of a bad transaction.
None of these tools insert the one thing that would have prevented the majority of losses: a window of time between intent and execution.
What Kleidi Builds
Kleidi applies timelock security to personal cryptocurrency custody. Every outbound transaction passes through a mandatory delay window, typically 24 hours, during which it can be reviewed and canceled by the owner or a designated guardian.
This means that if your keys are compromised, you have 24 hours to notice and cancel. If you sign a phishing transaction, you have 24 hours to realize it. If someone physically coerces you into making a transfer, the transaction won't settle before law enforcement can respond.
The same principle applies to how the system is built. Every contract gets time between review passes, because the bugs you catch are never the ones you're looking at. They're the ones you see when you come back with fresh eyes. Nothing ships under pressure. When you're trusting a system with your net worth, the team building it should be at least as careful with their code as they're asking you to be with your money.
Kleidi doesn't replace hardware wallets, multisigs, or any other security tool in your stack. It adds the one layer they're all missing: time.
The Asymmetry
The crypto industry has spent over a decade building infrastructure for speed. Faster confirmations. Lower latency. Instant settlement. The result is extraordinary. A global financial system that operates 24/7 with no intermediaries and no borders.
But the losses tell a different story. Over $2.7 billion was stolen in 2025. Physical attacks on holders doubled. Personal wallet compromises now account for nearly a quarter of all theft. The systems are fast, but the users are human, and humans need time to think, review, and respond.
The fix isn't to slow down everything. It's to add a pause where the stakes are highest: the moment between deciding to move your money and that money actually moving. That pause is the difference between a mistake you can fix and one you can't.
If you're holding significant assets in self-custody and want to understand how timelocks fit into your security model, we'd like to hear from you. Contact us.