# Aegis Security Model

**Published by:** [Aegis.im](https://paragraph.com/@aegis-im-2/)
**Published on:** 2026-04-15
**URL:** https://paragraph.com/@aegis-im-2/aegis-security-model

## Content

DeFi has lost hundreds of millions to exploits in 2026. The pattern is consistent enough that it stops looking like bad luck. Every protocol should be able to answer what happens when something goes wrong. Recent exploits share a common failure mode. Protocols rely on offchain infrastructure to authorize critical operations, creating a single point of failure. When that infrastructure is compromised, the contracts execute exactly as written, including instructions that damage users. The gap between when an exploit begins and when it is contained is where losses accumulate. In several recent incidents, that gap was measured in hours.Mint Security: No Uncollateralized PathThe mint contract enforces collateral requirements before any new supply is created. Only onchain whitelisted addresses that have passed KYC/KYB are permitted to mint YUSD/ jUSD. Once a mint request is submitted, collateral verification runs in 2 steps: first offchain, then onchain using oracle pricing to confirm both the amount and current value of the collateral. New YUSD/ jUSD is only created after both checks pass. When collateral in USDT or USDC is deposited to mint YUSD, it is transferred to institutional custodians first, then converted to BTC. There is no function in the contract that allows supply to be created without a corresponding collateral deposit. When USDC is deposited to mint jUSD, it is used to acquire JLP, which becomes the primary collateral backing jUSD. Hedging positions are opened against the underlying JLP composition to neutralize price exposure. There is no single point in the protocol that provides unlimited opportunity to drain assets at once.Custody: Collateral Never Sits on an ExchangeAegis does not store user funds on exchanges. All assets are held with institutional custodians, Copper and Fireblocks, and hedging operations are executed through off-exchange settlement. When a position needs to be managed, assets are temporarily allocated for execution and returned to custodian vaults post-trade. Collateral is never transferred directly onto a centralized exchange. If an exchange were to become insolvent, face a security breach or go offline, the underlying collateral remains in custody and is unaffected. Both custodians are audited to institutional custody standards.Operational Security: Multisig With Hardware ControlsAll operational actions are controlled by a 3-of-5 multisig. Signers are core team members, with a maximum of 2 in the same physical location. All signers use hardware wallets and follow an internal signing procedure with strict restrictions on where signing requests can be sent or opened. An automated monitoring process tracks significant events, including large mints and unexpected transfers.Response and ContainmentProtocol monitoring runs continuously across collateral balances, mint activity and hedge positions. When an anomaly is detected, the response is coordinated through the full multisig threshold. Mint and redemption activity can be paused independently. In a scenario requiring immediate action, new supply creation can be frozen while redemptions remain open, preserving users' ability to exit.The Insurance FundThe insurance fund absorbs losses that arise from negative funding rate periods, execution slippage and temporary rebalancing inefficiencies. It operates as a reserve between strategy performance and user positions, ensuring that short-term market conditions do not affect protocol stability. Its balance and usage are tracked in real time on the Accountable dashboard.Additional Cover Through Nexus MutualUsers can purchase cover for YUSD positions through Nexus Mutual. This provides additional protection on top of the existing insurance fund and delta-neutral hedging positions. Single Protocol Cover protects against smart contract exploits, oracle failure, oracle manipulation, liquidation failure and governance takeovers. Cover is valid across all EVM-compatible chains where YUSD is deployed. Insure your YUSD at Nexus Mutual.Transparency: Verifiable in Real TimeProof of reserves is published continuously through the Accountable dashboard at aegis.accountable.capital. Collateral balances, hedge positions, market neutrality and solvency ratios are independently verifiable at any time, with data sourced directly from custodians and exchanges through cryptographic verification. When collateral cannot be independently verified, uncertainty spreads fast. Several 2026 incidents accelerated from exploit to depeg within hours precisely because users had no way to assess protocol solvency in real time.What Audits Do Not CoverAudits verify that contracts execute as written. They do not cover compromised keys, manipulated offchain inputs or operational failures that feed valid instructions to correct contracts. When an operational component is compromised in the Aegis protocol, the scope of potential damage is bounded because collateral is held in custody by Copper and Fireblocks, new supply requires verified collateral deposits confirmed by oracle pricing, and all operational actions require 3-of-5 multisig consensus from geographically distributed signers using hardware wallets. That is the architecture. The PoR dashboard is where you verify it. Website: aegis.im App: app.aegis.im Proof of Reserves: aegis.accountable.capital X: x.com/aegis_im

## Publication Information

- [Aegis.im](https://paragraph.com/@aegis-im-2/): Publication homepage
- [All Posts](https://paragraph.com/@aegis-im-2/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@aegis-im-2): Subscribe to updates
- [Twitter](https://twitter.com/aegis_im): Follow on Twitter