What security infrastructure does Lava use?

Lava’s infrastructure is built to reduce risk across every layer of the system. It eliminates single points of failure and is fault-tolerant, geographically resilient, operationally redundant, and meets the standards of the largest financial institutions in the world.

Every Lava release is tested, reviewed, and audited before being deployed to production. This rigorous process — combined with our redundant infrastructure — enables Lava to maintain industry-leading uptime and reliability.

There are 3 parts of Lava’s infrastructure: authentication, execution, and settlement.

Authentication is performed by the user with an email and passkey, so there is no client-side key risk. Your email secures access to your account and enables account recovery across devices, so we recommend using a strong password manager and 2FA on your email account. Users also have the option to set up a passkey for additional security.

Execution is done by Lava’s ledger and application technology. All protocol actions happen via a deterministic state machine, ensuring that transactions follow verified rules. Each transaction is validated before settlement. Lava has multiple systems in place to prevent and alert to rate-limiting, spam, DDOS, and other attacks. If any malicious activity is detected, the system can temporarily pause operations until fixed while preserving the safety of all funds.

Settlement happens only when a majority of key holders provide signatures that authorize state changes and finalize transactions. Funds on Lava are secured using custodians and cold storage via distributed key management. Keys are held across multiple geographically distributed entities to ensure that there is no single point of failure.

There are certain flows in Lava where users will interface with custodians. Lava vets all custodians to ensure they are regulated, licensed, audited, and meet the security standards of Lava.

Funds on Lava are never never lent out, traded, or otherwise rehypothecated. There are no exceptions to this rule.

Lava has been audited by independent security experts and is backed by the world’s leading fintech investors, including Khosla Ventures, Founders Fund, and Susquehanna.

Our team includes bitcoin developers who have contributed to Bitcoin Core, the Lightning Network, and DLCs, as well as helped build critical infrastructure at fintechs like Current and Affirm, and tech companies like Google and Spotify.

US-based client service is available 24/7, so you can always reach someone on our team directly.

Lava was built from day one to be the most secure platform for bitcoiners. Security is our top priority.