TOOKEY - asset and access management protocol that intends to transform the enterprise private key management paradigm across Web3.

Cybersecurity is at the forefront of many Web3 CEOs' minds as the necessity to secure their businesses grows, investors' and users' assets.

We building TOOKEY - asset and access management protocol that intends to transform the enterprise private key management paradigm across Web, DeFi and Collectibles (NFT) platforms.

The problem scope is massive

More than $500 million was stolen from only 4 protocols in December 2021 due to a compromised secret key issue. Cross-chain bridges remain a major target for hackers, with 3 bridges breached this month (October 2022) and nearly $600 million stolen.



GnosisSafe and other multisig solutions increase complexity and execution costs while still lacking corporate asset management features.

Current private key administration experience is absolutely off

*Management of access is the complex and unhandled issue of many Web3 projects.

*Automation of execution requires disclosure of private keys inside a semi-trusted environment, driving weak security.

*Access control on smart contracts is limited by on-chain data and brings additional complexity and execution costs

We suspect the issue is identified in three aspects

First! Proper security against compromise of the private key severely restricts projects and reveals numerous business operations unfeasible.

Second! Standard approaches usually provide a low level of security. At their own risk, most projects distribute keys to high-ranking managers for sole control, which can lead to loss of funds or private key compromisation.

Third! Multisig is a terrific approach to boost security, but the complexity of gathering those signatures and the algorithms for interacting with multisig keys cause challenges and limitations that most projects and users cannot tolerate.

In our opinion, three characteristics must be included in a management solution

-Allow third-party access to the wallet (partners, staff, and even servers), but explicitly limit the potential modes of engagement.

-Compatible with various execution contexts and should not be firmly bound to a certain blockchain or wallet.

-The solution must be non-custodial; the risk of compromise of control as a result of an unethical service provider is too terrific.

Tookey identifies threats of private key compromise and fraudulent transaction pushing, letting developers integrate and deploy it quickly.

This is now possible due to the implementation of Threshold signature schemes. TSS allows several people to sign transactions using a single public key.

TSS participation library & Key Service API

Pluggable Tookey's core components are the TSS participation library and the Key Service API. These components enable the development of third-party applications such as DeFi protocol maintenance tools, end-user wallets, CEX depositaries, escrow services, and so on.

Video demonstration: https://www.youtube.com/watch?v=6crgnJ75Po4