Fireblocks & Thales deepen bank crypto key control

Fireblocks and Thales have expanded their collaboration on hardware-based controls for digital asset operations at regulated financial institutions.

The arrangement links Fireblocks' digital asset platform with Thales' Luna Hardware Security Modules (HSMs), focusing on how banks and other regulated firms generate, store, and use cryptographic keys for cryptocurrency and tokenised asset transactions.

HSMs are dedicated devices used to protect cryptographic material. Many banks already run certified HSMs in their security environments for payments, identity, and other sensitive workflows. Fireblocks and Thales are positioning the joint architecture as a way to extend that model to digital assets without changing existing governance structures.

Key custody

Under the expanded collaboration, Fireblocks will integrate its platform with Luna HSMs. Its KeyLink product keeps private keys or key shares generated, stored, and operated entirely within customer-owned HSMs, giving institutions "complete policy control and final authority" over transactions.

The design aims to address a central question for regulated firms evaluating digital assets: who ultimately controls signing authority. In many digital asset systems, control of private keys determines the ability to move assets. Banks typically require strong segregation of duties, audit trails, and defined approval policies for high-risk transactions.

Fireblocks said the model prevents it from signing transactions on its own or moving assets unilaterally. It described its role as policy enforcement and orchestration across operating models, including hot, warm, and cold setups-terms that describe how closely signing systems are connected to online networks.

Use cases

The architecture is designed to support custody, trading, tokenisation, and onchain settlement, while integrating with existing security, governance, and audit processes. Fireblocks said organisations can manage cryptocurrencies, stablecoins, security tokens, and tokenised real-world assets across major blockchain networks.

The announcement also highlights support for multiple elliptic curves, which can matter for institutions working across different blockchain ecosystems and token standards. Different networks use different cryptographic schemes, affecting compatibility with key-management systems and internal controls.

Regulatory lens

Regulated financial institutions face increasing scrutiny over operational risk in digital asset services. Supervisors often look for clear accountability for transaction approvals, controls around key material, auditability, and documented governance processes that mirror established practice in other parts of financial market infrastructure.

Fireblocks said the approach maps security controls to compliance requirements through customer-owned Luna HSMs, multi-party computation (MPC), and cross-domain integrations. MPC splits signing authority across multiple parties or systems, reducing reliance on a single key holder and aligning with approval workflows used in regulated environments.

Todd Moore, Vice President, Data Security Products at Thales, said: "As digital assets reshape global finance, adoption will depend on a proven foundation of trust. Thales provides that foundation with Luna HSMs, protecting and controlling the cryptographic keys that underpin ownership and transaction authority. Combined with Fireblocks, we help institutions reduce key-exposure risk, strengthen governance, and move digital value with confidence across high-value digital ecosystems at scale."

Fireblocks said its platform is used by more than 95 banks in live environments and secures more than USD $5 trillion in digital asset transfers annually.

Adam Levine, SVP, Head of Corporate Development and Partnerships at Fireblocks, said: "As banks and financial institutions accelerate production deployments as well as proofs-of-concept, they need digital asset infrastructure that aligns with the same governance, audit, and risk principles that underpin traditional financial infrastructure. By expanding our partnership with Thales, we're enabling the deployment of digital asset services using customer-owned, certified hardware they already trust - without compromising on control, compliance, or operational integrity."

Both companies framed the work around operational resilience and availability expectations for critical financial systems. Fireblocks said regulators require continuous availability for mission-critical platforms, and that its design is intended to handle institutional transaction volumes at scale.

The next phase will focus on deployments that keep signing operations within customer-controlled Luna HSM infrastructure while maintaining policy enforcement and governance workflows through Fireblocks' platform.