Try it
security ↓

Built like a vault.

Your funds never touch our servers. Your trades stay private. Our code is audited, open-source, and watched 24/7. Here's exactly how we keep it that way.

LOCKED smart contract funds live here, not on our servers ↑
our security pillars ↓

Four things we never compromise.

LOCKED on-chain
i.

Funds never leave the contract.

The instant both parties agree, your funds are locked in a smart contract you can verify on-chain. Not in a hot wallet. Not on our servers. Not anywhere we can touch.

  • Non-custodial by design — Middn has no withdrawal key
  • Atomic settlement — both sides clear in the same tx, or nobody clears
  • Auto-refund if the counterparty disappears past the timeout
Read the contracts →
only you & them can read ↓
ii.

Privacy is the default.

Every message between traders is encrypted client-side. The contract sees only what it needs to — amounts, conditions, signatures. The rest? Nobody can read it. Not us, not validators, not the chain.

  • End-to-end AES-256 + X25519 (signal-style, forward-secure)
  • ZK proofs verify conditions without revealing the data
  • Metadata stripped from all on-chain interactions
How ZK proofs work →
AUDITED ✓ { ok } every line, multiple times ↓
iii.

Reviewed by multiple teams.

We don't just say our code is safe — we pay the best security firms in crypto to try and prove it isn't. Trail of Bits, Halborn, Code4rena. Every report is public.

  • 2 external audits completed (Mar & Apr 2026)
  • Active Code4rena contest with $250k prize pool
  • Continuous internal fuzzing & formal verification
See all audit reports →
OK OK OK OK someone's always watching ↓
iv.

Monitored 24/7.

Every contract is watched in real time. Anomaly detection, large transfers, unexpected state — anything weird wakes someone up at 3am. We've got 42 CI gates and on-call engineers across 3 time zones.

  • Forta + Tenderly alerts on every state change
  • On-call rotation in EU, US-East, US-West
  • Pre-funded emergency pause + recovery procedures
Our incident playbook →
numbers ↓

What it adds up to.

$0 funds lost
since launch
3 independent
audits
$250k active bug
bounty
100% open-source
code
threat model ↓

What we protect vs what's on you.

Security only works if everyone knows their job. Here's the honest split.

Middn protects ↓

  • Contract exploits Audited code, formal verification, fuzzing. We assume hostile inputs.
  • Counterparty default Atomic settlement means neither side can run. Funds release together or refund.
  • Server compromise We can't touch your funds. Even if our entire infra is hacked.
  • Network surveillance E2E encryption + ZK proofs. No metadata leaks.
  • Front-end tampering Subresource integrity, IPFS-pinned UI builds, reproducible.
  • Insider abuse No admin keys exist. There's nothing to abuse.

You're responsible for ↓

  • Your wallet keys We can't recover them. If you lose them, your funds are gone forever.
  • Phishing & fake sites Always check the URL. Always sign on a clean device. Bookmark middn.com.
  • What you trade We're a neutral layer. Knowing your counterparty is your call.
  • Reading what you sign Verify amounts, conditions, addresses in your wallet before signing.
  • Off-platform agreements If you negotiated something outside Middn, we can't enforce it.
  • Tax & legal compliance Your jurisdiction, your responsibility. We don't give legal advice.
if something breaks ↓

Our incident playbook.

Even with audits and monitoring, we plan for the day something goes wrong. Here's exactly what happens.

T+0
min

Detection.

Forta + Tenderly alerts fire to PagerDuty. On-call engineer wakes up. We classify severity (P0 = funds at risk, P1 = service down, P2 = degraded).

T+5
min

Triage & freeze.

If P0, we trigger the emergency pause. This is the only privileged action that exists, and it's a one-way switch: it stops new deals but never moves user funds.

T+30
min

Public disclosure.

Status page updated. Twitter post pinned. Discord & Telegram pings. We tell users what we know, what we don't, and what to do (usually: nothing, your funds are safe in the contract).

T+72
hrs

Post-mortem.

Public write-up. Root cause, timeline, what we fixed, what we changed in our process. No PR-speak. Auditors review the fix before we unpause. Same standard as new code.

questions? ↓

Got a security question?

Our security team reads every email. Bugs go via Code4rena or directly to us — we PGP, we pay, we don't sue.

View all audits [email protected]