← Back to blog
Security

Securing the Ledger: Hybrid Off-Chain Policy Guards vs. Modular Bugs

By Security Team · May 24, 2026 · 6 min read

Security

The risk of pure on-chain modularity

Modern smart-contract wallets are designed to be modular. That flexibility lets developers add features like spending limits and time-locks — but it also expands the attack surface. If a single module contains a signature-verification flaw, an attacker can bypass the wallet's main security controls and drain its assets.

Furlpay's hybrid guard architecture

To protect user assets from contract exploits, Furlpay implements a Hybrid Guard System that combines on-chain smart wallets with an off-chain security engine:

[ User Action ] ──> [ Policy Guard ] ──(verified?)──> Yes ──> [ HSM co-signs ] ──> [ Safe executes ]
                                     └──────────────────> No  ──> [ Blocked ]

Every transaction requires a 2-of-2 signature:

  • Signature 1: generated by the user's local passkey (client-side).
  • Signature 2: generated by Furlpay's HSM backend (server-side).

Before the HSM co-signs, it runs real-time security checks:

  • Velocity limits — does this transaction exceed the user's typical patterns?
  • Address screening — is the destination linked to high-risk wallets (via the Chainalysis API)?
  • Sanctions checks — does the transaction comply with global regulatory guidelines?

If an attacker exploits a bug in a smart-contract module, they still can't drain your wallet — they lack the HSM's co-signature. This hybrid approach gives you the security of self-custody alongside the active protection of a traditional bank.