Skip to content

Fortis · By Totemic Investors

Simplifying Operational Security
for Digital Assets.

Trust yourself in this trustless world. Operational security has settled into a set of best practices; even the most established names skip them. Fortis makes them simple to follow.

01 · The landscape

Most losses follow patterns.

These figures refresh monthly. Each one points to a practice that addresses it.

Attack breakdown · weighted by loss
Protocol exploit: 37%Bridge & cross-chain attack: 24%Governance takeover: 11%Price-feed manipulation: 11%Private-key compromise: 10%Approval & permission scam: 7%AI-powered social engineering: 0%
  • Protocol exploit37%

    Audited protocols still get exploited.

  • Bridge & cross-chain attack24%

    Cross-chain transfers concentrate trust.

  • Governance takeover11%

    Flash loans can buy a vote majority.

  • Price-feed manipulation11%

    Manipulated price feeds fool collateral.

  • Private-key compromise10%

    One leaked key opens everything.

  • Approval & permission scam7%

    Old wallet approvals stay live until revoked.

  • AI-powered social engineering0%

    Deepfakes can fool security-aware teams.

Last 30 days
$573.1M
3 incidents

Each had a known mitigation.

Year to date
$605.1M
5 incidents

The playbooks exist. Not everyone uses them.

02 · Failure modes & mitigations

Failure modes are well-understood.
So are the mitigations.

03 · How we manage it

How we apply this to the portfolios we manage.

Custody architecture

Multisig, hardware-isolated signing, recovery plans documented and rehearsed.

Counterparty governance

Exchange selection by financial and operational diligence; protocol vetting; exposure limits per name.

Operational discipline

Runbooks, change management, monitoring — the operational standards a traditional asset manager would meet.

Independent advisory. Not financial, legal, or tax advice.

04 · Talk to us

Learn how we manage risk.

Totemic Investors advises families, family offices, and funds on digital-asset allocation and operational security. If that’s relevant to you, send us a note.

We’ll respond within 1 business day. Your information is never shared or sold. Not financial, legal, or tax advice.

Or follow our investment thinking — emerald.totemicinvestors.com →