This release focuses on expanding compliance capabilities, strengthening audit readiness, and optimizing network infrastructure across our custody ecosystem.

Security & Performance Improvements

We applied several backend security patches in line with our CVE patching policies:

• Updated Go stdlib dependencies across multiple services
• Upgraded internal infrastructure libraries
• Increased memory allocations for critical lambdas

Benefit: Improves runtime resilience and keeps services aligned with our internal security guidelines.

Compliance Engine Enhancements

Enhancements to the anti-money-laundering (AML) layer improve transaction monitoring fidelity:

• Compliance checks now reference organisation.product for more granular enforcement via third-party compliance providers
• Fixed case-sensitive asset matching in Travel Rule provider integration
• Extended chain ID mapping to support additional networks

Benefit: Increases precision of compliance workflows across supported chains and products.

Custody Chain Service Hardening

Post-audit remediations were applied across multiple chain services:

• pbkdf2 CVE resolution
• Dependency upgrades
• Infrastructure interface corrections

Benefit: Aligns on-chain connectors with current audit requirements and ensures predictable node integration.

Network Infrastructure Optimization

Refinements to internal networking components:

• Decommissioned unused NAT gateways and staging subnets
• Added direct endpoints for ECR services
• Removed legacy private endpoint

Benefit: Reduces internal network complexity and improves routing efficiency for key components.

API Documentation Redirect

We have consolidated custody developer documentation under the Bitpanda TechSolutions portal:

• Redirected developer.bitpandacustody.com to techsolutions.bitpanda.com/custody
• New routing is managed via CloudFront and backed by an S3 origin (as fallback)

Benefit: Streamlines access to up-to-date documentation under a unified platform portal.

This release brings continued improvements across chain services, custody governance, and security posture. Our updates focus on secure seed management, dynamic transaction handling, and refined access controls across the custody infrastructure.

Chain Service Security & Performance Updates

We have applied updates to multiple chain services in line with our patching guidelines to address critical security vulnerabilities in Go stdlib and supporting dependencies. These updates also include performance tuning improvements.

• Memory configuration improvements for runtime components
• Standardized dependency updates across chain services
• Ongoing adherence to CVE patching policies

Dynamic Transaction Fee Handling

We improved our transaction tip calculation logic for EVM-based networks. Tip values are now dynamically fetched using eth_maxPriorityFeePerGas, ensuring compatibility across chains with different baseline fee requirements.

• Resolves static tip issues on high-minimum-tip networks
• Verified compatibility with EIP-1559 and non-EIP-1559 chains
• Increases reliability and predictability of transaction inclusion

Seed Export Capability (Custody)

We have introduced secure export functionality for wallet seeds via TrustVault:

• Export actions are gated by PCR (Policy Change Request) to enforce access controls.
• Co-signing support is enabled via TCSS for multi-approver validation.
• All exports are encrypted and auditable to support operational integrity.

This enables secure migration, recovery, or custodial transitions in line with governance protocols.

Webhook and Notification Enhancements

Webhook delivery systems were optimized to improve reliability and responsiveness:

• Webhooks now execute in parallel with a 30-second max per call
• Global timeout extended to 60 seconds
• New subscription type added to support seed export notifications

Role and Access Management Updates

Internal access policies were refined to enhance operational governance:

• Escalation flows updated for developer and admin access levels
• Co-signing requirements expanded for sensitive operational actions

Infrastructure & Compliance Controls

We transitioned to AWS WAFv2 for improved edge protection and consistency:

• Region-based rate-limiting updated in line with AWS standards
• IP-level blocking aligned with compliance jurisdiction restrictions
• Additional hardening applied for common web-layer vulnerabilities