This release focuses on compliance, security hardening, performance, and resilience improvements across custody services. The items below intentionally avoid exposing internal designs, vendor names, firmware requirements, or implementation specifics while communicating customer‑relevant outcomes.

Platform Resilience & Security

• Routine security updates and control tuning across core services.
• Dependency hygiene and audit‑driven remediations across the platform.

Benefit: Reinforces our custody‑grade security baseline and operational stability.

Compliance & Governance

• Foundational support for compliance workflows across custody components.
• Enhancements to AML‑related review processes and reporting readiness.

Benefit: Streamlines compliance operations and reduces manual effort.

Mobile Experience

• Performance and responsiveness improvements across key mobile flows.
• Refined session and authentication handling for improved reliability.

Benefit: Provides a smoother mobile experience while maintaining security integrity.

Signing & Policy Services

• Enforced encrypted channels for inter‑service communication.
• Aligned policy validation across sensitive import and key‑related workflows.

Benefit: Strengthens cryptographic controls and standardises sensitive operations.

Blockchain Indexing & Throughput

• Scaled indexing capacity to handle higher on‑chain activity during periods of network congestion.
• Stability and throughput improvements during spikes in block size and transaction volume.

Benefit: Ensures reliable indexing and transaction visibility under heavy load conditions.

No customer action is required for this release. For questions, please contact Support.

This release focuses on security, reliability, and developer‑experience improvements across the custody platform. The items below are intentionally written to avoid exposing internal designs, vendor names, or implementation details while still describing customer‑relevant outcomes.

Platform Resilience & Security

• Ongoing maintenance and remediation as part of our secure development lifecycle
• Routine dependency updates and configuration tuning
• Incremental improvements informed by internal and external reviews

Benefit: Reinforces our security baseline and keeps our controls aligned with industry expectations.

Error Handling & Transparency

• Clearer, more consistent responses for transaction status and failure scenarios
• Additional telemetry for issues that are not automatically retried
• Aligned behaviour across APIs to standardise how errors are reported

Benefit: Improves troubleshooting clarity and reduces integration effort.

Vault & Key Management Enhancements

• Improved transaction descriptions for supported assets
• Expanded request feedback to surface actionable information where appropriate
• Additional safeguards and audit controls in recovery workflows

Benefit: Increases end‑user clarity, improves operational resilience, and supports secure key lifecycle management.

Infrastructure Optimisation

• Simplified network architecture and routing to improve efficiency
• Hardened private integration paths used by background services
• Broader monitoring and alerting coverage across core components

Benefit: Enhances reliability and reduces operational overhead.

API & SDK Improvements

• More consistent API responses for transaction queries
• SDK updates that reduce footprint and improve maintainability

Benefit: Simplifies the developer experience and speeds up integrations.

Governance & Access

• Routine refresh of cryptographic controls
• Role definitions reviewed to reinforce least‑privilege access
• Enhanced visibility into the status of vulnerability remediation

Benefit: Strengthens overall security posture and operational governance.

---

No customer action is required for this release. For questions, please contact Support.

This release focuses on expanding compliance capabilities, strengthening audit readiness, and optimizing network infrastructure across our custody ecosystem.

Security & Performance Improvements

We applied several backend security patches in line with our CVE patching policies:

• Updated Go stdlib dependencies across multiple services
• Upgraded internal infrastructure libraries
• Increased memory allocations for critical lambdas

Benefit: Improves runtime resilience and keeps services aligned with our internal security guidelines.

Compliance Engine Enhancements

Enhancements to the anti-money-laundering (AML) layer improve transaction monitoring fidelity:

• Compliance checks now reference organisation.product for more granular enforcement via third-party compliance providers
• Fixed case-sensitive asset matching in Travel Rule provider integration
• Extended chain ID mapping to support additional networks

Benefit: Increases precision of compliance workflows across supported chains and products.

Custody Chain Service Hardening

Post-audit remediations were applied across multiple chain services:

• pbkdf2 CVE resolution
• Dependency upgrades
• Infrastructure interface corrections

Benefit: Aligns on-chain connectors with current audit requirements and ensures predictable node integration.

Network Infrastructure Optimization

Refinements to internal networking components:

• Decommissioned unused NAT gateways and staging subnets
• Added direct endpoints for ECR services
• Removed legacy private endpoint

Benefit: Reduces internal network complexity and improves routing efficiency for key components.

API Documentation Redirect

We have consolidated custody developer documentation under the Bitpanda TechSolutions portal:

• Redirected developer.bitpandacustody.com to techsolutions.bitpanda.com/custody
• New routing is managed via CloudFront and backed by an S3 origin (as fallback)

Benefit: Streamlines access to up-to-date documentation under a unified platform portal.

This release brings continued improvements across chain services, custody governance, and security posture. Our updates focus on secure seed management, dynamic transaction handling, and refined access controls across the custody infrastructure.

Chain Service Security & Performance Updates

We have applied updates to multiple chain services in line with our patching guidelines to address critical security vulnerabilities in Go stdlib and supporting dependencies. These updates also include performance tuning improvements.

• Memory configuration improvements for runtime components
• Standardized dependency updates across chain services
• Ongoing adherence to CVE patching policies

Dynamic Transaction Fee Handling

We improved our transaction tip calculation logic for EVM-based networks. Tip values are now dynamically fetched using eth_maxPriorityFeePerGas, ensuring compatibility across chains with different baseline fee requirements.

• Resolves static tip issues on high-minimum-tip networks
• Verified compatibility with EIP-1559 and non-EIP-1559 chains
• Increases reliability and predictability of transaction inclusion

Seed Export Capability (Custody)

We have introduced secure export functionality for wallet seeds via TrustVault:

• Export actions are gated by PCR (Policy Change Request) to enforce access controls.
• Co-signing support is enabled via TCSS for multi-approver validation.
• All exports are encrypted and auditable to support operational integrity.

This enables secure migration, recovery, or custodial transitions in line with governance protocols.

Webhook and Notification Enhancements

Webhook delivery systems were optimized to improve reliability and responsiveness:

• Webhooks now execute in parallel with a 30-second max per call
• Global timeout extended to 60 seconds
• New subscription type added to support seed export notifications

Role and Access Management Updates

Internal access policies were refined to enhance operational governance:

• Escalation flows updated for developer and admin access levels
• Co-signing requirements expanded for sensitive operational actions

Infrastructure & Compliance Controls

We transitioned to AWS WAFv2 for improved edge protection and consistency:

• Region-based rate-limiting updated in line with AWS standards
• IP-level blocking aligned with compliance jurisdiction restrictions
• Additional hardening applied for common web-layer vulnerabilities