Executive Summary

MPC wallets like Fireblocks and Fordefi have become the default for institutional custody. They’ve solved key problems around key management and transaction authorization.

But as capital moves across chains, a more subtle issue emerges.

Most MPC policies can control who initiates a transaction and how much is sent. What they often cannot enforce is where those funds ultimately land.

At Concrete, that gap wasn’t acceptable.

To secure cross-chain vault operations, we worked with zeroShadow and Hypernative to introduce real-time, pre-execution enforcement directly into the transaction flow. The result is simple: transactions are no longer approved based on intent, but on outcome.

The Problem: Security Still Relied on Trust

Concrete operates across multiple chains, routing capital through bridges, strategies, and vault systems. Like most institutional setups, this relies on MPC-based custody.

On the surface, these systems are robust. Policies define who can sign, what assets can move, and which contracts can be interacted with.

But there is a structural limitation.

In many bridge transactions, the final destination address is embedded inside contract calldata. From the perspective of the MPC policy, the transaction is simply interacting with an approved bridge contract. The actual recipient on the destination chain is not enforced.

This creates what we call the Destination Gap.(1)

A transaction can pass every policy check and still send funds to the wrong place.

In practice, this means risk may shift from approval authority to destination integrity. Without additional destination validation, an authorized user could submit a transaction that routes funds to an unintended address, and operational mistakes or front-end compromise may not be independently caught by standard policy checks.

The system is functioning exactly as designed, but the design still assumes something critical: That the user will get it right.

Concrete is built on the opposite assumption.

The Solution: Enforcing Outcomes, Not Intent

To remove this dependency on user behavior, we integrated Hypernative Guardian directly into the approval flow, architected by zeroShadow.

Now, every bridge transaction is evaluated before it can ever be signed.

When a transaction is initiated, it is first simulated in real time. Hypernative then decodes the bridge call to determine the actual destination address on the target chain. That destination is checked against a dynamic whitelist managed at the infrastructure level.

If the destination is approved, the transaction proceeds.

If not, it never reaches the signing threshold.

If the decoded destination does not match an approved destination, the transaction is rejected before signature completion.

This is a fundamental shift. Traditional systems monitor and react. This system prevents.

The Result: Security as System Design

This approach changes how security functions inside Concrete.

No individual user in the covered workflow can unilaterally route funds to a non-approved destination through that workflow. The system enforces constraints at the outcome level, not the action level.

For allocators and counterparties, this moves security out of the realm of process and into architecture. It’s no longer about trusting operators or reviewing procedures. It’s about embedding destination constraints directly into the approval workflow for the transactions in scope.

That distinction matters.

As DeFi matures, infrastructure needs to meet the same standards as institutional finance: deterministic behavior, enforceable constraints, and transparent guarantees. Concrete’s vault architecture is built around that principle, where risk management is encoded directly into how capital moves.

Operationally, this also unlocks scale. As new chains and strategies are added, security does not become more fragile. Whitelists can be updated dynamically, and capital can move freely within predefined constraints without increasing risk.

A New Standard for MPC Workflows

The limitation of traditional MPC setups isn’t that they’re insecure. It’s that they stop one step short.

They verify who is allowed to act, but not what the final state of that action will be.

Concrete addresses that gap by combining approval controls with destination-level validation for the integrated workflow.

This is part of a broader shift in DeFi infrastructure. The industry is moving away from permission-based systems toward outcome-based guarantees. Instead of asking whether a user is allowed to perform an action, the system defines what results are possible.

Everything else is rejected by default.

Conclusion

The Destination Gap has existed quietly in institutional workflows for years. It wasn’t a bug, it was a blind spot.

By integrating real-time simulation and destination enforcement into the transaction flow, Concrete reduces that blind spot by introducing destination-level validation before execution.

This control is designed to reduce reliance on manual vigilance by embedding destination validation into the transaction flow.

It is enforced by design.

‍

Disclaimer

This article is for informational purposes only and does not constitute an offer to sell or solicitation of an offer to buy any security, investment product, or service. Digital asset operations involve risk of loss, including through smart contract vulnerabilities, bridge exploits, and operational failures. The security measures described reflect the current implementation and do not guarantee against all forms of loss. The controls described here apply to specific configured workflows and may not apply to all transactions, chains, assets, or operational scenarios.

About zeroShadow

zeroShadow is the leading Web3 Security Risk Management firm. We act as an extension of our clients' security teams, implementing active defense layers and 24/7 monitoring to protect the world's most sophisticated DeFi protocols.

About Hypernative

Hypernative is a real-time Web3 security and threat prevention platform that protects over $100B in assets across 70+ chains. Its core product, Hypernative Guardian, uses battle-tested machine learning models and real-time transaction simulation to identify and stop hacks, bridge exploits, and phishing attacks before they execute.

About Concrete

Concrete is an Ethereum-based protocol that provides institutional-grade vault infrastructure for on-chain asset management. With a proven track record of executing billions in structured flow volume, Concrete offers sophisticated vault architecture and strategy layering to enable secure and transparent yield strategies in the DeFi ecosystem. Concrete is part of the Blueprint ecosystem. For more information, visit https://concrete.xyz.

---------------------------

1. Destination Gap’ is used in this article to describe bridge workflows in which approval logic may validate the initiating call to a known bridge contract without separately enforcing the ultimate recipient address on the destination chain.