Safeheron Brings New Levels of Web3 Security and Privacy: The First Open Intel SGX TEE Framework for Ethereum and Decentralized Finance

Safeheron, a Singapore-based digital asset infrastructure provider, on May 8, 2025, launched the world’s first open-source Trusted Execution Environment (TEE) framework built on top of the native Intel SGX SDK and developed in the modern object-oriented programming language C++ 1 2 3 8 . The solution aims to improve security and privacy in the Web3 ecosystem, including key areas such as decentralized finance (DeFi), payment services, and decentralized autonomous organizations (DAOs) 1 2 9 .

Description of the technology and its importance

Trusted Execution Environment (TEE) is a technology for creating secure, isolated areas (enclaves) within a processor in which programs can run while being protected from external attacks, including threats from the hardware itself 2 3 8 . The technology enables the secure processing of critical data such as cryptographic keys and user personal information, which is especially relevant for Web3, where security and privacy are of paramount importance.

Safeheron built this framework using the native Intel SGX SDK , a set of tools for developing applications with support for Intel Software Guard Extensions, and wrote it in modern C++ , which provides high performance and versatility for systems programming and computational tasks 1 3 8 .

Open Source as a Response to Industry Challenges

The company decided to open source the framework , citing growing concerns in the industry about closed and opaque systems that slow down innovation and increase security risks 1 2 3 8 . Safeheron CEO Wade Wang emphasized that the company is not afraid of competition, but is concerned about slow development due to closed technologies 1 3 .

Applications and Clients

The Safeheron framework enables customers to create enclaves across Intel SGX-enabled cloud services, including public clouds 2 3 9 , making the technology accessible to a wide range of developers and companies working in the Web3 space.

Safeheron already serves over 100 clients, including payment providers, OTC trading platforms, trading firms, and wallet providers. Notable clients include MetaMask, Doo Group, and Amber Group. The total volume of transfers through Safeheron’s infrastructure has exceeded $100 billion, demonstrating the trust and scale of the technology’s use 3 9 .

Context and development prospects

The importance of TEEs is also highlighted in the Ethereum roadmap, where co-founder Vitalik Buterin proposed using TEEs to improve user privacy, protect wallet keys, and ensure secure communication with RPC nodes 3 . TEEs are also seen as a means of protecting against vulnerabilities in cryptographic systems such as SNARKs, as supported by research from Imperial College London 3 .

What Open Source Benefits Does Safeheron TEE Provide for Web3 Technologies?

Safeheron makes a significant contribution to the development of a secure and transparent Web3 infrastructure with its open Intel SGX TEE framework. With its openness, use of advanced technologies, and support from large customers, this framework can become the foundation for new generations of decentralized applications with enhanced data protection and user privacy 1 2 3 8 .

Safeheron thus represents an innovative solution that addresses the pressing security challenges of Web3, paving the way for a more transparent, secure and scalable digital asset ecosystem.

Using the open source Safeheron TEE brings several key benefits to Web3 technologies:

Transparency and trust. Open source code allows the community and experts to verify the security and correctness of the framework implementation, which reduces the risk of hidden vulnerabilities and increases the trust of users and developers.
Accelerate innovation: With the code available, any developer or company can make improvements, customize solutions, and create new features, stimulating rapid development and adoption of cutting-edge technologies in Web3.
Reduced reliance on closed systems. Openness eliminates monopolies on technology, reducing the risks associated with closed, opaque systems that can hinder development and create potential security threats.
Improved security: Collaborative auditing and community participation in code development help quickly identify and fix vulnerabilities, which is especially important for protecting critical data and operations in decentralized applications.
Flexibility and Scalability: The open framework allows Safeheron TEE to be integrated with various cloud services and infrastructures, making it easy to scale and adapt to a variety of Web3 use cases.

Thus, Safeheron TEE open source contributes to the creation of a more secure, transparent and innovative Web3 ecosystem, which meets the pressing needs of the industry and users.

How Intel SGX SDK Implementation Impacts Security of Decentralized Financial Platforms

The introduction of the Intel SGX SDK significantly improves the security of decentralized finance (DeFi) platforms by creating protected, isolated memory areas — enclaves — where critical code is executed and sensitive data is processed. Key aspects of the impact of Intel SGX on DeFi security:

Isolation and data protection. Intel SGX allocates a protected memory area (Processor Reserved Memory) in the processor, where code and data are located that are inaccessible to the operating system, hypervisor, and even the server administrator. This eliminates the possibility of unauthorized access to private keys and secrets, which is critical for financial transactions 1 5 .
Memory encryption. Data in the enclave is encrypted in hardware using the Memory Encryption Engine (MEE), and is only decrypted within the processor core. This ensures confidentiality and integrity of information even when attacked at the hardware or software level with elevated privileges 1 5 .
Resilience to external and internal threats. Through isolation and hardware protection, Intel SGX reduces the risk of attacks from both the outside (e.g. through OS or cloud infrastructure vulnerabilities) and the inside (e.g. from malware or attackers with access to the server) 1 5 .
Increased trust in cloud solutions: Using SGX allows financial platforms to operate securely in public clouds, which increases scalability and reduces costs without compromising security 1 5 .
Remote attestation and trust verification. SGX supports a remote attestation mechanism that allows customers and partners to verify that code is running in a trusted enclave and that data has not been tampered with or leaked 4 .

However, it is worth considering that the technology is not completely invulnerable: researchers have identified potential methods to bypass the protection, for example, using return-oriented programming (ROP), which requires constant updating and improvement of security mechanisms 3 .

Overall, the implementation of the Intel SGX SDK in DeFi platforms provides a qualitatively new level of protection for private keys, transactions and user data , which is critical for the trust and sustainability of decentralized financial services.

What are the potential risks associated with using cloud services to create enclaves?

Using cloud services to create enclaves, including Intel SGX TEE, comes with a number of potential risks that impact the security and resilience of systems:

Data privacy risks. Since processing occurs on the cloud provider’s equipment, there is a risk of unauthorized access to confidential information, including databases, keys, and secrets. Misconfigurations of cloud services, such as open databases or public access to cloud management, can lead to leaks 1 5 .
Configuration errors and access control: Improperly configured access rights and accounts (e.g. excessive permissions, weak or reused passwords) create vulnerabilities that attackers can exploit to compromise infrastructure and steal data 5 6 .
Insider threats: Employees or administrators with excessive privileges may abuse access, increasing the risk of data leaks or corruption 5 .
API and interface vulnerabilities: Cloud services often use multiple APIs, which, if not properly secured, can become entry points for attacks 5 6 .
DDoS attacks and availability. Cloud services are susceptible to distributed denial of service attacks, which can disrupt enclaves and services 5 .
Social engineering and phishing: Lack of awareness of security threats among users and employees increases the risk of credentials being compromised through fraudulent methods 2 .
Provider Dependency and Risk of Data Loss: Cloud providers may change terms, stop supporting, or experience technical failures, which may compromise the availability and security of data 8 .
Lack of full control. Physical access and infrastructure management remain with the provider, which limits the customer’s ability to directly control security 1 .

Thus, despite the hardware protection of Intel SGX enclaves, the use of cloud services requires strict security management, proper configuration, access control, and personnel training to minimize the risks associated with operating cloud infrastructure to create secure environments.

What makes Safeheron unique compared to other TEE solutions in the industry?

Safeheron’s development in the Trusted Execution Environment (TEE) area is unique in several key aspects that distinguish it from other solutions in the industry:

The first open framework based on the proprietary Intel SGX SDK. Safeheron has created a TEE framework that is entirely based on the proprietary Intel SGX SDK and developed in modern C++, which ensures high performance and flexibility. At the same time, the company has made the source code completely open, which is unique in a segment where most solutions remain closed and opaque.
Openness and transparency as a strategic choice. Unlike many competitors, Safeheron has consciously abandoned closed systems, citing the need to accelerate innovation and increase trust in the industry. Open source code allows the community and experts to test security, make improvements, and adapt the technology to different scenarios.
Broad cloud compatibility. Safeheron supports enclave creation on any cloud platform that uses Intel SGX servers, including public clouds. This provides high flexibility and scalability, facilitating integration into existing customer infrastructure.
Focus on Web3 and Digital Assets. Safeheron is focused on the needs of the fast-growing Web3 sectors – DeFi, payment services, and decentralized autonomous organizations, offering solutions tailored to the specifics and requirements of these industries.
Large Client Support and Scalability: The company already serves over 100 clients, including such well-known players as MetaMask, Doo Group and Amber Group, and the total volume of transfers through its infrastructure has exceeded $100 billion, which confirms the reliability and efficiency of the solution.
Focus on security and innovation. Safeheron actively responds to industry challenges, including growing security incidents, and offers technology that protects not only data and keys, but also complex cryptographic schemes such as SNARKs, which is an important advantage for modern blockchain systems.

Safeheron’s uniqueness lies in its combination of openness, technological advancement, flexibility and focus on the real needs of Web3 , making it one of the most promising and innovative solutions in the TEE space.

How Adding TEE to the Ethereum Ecosystem Could Change the Way We Approach User Privacy

The addition of Trusted Execution Environment (TEE) to the Ethereum ecosystem could dramatically change the way users approach privacy due to the following key factors:

Hardware isolation and data protection. TEE creates secure enclaves inside the processor where critical operations can be performed and users’ personal data can be processed in an isolated environment, inaccessible to external attacks and even the operating system. This significantly reduces the risk of leaking private information when interacting with Ethereum nodes.
Increased privacy when interacting with RPC nodes. As proposed by Vitalik Buterin, TEE will allow users to securely access remote Ethereum nodes while being assured that their personal data is not being collected or analyzed, improving privacy and reducing the risk of surveillance.
Integration with zero-knowledge (ZK) proof technologies. The Ethereum roadmap envisions TEE as part of a hybrid verification system that combines zero-knowledge proofs and TEE hardware guarantees. This will allow transactions and interactions to be verified faster and more securely while maintaining privacy.
Key and wallet protection. TEE can be used to store and process users’ private keys in an isolated manner, significantly reducing the likelihood of wallet compromise and increasing the security of digital assets.
Regulatory and GDPR Compliance: When combined with other privacy-enhancing technologies (such as homomorphic encryption and multi-party computation), TEE helps build an Ethereum architecture that is compliant with privacy requirements by minimizing the disclosure and storage of sensitive information.
Modular and scalable design. The implementation of TEE supports a modular approach to Ethereum development, allowing for the integration of different privacy technologies and ensuring their compatibility, which accelerates the adoption and adaptation of new solutions in the ecosystem.

Ultimately, the addition of TEE to Ethereum creates a new layer of hardware privacy protection that, when combined with cryptographic methods and a modular architecture, will allow users to interact with the network more securely and anonymously, reducing the risk of data leakage and increasing trust in decentralized applications. This is an important step towards building a more private and scalable blockchain of the future 1 2 3 .

What are the benefits of TEE for enhancing privacy in Ethereum

The addition of Trusted Execution Environment (TEE) to the Ethereum ecosystem provides a number of important benefits for enhancing user privacy:

Hardware-based isolation of sensitive data. TEE creates secure enclaves within the processor where personal information and private keys can be computed securely, isolating them from the rest of the system and potential attackers 1 .
Reducing Metadata Exposure: Vitalik Buterin’s Ethereum roadmap envisions TEE as a tool that allows users to interact with RPC nodes without revealing their personal data and reducing the risks of surveillance and behavioral analysis 2 3 .
Balance between security and performance. Unlike purely cryptographic methods (e.g. ZKP or MPC), TEE provides high data processing speed with relatively low computational costs, which is important for scalable Ethereum applications 1 .
Protecting private keys and wallets. TEE can be used to securely store and process keys, reducing the likelihood of their compromise and increasing the overall security of users 2 3 .
Support for private smart contracts. Similar to other projects using TEE (such as Phala Network), Ethereum will be able to run private smart contracts, providing protection for inputs and outputs, which will enhance the capabilities of decentralized applications with increased privacy 5 .
Integration with other privacy technologies: TEE complements zero-proof proofs (ZKP), homomorphic encryption, and multi-party computation (MPC) methods to create a comprehensive approach to data protection on Ethereum 1 .

Thus, the implementation of TEE in Ethereum will create a hardware-protected environment for confidential computing that will increase user privacy, improve the protection of keys and data, and allow for the scaling and development of more private and secure decentralized applications.

What specific hardware components make TEE efficient in Ethereum

The effectiveness of the Trusted Execution Environment (TEE) in the Ethereum ecosystem is ensured by a number of key hardware components that create a secure environment for confidential computing:

Processors with support for Intel SGX (Software Guard Extensions). These are specialized hardware extensions built into modern Intel processors that create isolated, protected memory areas called enclaves. In these enclaves, code and data are processed in complete isolation from the rest of the system, including the operating system and hypervisor 1 3 .
Hardware memory encryption. Intel SGX implements the Memory Encryption Engine (MEE), which encrypts data in the enclave when stored in RAM, ensuring its confidentiality and integrity even if physical access to the memory is possible 1 .
Remote attestation mechanisms: Hardware components allow the authenticity and integrity of the enclave to be verified by remote parties, which is important for user trust and interaction with Ethereum nodes, ensuring that the code is executed in a secure environment 1 .
Computation and data isolation: The hardware architecture provides isolation of code and data within the processor, preventing access by malware, system administrators, or other external attacks 1 .

Thus, it is the hardware capabilities of processors with Intel SGX, including isolation, hardware encryption and remote attestation, that create a reliable and efficient platform for implementing TEE in Ethereum , ensuring a high level of privacy and security for users when executing smart contracts and processing sensitive data.

Final conclusion

The development of Safeheron, the industry’s first open-source Trusted Execution Environment (TEE) framework based on the Intel SGX SDK, marks a major security and privacy breakthrough for the Web3 ecosystem, particularly decentralized finance (DeFi), payment services, and decentralized autonomous organizations (DAOs). Open-sourcing not only increases transparency and trust in the technology, but also drives faster innovation by allowing the community and companies to collaborate to improve solutions and adapt them to a variety of use cases.

Using Intel SGX hardware capabilities such as isolated enclaves, hardware-based memory encryption, and remote attestation mechanisms, critical data and computations are protected at a high level. This is especially important for Ethereum, where the implementation of TEEs can fundamentally change approaches to user privacy — reducing the risk of personal data leakage, ensuring secure storage of private keys, and supporting private smart contracts.

At the same time, integrating TEE into public cloud services expands scalability and flexibility, but requires careful security management and access control to minimize associated risks. Safeheron has already proven the effectiveness of its solution by serving large clients and processing transactions worth hundreds of billions of dollars, which confirms the reliability and demand for the technology.

Overall, the Safeheron framework sets a new standard for security and privacy in Web3 by combining hardware innovation, openness, and practicality. This opens the door to more secure, transparent, and scalable decentralized applications that can meet the growing demands of users and industry in the era of digital transformation.