Process Security, Pillar 02
Every person who joins your team gains access. Every person who leaves should lose it, immediately, completely, and verifiably. In practice, most Web3 teams have informal onboarding and no real offboarding at all. That is how former contributors retain access to repositories, wallets, and admin tools long after they have left.
Security onboarding and offboarding are the bookends of identity lifecycle management, the process of controlling who has access from the moment they join until the moment they leave. In traditional enterprise security compliance, this is a documented, audited process. In Web3, it is almost universally handled informally: access is granted as-needed via Telegram, revoked (or not) when someone announces they are stepping away, and credentials are rarely rotated even after confirmed departures.
The risk is asymmetric. The cost of a thorough offboarding procedure is a few hours of admin work. The cost of a disgruntled or compromised former contributor retaining access to a deployer key or treasury multi-sig is potentially total. We design onboarding and offboarding security procedures that are specific, sequenced, and verifiable, not a general policy document that sits in Notion and is never followed.
Work is delivered through our internal consultancy team and a curated network of specialist partner firms, rigorously vetted for technical depth and professional integrity in the Web3 space.
The Access That Outlasted the CEO
“Multichain’s CEO Zhao Jun was detained in May 2023. What followed revealed the most extreme form of the ghost access problem: he alone held the private keys to all Multichain protocol infrastructure. No one else had access. No offboarding procedure existed because the access was never formally distributed. The protocol was paralysed. In July 2023, $130M was drained to addresses linked to his relatives. The access had never been structured to be revocable, auditable, or shared, and when the key holder was removed, the protocol had no path forward.”
Why Web3 Offboarding Is Different
“In traditional companies, offboarding means disabling an Active Directory account. In Web3, it means revoking GitHub access, removing Discord permissions, rotating shared secrets, replacing multi-sig signers, verifying hardware wallet recovery phrases are not retained, and confirming no cloud credentials were cached. Each step requires deliberate action. None of it happens automatically.”
Security compliance for identity lifecycle management is increasingly required by regulators and institutional partners. Whether you are pursuing a formal compliance programme or simply trying to close an obvious security gap, documented and enforced onboarding and offboarding procedures are a foundational requirement.
The Process
A security program for identity lifecycle covers four distinct phases. Each has specific actions that must be completed and verified, not just intended.
New contributors receive only the access required for their role, no more. Each grant is documented, scoped, and approved. Security induction covers the team's policies on data handling, device requirements, credential management, and escalation procedures before access is granted.
On departure, whether planned or abrupt, access is revoked across every system simultaneously and verified as complete. No single system is left active pending "when we get to it." The offboarding checklist is specific to your toolstack: GitHub, AWS, Vercel, Notion, Discord, Telegram admin roles, and every other surface with access that matters.
Any shared credential the departing contributor had access to is rotated. Any API key, deployment secret, or shared password they could have copied is considered compromised and replaced. Multi-sig configurations that included them are updated. This is the step most teams skip and the one that creates the most persistent risk.
Between joiners and leavers, access tends to accumulate. Contributors move between roles; contractors finish a project but retain access; integrations are granted permissions that outlive their purpose. A quarterly access review checks that every active grant still matches the current team structure and revokes anything that does not.
