WisdomTree is a $160B NYSE-listed institutional asset manager bringing regulated funds onchain. Its tokenization platform enforces real-world compliance directly in the contracts that hold and move regulated assets across multiple blockchain networks, including onchain KYC/AML, transfer restrictions, and administrative controls. Tokenizing regulated funds is one of the most closely watched categories in onchain finance, and the trust model behind it is the product itself.

The Challenge

Bringing a regulated asset manager's funds onchain is a different security problem than auditing a typical protocol. The product is the trust model: tokenized funds have to enforce real-world compliance onchain while holding up to institutional risk and diligence requirements. Three pressures defined the kind of security provider WisdomTree needed:

  • Compliance cannot be bolted on, it has to be enforced in the contracts: WisdomTree's design encodes KYC/AML onchain through soulbound credential tokens, a whitelist compliance oracle, transfer restrictions, and administrative controls such as freeze, pause, and clawback. Each of those mechanisms is a potential failure point, and a single gap could let a non-compliant party hold or move a regulated asset.
  • Coverage had to span architectures no single team builds for natively: WisdomTree's roadmap runs across very different blockchain architectures, from Ethereum to Solana. Risks that surface on one often have no equivalent on the other, so each environment had to be secured on its own terms rather than fragmented across boutique firms specialized in a single chain.
  • Institutional pace, with security as a continuous program: the platform is not a single launch but an evolving system of new token standards, new compliance logic, and new chains, each gated on security review. A point-in-time audit cadence is structurally incompatible with that roadmap, so security had to be built into it.

WisdomTree needed a security provider that could reason about regulated-asset compliance logic, work fluently across very different blockchain architectures, and provide continuous coverage rather than one-off checkpoints.

OpenZeppelin's Solution

A Continuous Security Program Built Into the Roadmap

OpenZeppelin delivers the Continuous Security Program to WisdomTree as an ongoing engagement rather than a sequence of point-in-time audits. A dedicated team of senior researchers, project managers, and technical leads carries context across every engagement, retained across rounds at the client's request, so each review compounds on the last rather than starting from scratch. 

Coverage spans architecture, code, and deployment, so new token standards, new compliance logic, and new chains ship with the security signal in place from design through production.

Coverage Across Every Architecture WisdomTree Ships On

Securing a regulated fund token on Ethereum and on Solana requires genuine depth in both Solidity and Rust, not surface-level review. OpenZeppelin's researchers cover both environments to the same standard, closing the seams that appear when a tokenization platform expands across very different virtual machines. Reviews span the full surface area of WisdomTree's stack: the whitelist and compliance layer that gates transfers to KYC/AML-approved holders, the ERC-20 token suite extending the standard with freezing, pausing, whitelisting, and administrative clawback, and the Solana programs that enforce the same regulated fund lifecycle and onchain compliance at the moment of every transfer. The result is one consistent assurance signal for WisdomTree's integrators and counterparties regardless of chain.

Deployment Verification That Catches Issues Before Users Do

OpenZeppelin's coverage extends from architecture and design review into the code itself and toward deployment. On the Solana fund programs, the review surfaced four critical-severity issues in compliance and role-management logic, every one identified at review time and remediated before the system went live, before any user funds were exposed. This pre-deployment assurance is exactly the kind of continuous control institutional issuers increasingly require as evidence that what was audited is what gets deployed.

"Bringing regulated funds onchain means security and compliance have to be inseparable, and they have to hold across every environment we build on. OpenZeppelin has been a continuous security provider from architecture through deployment, across both our Ethereum and Solana work, and this consistency and rigor allows us to advance WisdomTree’s tokenization roadmap confidently, at scale."

The Results

A Clean Security Record for Regulated Tokenization

Across three security audits and a design review with OpenZeppelin, WisdomTree has built a repeatable assurance process for its regulated tokenization platform. The reviews found no high-severity issues, and all critical findings were identified and remediated before deployment. For a regulated asset manager bringing funds onchain, this is the result that matters: continuous coverage produces the evidence base that supports confidence in the platform across the team and its stakeholders.

Real-World Assets Onchain at Institutional Scale

Continuous security across both Ethereum and Solana underpins WisdomTree's onchain platform at institutional scale:

  • Approximately $790 million in tokenized fund assets onchain
  • A full lineup of regulated tokenized funds spanning money market, US Treasuries, equities, and private credit, among the largest on public blockchains
  • Regulated tokenized funds issued and held natively across 8 blockchain networks, from Ethereum to Solana

Supporting secure deployment across many networks is central to how WisdomTree scales. Continuous security across both Ethereum and Solana gives it the assurance foundation to keep extending its platform while preserving its regulated product structure.

One Standard, Every Chain WisdomTree Ships On

A single security provider carrying context across both architectures closed the seams that fragmenting across multiple firms would have created, and gave WisdomTree one engagement model instead of several to coordinate. Integrators and counterparties receive the same assurance signal regardless of which chain a fund is issued on, giving WisdomTree the confidence to extend its tokenization platform, new standards, new compliance logic, new chains, while sustaining the trust its institutional model depends on.