Skip to content
Tesseract

Dedicated Client Vaults.

On-chain yield, compliant by design. Each client’s capital sits in their own vault, managed by Tesseract Investment Oy under a MiCA-authorized discretionary portfolio management mandate.

Talk to the Vaults teamSee how it works →
Regulatory status
MiCA-Authorized
CASP · Tesseract Investment Oy
Architecture
Per-client segregation
One client, one vault
Security certifications
ISO 27001 · SOC 2
Security certifications
Trusted by
21Shares

The problem

The reality of vaults today.

Institutional capital wants access to DeFi yield. The problem has never been the returns. It’s been the structure.

Ungated access

No verification

KYCAMLSuitability

Most vaults accept deposits with no identity verification.

↓ Deposit
Pooled vaultCommingled

Three wallets, one shared balance. Client assets are pooled: one operator, one strategy, shared exposure.

No regulated operator
↓ DeployFungible tokens ↑

DeFi ecosystem

Capital deployed into lending and yield venues. Depositors receive fungible, transferable tokens.

Ungated · Commingled · Unlicensed · Securities-like

  • 01

    Inadequate KYC/AML

    Most vaults accept deposits with no identity verification, sanctions screening, or suitability assessment. Anyone can deposit — incompatible with how a regulated product is required to onboard clients.

  • 02

    Pooling

    Most vaults pool client assets with multiple depositors in the same smart contract, sharing counterparty exposure. Combine that with an operator making discretionary decisions about where capital goes, and the arrangement starts to look like a collective investment scheme under AIFMD.

  • 03

    Unlicensed Management

    Strategy selection, rebalancing, and deployment across DeFi venues constitutes portfolio management. That is a regulated activity requiring authorization which most vault operators and curators are not authorized to provide.

  • 04

    Transferable Shares

    Fungible vault shares can resemble fund units or securities under AIFMD and MiFID II. That can trigger additional obligations around registration, disclosure, and legal characterization.

The solution

Purpose-built segregated vaults, individually managed under MiCA.

Each vault is assigned to a single client and managed by Tesseract Investment Oy, a MiCA-authorized CASP, under an individual discretionary mandate. Assets are never co-mingled.

Onboarding

Verification & eligibility

KYCAMLSuitabilitySumsub
↓ Verified client

Client

Each client maps to one dedicated vault

↓ AssetsVault token ↑
Asset ManagementMiCA Authorized CASP

Managed by Tesseract Investment Oy

Dedicated vault

Per-client · Segregated

ExecutionStrategy LogicRisk GovernanceReporting
↓ DeployYield + reporting ↑
Vetted DeFi Venues
AaveAave
MorphoMorpho
CompoundCompound
EulerEuler

Powered byIPOR FusionPer-client segregation

Ready to allocate?

Talk to our team about onboarding, vault configuration, and timeline.

Talk to the Vaults team
  • 01

    Gated Onboarding

    Every client clears KYC, AML, and suitability checks — verified through Sumsub — before a vault is funded. Onboarding is a prerequisite, not an afterthought.

  • 02

    One Client, One Vault

    Each vault is a distinct on-chain deployment assigned to a single client: a separate smart contract with its own address, positions, and risk exposure. Segregation is enforced at the smart-contract level.

  • 03

    MiCA-Authorized Portfolio Management

    Tesseract Investment Oy is authorized under MiCA to provide custody and administration, portfolio management, and transfer services. Each vault is managed as a discretionary portfolio management service within the scope of that authorization.

  • 04

    Non-Transferable Tokens

    Vault tokens represent a balance, not a derivative and not a fund unit. They are non-transferable with no secondary market, no fungible shares. The securities classification question that creates problems for pooled vaults does not arise.

Vault products

Four vaults across stablecoin and major-asset risk profiles.

  • USDC

    Conservative
    5–6%*Target APY

    Pure lending strategy, no leverage

    Get in touch →

  • USDC

    Advanced
    7–12%*Target APY

    Lending + carry strategies, includes controlled leverage

    Get in touch →

  • wETH

    Advanced
    4–5%*Target APY

    Carry and staking strategies, includes controlled leverage

    Get in touch →

  • wBTC

    Advanced
    2–4%*Target APY

    Carry strategies, includes controlled leverage

    Get in touch →

* Gross target rates only. Based on historical performance and current market conditions. Rates are not guaranteed and may vary. Past performance is not indicative of future results. This does not constitute investment advice. Crypto-assets are not covered by investor compensation or deposit guarantee schemes.

FAQ

DeFi Vault FAQs

  • What is a Dedicated Client Vault?

    A Dedicated Client Vault is functionally equivalent to a Separately Managed Account (SMA) in traditional asset management. Each client has a single dedicated on-chain structure run under their own mandate. Your assets sit in your own vault and are never co-mingled with those of other clients. Vaults are individually managed by Tesseract Investment Oy, a MiCA-authorized CASP. The vault infrastructure is built on IPOR Fusion's audited Plasma Vault architecture.

  • How do I get started?

    Book a call with our team to discuss your requirements, risk profile, and timeline. We'll guide you through KYC/KYB onboarding, vault configuration, and asset transfer.

  • How is asset segregation enforced?

    Each vault is a dedicated smart contract instance assigned to one client. There is no shared pool. Your assets, your returns, and your risk exposure are attributable solely to your vault. Segregation is enforced at the smart-contract level.

  • What DeFi venues are used?

    Vaults are deployed across a curated set of audited lending and yield protocols. Tesseract's risk team selects and monitors all venues for security, liquidity, and concentration risk. Specific protocol allocations vary by vault strategy and market conditions.

  • What reporting and transparency do I receive?

    You receive monthly reports covering yield, deployment allocation, fees, and any vault actions taken during the period. Dashboard access provides real-time visibility into your vault balance and performance.

  • How is a Dedicated Client Vault different from a fund?

    A fund pools capital from multiple investors into a shared portfolio. A Dedicated Client Vault does neither. Each vault is a single smart contract assigned to one client. There is no pooled capital, no shared portfolio, and no fungible units. Vault tokens are non-transferable. They represent a balance in your vault. They are not shares in a collective scheme. Tesseract Investment Oy operates each vault individually under MiCA CASP authorization, separate from any fund management license.

  • Where do my assets sit and who can move them?

    Your assets are allocated to a dedicated on-chain vault structure associated with your account. While assets are deployed into DeFi protocols to generate yield, they remain owned by your vault at all times. Tesseract operates the vault and has the technical ability to move assets between the vault and approved protocol addresses (e.g. DeFi smart contracts) in order to implement the agreed investment strategy. This includes deploying, rebalancing, and withdrawing positions. All protocol interactions are restricted to whitelisted protocols, governed by Tesseract's internal controls and governance processes. Withdrawals from the dedicated client vault to external wallets can only be made to your own wallet address that you have whitelisted. All transactions are recorded on-chain and auditable.

  • What happens if a DeFi protocol is exploited?

    Tesseract's risk team monitors all deployed venues 24/7. Position health is checked automatically every 60 seconds; positions auto-deleverage when key risk thresholds are breached. The team also tracks venue-level security signals including TVL changes, governance proposals, and smart contract anomalies, and wallets are continuously screened via TRM Labs. Vaults are deployed only to established lending protocols, with smart-contract audits by Omniscia and Certik, and protocol selection is governed by a formal whitelisting process with multi-signature approval. Smart contract risk cannot be eliminated. DeFi lending involves inherent protocol-level risks that differ from traditional counterparty risk, and clients should understand this distinction.

  • What custodians are supported?

    Dedicated Client Vaults work with your existing custody setup. No migration required. You connect via your custodian’s wallet (WalletConnect or similar). Your custodian may need to whitelist the vault contracts, but beyond that there’s no implementation on your side. For custodians who want visibility into vault performance, a reporting API is available. We support multiple custodians across different vault instances for the same client.

  • How is yield generated on stablecoin vaults?

    Returns are generated through active portfolio management. Tesseract deploys stablecoins into DeFi lending protocols and liquidity venues. Yield derives from protocol-level activities including borrower interest, trading fees, and liquidity incentives. This is not interest on the stablecoin itself and is not related to the stablecoin issuer's reserve management. Returns are variable and performance-dependent.

Regulatory clarity

The Dedicated Client Vault is a discretionary portfolio management service provided by Tesseract Investment Oy, authorized as a CASP under MiCA by Finland’s Financial Supervisory Authority (FIN-FSA). On-chain yield vaults involve significant risks, including smart contract vulnerabilities and liquidity risk. Dedicated Client Vaults are not regulated financial instruments.

  • Regulated under MiCA
  • FIN-FSA supervised
  • Authorized CASP