Independent Verification

Verify the record, in your browser.

Every position we publish is signed. Your browser fetches the record from a public source, confirms each signature, and checks the chain is unbroken. No Montblanc server is involved at any point.

Run Audit

Execution takes approximately 30 seconds for the last 30 days.

Signature & chain check

Ready when you are.

The Mechanism

Five steps. All run in your browser.

  1. 01

    Your browser fetches the record from a public source

    No Montblanc server involved. Your machine downloads the published record directly.

  2. 02

    The public verification key is retrieved alongside it

    The verification key is held in the same public source. Every change to it is visible in the history.

  3. 03

    Each day's signatures are checked locally

    Your browser's built-in cryptography verifies every signature against the public key. The check runs on your machine, nowhere else.

  4. 04

    Chain integrity confirmed

    Each day's fingerprint must include the previous day's. Altering any entry breaks every subsequent link. Any break is detected.

  5. 05

    Result displayed, nothing transmitted

    We never see your verification request. The only way we know it happened is if you tell us.

The full specification follows below.

For engineers

The full specification.

01

The ledger

An append-only chain of signed daily entries.

Each day's entries are written to a JSON file at ledger/YYYY/MM/DD.json in the public montblanc-ledger repository. Two entry types appear: credit — daily production accrued to a client's pseudonymous wallet ID — and debit — monthly on-chain settlement to that client's hardware wallet, referencing the Bitcoin transaction ID. Each entry is individually Ed25519-signed; the day file as a whole is signed over its SHA-256 day hash, the previous day's hash, and the Merkle root of the entries.

The files are append-only in practice, not just by convention: changing any byte in a past entry changes its day hash, which breaks every subsequent entry's previous_hash pointer. A broken chain is trivially detectable.

A client's accrued balance at any moment is sum(credits) − sum(debits) against their wallet ID — independently verifiable from the public ledger alone.

ledger/2026/05/16.json (abridged)View on GitHub 
{
  "date": "2026-05-16",
  "previous_hash": "f8e7d6c5b4a3210987654321fedcba09...",
  "entries_count": 5,
  "merkle_root":   "be086455a2aaa06fac434646a90d1ba6...",
  "entries": [
    {
      "id": "9c1f...e0",
      "wallet_id": "mb_7f3a2b...c4d8",
      "type": "credit",
      "amount_btc": "0.00032581",
      "date": "2026-05-16",
      "source": "daily_mining_earnings",
      "ref": "daily_mining_earnings:2026-05-16",
      "signature": "w91bJ8S/kDDhaCvmKyShtA5e..."
    },
    {
      "id": "4a2e...d1",
      "wallet_id": "mb_7f3a2b...c4d8",
      "type": "debit",
      "amount_btc": "0.13742891",
      "date": "2026-05-16",
      "source": "monthly_settlement",
      "ref": "monthly_settlement:f1c9d2...a0b3",
      "signature": "Hx7kQ9mP2vR4wY8nL5jF3tB6dA0sKc1U..."
    }
    /* ... remaining entries ... */
  ],
  "day_hash":  "a1f1e3d912f26d6ec7d2a4c86754ea7f...",
  "signature": "PvQ2nE9rL8tM4yC1wK6jB3sH7dF0gI5oZ..."
}

02

Ed25519 signatures

One key pair. Public half in the repo.

Every daily entry, every individual credit, and every settlement debit is signed with the same Ed25519 private key. The matching public key is SPKI-encoded and committed to the ledger repository at /pubkey.pem. Git history shows every change to that file — rotations, if they ever happen, are audit-visible.

The key is published in the same repository as the ledger, not on this website. This removes our infrastructure from the verification trust path — a careful auditor doesn't need to trust montblanc-capital.com to verify the record, only GitHub.

Signature verification in the browser uses the native SubtleCrypto.verify() API with the Ed25519 algorithm (available in Chrome 113+, Safari 17+, Firefox 130+). No third-party library is required. The audit runner in the section above uses exactly this path.

The day hash is SHA-256(canonical_json(entry_without_signature)). The Merkle root is computed over the individual entry signatures. Both are signed together in the outer day-level signature.

pubkey.pemView on GitHub 
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAvC+eYyxWwUuDOhnvkIpOZz2uzx0B1w758mFd0jExcKo=
-----END PUBLIC KEY-----

Ed25519 public key · matches /pubkey.pem in the ledger repository

03

Infrastructure

Industrial mining, owned and operated.

The firm owns and operates mining facilities in the UAE and Northern Europe. Hardware is standardised on modern ASICs at ~16 J/TH efficiency. Cooling is industrial — direct immersion in the Northern Europe facility, forced-air with evaporative pre-cooling in the UAE. Power is contracted directly with utilities at industrial rates; no third-party hosting providers sit in the middle of the ownership chain.

Mining is conducted through ViaBTC pool. Pool payouts flow to a Montblanc-controlled working wallet. Each day a reconciler computes each client's allocated production from the pool's reported earnings and writes a signed credit entry to the ledger against the client's pseudonymous wallet ID. On the 16th of each month, accrued balances are settled on-chain to each client's own hardware-wallet address; every confirmed transaction produces a signed debit entry referencing the Bitcoin transaction ID.

04

Security model

Pseudonymous by design. No PII in the ledger.

The ledger contains pseudonymous wallet IDs, not names, not emails, not addresses. Even with full read access, an outside observer cannot identify any individual client. PII is held in the firm's operational database, never written to the public record.

Authentication on the dashboard uses short-lived access tokens with refresh rotation. Passwords are argon2id-hashed. Session cookies are HttpOnly + Secure + SameSite=Lax. Client settlement destinations are not self-serve: each client's payout address is recorded once during the live onboarding session and tied to the mandate; address changes require operator review through a separate signed process.

The verification runner on this page does not send any data about your audit back to Montblanc. The only way we learn that an audit happened is if you tell us.

05

End-to-end flow

Daily accrual, monthly settlement.

Daily. After UTC midnight, the reconciler reads the previous day's pool earnings from ViaBTC, allocates them across client wallet IDs by contracted hashrate share, writes the signed credit entries to the ledger, and commits the day file to the public GitHub repository. The accrued BTC remains in the Montblanc working wallet until the next settlement.

Monthly, day 16. Each client's accumulated balance is settled on-chain to their own hardware-wallet address — registered live with the client during the initial onboarding session and recorded against the mandate. The transaction is signed by the working wallet under code-enforced policy (whitelisted destinations only, per-transaction and per-batch caps, manual operator approval gate) and broadcast via the public Bitcoin network. Each confirmed transaction produces a signed debit entry in the ledger referencing the on-chain transaction ID.

The accrual sits in a Montblanc-controlled working wallet between settlements; this is honestly disclosed. Once a monthly settlement transaction confirms, the BTC is in the client's own wallet — outside the firm's reach. The full chain — pool earnings, daily credits, on-chain settlement, the resulting debit — is independently auditable through the public ledger + the Bitcoin blockchain.

Inspect the full ledger repository