Lido V3 & Cactus: Accessing stVaults via Cactus Link

in Lido V3 by Lido

Cactus Custody, an institutional digital asset custodian, now supports Lido V3 stVaults through Cactus Link, its DeFi connector. Cactus Custody clients can create and manage stVaults from their existing custody account.

Cactus Custody is the institutional digital asset custody solution of BIT (formerly Matrixport), founded in February 2019. The platform safeguards digital assets across 60+ blockchain ecosystems for over 400 institutional clients, including investment funds and asset managers, exchanges, OTC providers, payment platforms, mining pools, and institutional DeFi participants.

Cactus Custody holds a Hong Kong Trust or Company Service Provider (TCSP) license and a Bhutan Gelephu Mindfulness City Authority (GMCA) Financial Services Licence (FSL), with SOC 1 Type II and SOC 2 Type II attestations (Deloitte) covering its custody operations. Its architecture combines HSM-backed cold storage with an institutional MPC offering, giving clients a choice between qualified-custodian and self-custody-style configurations.

Cactus Custody is one of the Qualified Custodians supporting stVaults, Lido protocol's modular staking infrastructure. stVaults introduce a single-operator architecture that enables large staking entities (including institutions, ETFs, ETPs, and asset managers) to deploy dedicated, customizable vaults with control over validator choice, fee terms, and infrastructure, while retaining on-demand liquidity through optional stETH minting.

Compared to pooled staking approaches, stVaults are designed to address the control-versus-liquidity tradeoff, enabling stakers to run validators with their chosen counterparty, define geographic or jurisdictional parameters, and configure MEV routing and insurance mandates to meet specific internal risk and policy requirements.

 

 

The integration builds on Cactus Custody’s existing support for stETH and wstETH. Institutions holding Lido liquid staking tokens in custody can now combine them with stVault operations and other DeFi protocols accessible through Cactus Link.

 

 

How It Works

The connection runs through Cactus Link, a browser extension that operates similarly to a standard hot wallet. Setup is two steps:

  1. Install the Cactus Link extension and confirm DeFi account permissions with the Cactus Custody administrator.
  2. In the stVaults Web UI: click 'Connect Wallet', then 'Browser' in the dialog window.

Once connected, vault owners can create stVaults and perform day-two operations: supplying or withdrawing ETH, minting or repaying stETH, monitoring vault health, triggering rebalancing or closure, and following emergency procedures. 

Full setup steps are in the Cactus Custody user guide.

Administrators must whitelist the stVaults smart contract addresses before interaction; the address list is available in the Qualified Custodians overview.

This flow is for vault owners: institutions that want to create and operate their own vault.

Support varies by jurisdiction, entity, and onboarding scope. Before creating a vault, teams should confirm availability and policy settings with their Cactus account manager.

 

Security & Risk

Standard Ethereum staking risks apply — for the full breakdown, see Lido's Risk Assessment Framework for stVaults

The following measures have been implemented to support the security of Lido V3*:

  • Smart contracts. Lido V3 stVaults smart contracts have undergone audits by Certora (including formal verification), MixBytes, Consensys Diligence, Composable Security, Ackee Blockchain, and Sigma Prime. An ongoing Immunefi bug bounty offers white hats up to $2M in rewards.
  • Custody-side controls. Interactions with stVaults contracts are performed via Cactus Link.
  • Built-in operational controls. stVaults’ design allows Vault Owners to end-to-end control the funds in the vault: supply/withdraw ETH, mint/repay stETH, monitor the vault health parameters and metrics, trigger ETH withdrawals from validators, perform rebalancing and vault closure or disconnect from the Lido protocol (Web UI support for these actions arriving in early Summer 2026).

* Audits, bug bounties, and operational controls are intended to reduce but do not eliminate underlying protocol or market risks. Additional risks may remain or be unidentified.

For institutions, the key point is that stVaults can be operated with a familiar security model: on-chain actions may be gated by your existing Cactus Custody policies, while Lido V3 contracts have undergone audits and include clearly defined emergency procedures. Teams should still run their own diligence on smart-contract, operational, and regulatory risks, and ensure internal approvals and monitoring are in place before going live.

Book a call with the Lido Institutional team for further details.

 

Further Reading

The information provided in this blog is for informational purposes only and reflects our views and understanding at the time of writing. The content does not constitute professional advice of any kind, including but not limited to legal, financial, investment, or regulatory advice.

Readers should not rely solely on the information presented here, and are strongly encouraged to conduct their own independent research and consult with qualified professionals before making any decisions based on the content.

Telegram | Discord | Twitter | Lido.fi

© Lido . All rights reserved