Accelerating Brave Rewards with secure processing using AWS Nitro Enclaves

Brave is a technology company that built its own browser and search engine with a privacy-first philosophy. The browser blocks invasive ads, but its unique rewards give users the option to view privacy-preserving ads in exchange for Basic Attention Tokens, which can be redeemed on blockchain or transferred through third-party custodians.

For years, the critical steps of that payout process were handled by a small set of authorized personnel operating from dedicated systems. “We had three physical laptops that were stored in safes in various locations,” says Jackson Egan, senior staff engineer at Brave. “They could be accessed by authorized individuals for this purpose before being shut down and put back in the safe.” That setup came with many risks, including hardware failures, single-person access, and fragile remote workflows that made the process vulnerable.

Most importantly, the company believes that users shouldn’t have to trust Brave blindly. The team wanted a way for Brave users and partners to cryptographically verify that the backend was running approved software and that signing keys were used correctly. That requirement shaped the decision to build a verifiable computing pipeline using AWS Nitro Enclaves, an Amazon Elastic Compute Cloud (Amazon EC2) capability that creates isolated compute environments where the payout code can run unmodified and be attested to. Because payouts are settled on a public chain, the goal was to grant the ability to attest that the correct version of the promised code was running for every payout.

AWS Nitro Enclaves presented the Brave team with a way to migrate its manual process into an environment built for isolation. At its core, Brave packages its payout program and runs it inside an AWS Nitro enclave on an Amazon EC2 instance. This step is critical: Because the enclave creates a verifiable boundary around the payout code, not even root or admin users on the Amazon EC2 instance can access or SSH into the enclave. That’s because the AWS Nitro System is the security backbone of AWS, and not even the most privileged administrators can access a customer’s workloads or data running on Amazon EC2 instances.

The attestation document, which is signed by the Nitro Hypervisor, attests to the identity of the enclave and the integrity of the binary in the enclave. Only after verifying that the measurements in the attestation document match against the preset key policy does AWS Key Management Service (AWS KMS)—which manages keys used to encrypt data—release the signing keys for payouts. Brave rotates those keys monthly and enforces a multioperator approval model so that no single person can run a payout alone. “One operator can’t run a payment,” says Egan. “It requires multiple operators. So, it is verifiable every single step of the way.”

Brave deploys enclaves using Amazon Elastic Kubernetes Service (Amazon EKS), a service to build, run, and scale production-ready Kubernetes applications across any environment. The clusters span development, staging, and production, giving teams a safe way to promote code before it touches real payouts. Audit records are written to Amazon Simple Storage Service (Amazon S3) Object Lock, which provides data protection from ransomware events with object-level immutability to protect objects from accidental or malicious deletions and overwrites.

The rollout was deliberately cautious, and testing was extensive. “We had an extremely high bar for what we would consider production ready,” says Egan. With a fully attested, isolated, and auditable payout process, Brave now believes its security posture exceeds that of many established players in digital finance. “We exceed industry standards right now,” says Egan. “Our workflow is more auditable and secure than many crypto exchanges that do this daily. We intentionally went above and beyond for transparency.”

The redesigned pipeline transformed Brave’s monthly settlement process, strengthened transparency across the workflow, and bolstered its customer satisfaction. Each payout run, which used to take about 2 weeks to complete, now finishes in roughly 25 minutes, including preparation, attestation, and approvals. The system handles about 10,000 transactions per minute today, with the capacity to scale further. Those gains have eliminated late payments, reduced costs, and simplified operations.

Auditability and transparency improved as well. Brave uses reproducible builds—software that compiles the same way every time—with enclave attestation to prove exactly which version of its code is running. Controls such as Amazon S3 Object Lock, monthly key rotation, and multioperator approvals strengthen governance and make the payout process verifiable for both internal review and external compliance.

Brave plans to apply the same approach to other sensitive services and upcoming Web3 wallet features. “Part of what we’re trying to do is move the industry,” says Egan. “Using AWS Nitro Enclaves, we’re showing that it’s possible to provide user security and privacy and still accomplish all business goals.”