Security

If you are going to trust this wallet with real money, you deserve to know exactly what is protecting it — and where the sharp edges are. This is the honest version: what keeps you safe, what is on you, and how to report a problem.

If you are going to trust this wallet with real money, you deserve to know exactly what is protecting it — and where the sharp edges are. This is the honest version: what keeps you safe, what is on you, and how to report a problem.

The one idea everything rests on#

Only the wallet itself can sign. Nothing else — not the command line, not a script, not an AI agent — can move money on its own. They can all ask; the wallet is the only thing that can act, and it only acts when your rules and your approvals say so.

That single boundary is what the rest of this page is built on:

  • Nothing gets in without a key. Every request has to present a token. There is no anonymous back door.
  • No single approver can move funds. By default a transaction needs two approvals, one from a person — and an AI or a bot is held to a stricter standard than a human before its approval even counts.
  • You cannot be tricked into approving one thing and sending another. Your approval is locked to the exact reviewed transaction; change it and the approval dies.
  • A transaction that looks unsafe, or that the wallet cannot fully understand, does not go through on a machine's say-so. When in doubt, it stops and waits for a person.
  • The history cannot be quietly rewritten. Every action is chained to the one before it, so a tampered record breaks the chain.

None of these are switches you turned on. They are how the wallet starts.

What protects your keys#

  • Your keys are encrypted on disk with strong, modern cryptography, and only decrypted into the wallet's memory while you are actively unlocked.
  • On Mac and Linux the wallet keeps its folder and secret files private automatically.
  • Locking — whether you do it, the idle timer does it, or a restart does it — wipes the decrypted keys back out of memory.
  • If the key file on disk is ever swapped or rolled back, the wallet notices on startup and refuses to unlock rather than run with the wrong keys.

Habits worth keeping#

  • Keep your wallet folder private; do not copy token files into shared or world-readable places.
  • One token per tool. Rotate a token if you suspect it leaked; revoke anything you no longer use. Give each token the smallest set of permissions that does its job — see Tokens & permissions.
  • Never give an AI agent the power to approve or send. Drafting is fine; deciding is yours.
  • If you downloaded a release rather than building it, check it is genuine before running it (shasum -a 256 --check SHA256SUMS).
  • For real money on a real network, prefer your own node over the shared public ones that ship for convenience.
  • Put your second approver on a different device — a phone, another laptop — so a single stolen machine still cannot approve alone.

Everything is written down#

Every meaningful action — creating the wallet, unlocking, drafting, approving, signing, sending, admin changes — is recorded in the tamper-proof history. Read it any time:

terminal
wallet audit list

If you ever need to prove the history has not been altered, it can be verified independently.

The honest boundaries#

  • This is open-source software provided as-is. You run it on hardware you trust, after checking that what you installed is genuine. There is no warranty.
  • Transactions are permanent. The plain-English review before every approval exists precisely because there is no undo — read it, especially when an agent drafted the transaction.
  • Lose both your recovery phrase and your wallet folder and the money is gone. No one, including us, can bring it back. That is the deal with holding your own keys.

Found a security problem?#

Report it privately through the contacts in the project's SECURITY.md — please do not open a public issue for a security finding. If it involves a wallet you do not own, get written permission before testing; this software runs on people's own machines, and poking at someone else's is not okay without consent. The threat model and past security reviews live in the repository under docs/threat-model/ and docs/audits/.