External audits
We name the people who verified us.
Defense
Four nets that catch mistakes before you sign.
Transaction simulation
Right before signing, every transaction is replayed on a forked chain. You see the actual balance change, not the calldata.
Forked block · ERC-20/721 decodeRecipient verification
Domain registry and audited contract list refreshed hourly and cross-checked. Lookalike addresses and unknown contracts flagged immediately.
OpenZeppelin · Circle registryDaily limit + step-up auth
Daily caps you set. Large amounts and first-time addresses require step-up auth via your second device's Passkey.
Cross-device step-up · New address blocked by defaultUnified anomaly alerts
Failed signatures, suspicious approvals, unusual withdrawals delivered as a unified feed across all your devices. Two taps to revoke a session.
Push + email real-time · Session revokeRecovery
Lose the device, keep the assets.
If one device is gone but another lives, you recover in five minutes. Lose both and a social recovery — family or friends — authorizes a new device. The starting point is different from a system that needs a 12-word piece of paper.
Tier 1 — Backup device
Register a second phone or laptop. If you lose the first, authority transfers to the new device immediately.
Tier 2 — Social recovery
Register 3–5 trusted people. If both your backup and primary are gone, a majority can authorize a new device.
Tier 3 — Cold note
An offline recovery code on paper. Last resort. Not the recommendation, the safety net.
Begin
One biometric. One wallet.
No exchange KYC. No 12-word backup. See you May 30, 2026.