# 2.2 Distributed Custody & Wallet Architecture

### MPC: Sovereign Security

The WeFi architecture is built on an onchain banking model where user funds remain fully usable through traditional financial infrastructure (such as bank transfers, cards, ATM/POS) while residing onchain. At the core of this model is a Dual-Wallet Strategy that fundamentally separates asset ownership from operational access, allowing users to choose the level of sovereignty that matches their financial intent.

### The Power of Separation

<figure><img src="/files/lyhmkK2dQP5mVK2BFEUk" alt=""><figcaption></figcaption></figure>

The architecture is designed to distinguish between who legally owns the value and who is authorized to move it for specific services.

<table><thead><tr><th width="271.8515625">Layer</th><th>Responsibility</th></tr></thead><tbody><tr><td><strong>Asset Ownership</strong></td><td>The user maintains ultimate control and legal ownership of the value.</td></tr><tr><td><strong>Operational Access</strong></td><td>Authorized parties (payment rails) are granted restricted, rule-based permission to initiate transactions.</td></tr></tbody></table>

### Fundamental Properties

Regardless of the wallet configuration chosen, the following properties remain constant across the WeFi ecosystem:

<table><thead><tr><th width="271.21875">Property</th><th>Implementation</th></tr></thead><tbody><tr><td><strong>Unique Onchain Wallets</strong></td><td>Funds are held in individual onchain wallets, never in centralized omnibus accounts.</td></tr><tr><td><strong>1:1 Backing</strong></td><td>Assets are fully backed and verifiable on the public ledger in real-time.</td></tr><tr><td><strong>No Unilateral Movement</strong></td><td>WeFi is technically incapable of moving assets without user authorization via MPC or physical signature.</td></tr><tr><td><strong>No Rehypothecation</strong></td><td>Assets are never pooled or lent out; they remain at the user-specific address.</td></tr><tr><td><strong>Configurable Spectrum</strong></td><td>Users choose their balance between daily accessibility (MPC) and sovereign cold storage (NFC).</td></tr></tbody></table>

### The Dual-Wallet Architecture

<figure><img src="/files/LFlC6UUfm3RVXuMX7X8X" alt=""><figcaption></figcaption></figure>

WeFi provides two distinct wallet types designed for different phases of the user's financial lifecycle. By offering both, WeFi delivers a "Banking UX" for daily life and a "Sovereign Vault" for long-term security.

<table><thead><tr><th width="205.42578125">Feature</th><th>Distributed Custody (MPC) Wallet</th><th>Non-Custodial NFC Wallet</th></tr></thead><tbody><tr><td><strong>Primary Intent</strong></td><td>Daily Operational Liquidity: Optimized for high-frequency banking, card spending, and income receipt.</td><td>Generational Wealth: Reserved for long-term asset preservation and high-value "cold" storage.</td></tr><tr><td><strong>Functional Analogy</strong></td><td>The Bank Account: Familiar, automated, and high-velocity.</td><td>The Private Vault: Secure, manual, and strictly personal.</td></tr><tr><td><strong>Operational Logic</strong></td><td>Regulated partners hold key shares to assist in transaction execution.</td><td>Only the physical hardware card can authorize movement of funds.</td></tr><tr><td><strong>User Experience</strong></td><td>Seamless; mirrors a standard banking app.</td><td>Highly secure; requires a physical "tap" to sign transactions.</td></tr></tbody></table>

#### 1. Distributed Custody (MPC): The Default Operational Layer

Most users interact with WeFi through a Distributed Custody Wallet powered by Multi-Party Computation (MPC). This is the default setting because it provides the "Banking UX" required for mass adoption.

#### Core Technical Components

<figure><img src="/files/qQiUanjFrIuDOppQMbC3" alt=""><figcaption></figcaption></figure>

<table><thead><tr><th width="269.55859375">Component</th><th>Role</th></tr></thead><tbody><tr><td><strong>In-App User Wallet</strong></td><td>A 2-of-2 MPC wallet where one key share is on the device and the other is in the provider infrastructure.</td></tr><tr><td><strong>Operations Layer</strong></td><td>Services (Indexer + Webhooks) that provision wallets and detect inbound transfers without possessing assets.</td></tr><tr><td><strong>Wallet Broadcast Service</strong></td><td>The backend bridge that links wallets, processes webhooks, and triggers ledger updates.</td></tr><tr><td><strong>Platform Vault</strong></td><td>Regulated cold storage (e.g., Fireblocks) for funds once a user explicitly opts into platform custody.</td></tr></tbody></table>

#### Operational Workflow: Intentional Custody

<figure><img src="/files/ExZDUv7xC5jQgaLYiPa9" alt=""><figcaption></figcaption></figure>

The system achieves a "Banking UX" without forcing premature custody. Funds remain non-custodial until the user triggers a specific financial service or deposit action.

* **Phase 0: Infrastructure Setup:** The WeFi platform automatically initializes a unique, user-specific MPC wallet destination. Key shares are generated independently and bound to the user's internal identifier.
* **Phase 1: Distributed Custody (The Default):** As funds are sent to the receive address, the operations layer indexes the chain and detects the transfer. The platform cannot move these funds without the user's explicit MPC signature.
* **Phase 2: Custody Deposit (User-Approved):** Custody only begins when a user chooses to move funds into a platform vault (e.g., for high-yield products). The system creates a transfer request, and the user approves via an MPC signature.

#### 2. Non-Custodial NFC Wallet: The Generational Wealth Layer

For users who prioritize ultimate sovereignty over convenience, WeFi offers a Non-Custodial NFC Wallet. This is designed for assets that the user intends to hold for years—not spend at a POS terminal.

* **Hardware-Based Security:** Private keys are stored on a specialized hardware card equipped with an NFC chip.
* **Physical Authorization:** To unlock the wallet or sign a transaction, the user must physically tap their card against their smartphone.
* **Zero-Platform Access:** Neither WeFi nor its partners have access to the keys on the card. This "Cold Storage" approach ensures that even in extreme scenarios, the user's generational wealth remains under their exclusive, physical control.

### Strategic Gains

| For the Platform                                                                                    | For the User                                                                                     |
| --------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ |
| **Self-Custody by Default:** Minimizes liability and regulatory overhead until custody is required. | **True Sovereignty:** A real wallet inside the app rather than a mere internal balance.          |
| **Compliance Boundary:** Establishes a clear, blockchain-recorded moment when custody begins.       | **Transparency:** A clear "approve-to-deposit" moment that mirrors familiar banking UX.          |
| **Event-Driven Backend:** Unified system for inbound detection and confirmation tracking.           | **Progressive Responsibility:** Start with MPC convenience and add hardware security when ready. |

### Strategic Comparison: Traditional vs. Distributed

<figure><img src="/files/ezi56pxc31kVHCx8O7Qn" alt=""><figcaption></figcaption></figure>

| Feature                     | Traditional Bank     | Centralized Exchange  | WeFi Distributed Custody                                             |
| --------------------------- | -------------------- | --------------------- | -------------------------------------------------------------------- |
| **Asset Location**          | Internal Bank Ledger | Centralized Omnibus   | Unique Onchain Wallet                                                |
| **Ownership**               | Bank Liability       | Exchange Liability    | User-Owned / Delegated                                               |
| **Visibility**              | Opaque               | Internal Balance Only | Verifiable Onchain                                                   |
| **Unilateral Freeze**       | Yes                  | Yes                   | No (MPC architecture requires user signature; WeFi cannot act alone) |
| **Single Point of Failure** | Yes                  | Yes                   | No (Distributed MPC)                                                 |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gitbook.wefi.co/the-architectures-of-wefi/2.2-distributed-custody-and-wallet-architecture.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.