2.2 Distributed Custody & Wallet Architecture
MPC: Sovereign Security
The WeFi architecture is built on an onchain banking model where user funds remain fully usable through traditional financial infrastructure (such as bank transfers, cards, ATM/POS) while residing onchain. At the core of this model is a Dual-Wallet Strategy that fundamentally separates asset ownership from operational access, allowing users to choose the level of sovereignty that matches their financial intent.
The Power of Separation
The architecture is designed to distinguish between who legally owns the value and who is authorized to move it for specific services.
Asset Ownership
The user maintains ultimate control and legal ownership of the value.
Operational Access
Authorized parties (payment rails) are granted restricted, rule-based permission to initiate transactions.
Fundamental Properties
Regardless of the wallet configuration chosen, the following properties remain constant across the WeFi ecosystem:
Unique Onchain Wallets
Funds are held in individual onchain wallets, never in centralized omnibus accounts.
1:1 Backing
Assets are fully backed and verifiable on the public ledger in real-time.
No Unilateral Movement
WeFi is technically incapable of moving assets without user authorization via MPC or physical signature.
No Rehypothecation
Assets are never pooled or lent out; they remain at the user-specific address.
Configurable Spectrum
Users choose their balance between daily accessibility (MPC) and sovereign cold storage (NFC).
The Dual-Wallet Architecture
WeFi provides two distinct wallet types designed for different phases of the user's financial lifecycle. By offering both, WeFi delivers a "Banking UX" for daily life and a "Sovereign Vault" for long-term security.
Primary Intent
Daily Operational Liquidity: Optimized for high-frequency banking, card spending, and income receipt.
Generational Wealth: Reserved for long-term asset preservation and high-value "cold" storage.
Functional Analogy
The Bank Account: Familiar, automated, and high-velocity.
The Private Vault: Secure, manual, and strictly personal.
Operational Logic
Regulated partners hold key shares to assist in transaction execution.
Only the physical hardware card can authorize movement of funds.
User Experience
Seamless; mirrors a standard banking app.
Highly secure; requires a physical "tap" to sign transactions.
1. Distributed Custody (MPC): The Default Operational Layer
Most users interact with WeFi through a Distributed Custody Wallet powered by Multi-Party Computation (MPC). This is the default setting because it provides the "Banking UX" required for mass adoption.
Core Technical Components
In-App User Wallet
A 2-of-2 MPC wallet where one key share is on the device and the other is in the provider infrastructure.
Operations Layer
Services (Indexer + Webhooks) that provision wallets and detect inbound transfers without possessing assets.
Wallet Broadcast Service
The backend bridge that links wallets, processes webhooks, and triggers ledger updates.
Platform Vault
Regulated cold storage (e.g., Fireblocks) for funds once a user explicitly opts into platform custody.
Operational Workflow: Intentional Custody
The system achieves a "Banking UX" without forcing premature custody. Funds remain non-custodial until the user triggers a specific financial service or deposit action.
Phase 0: Infrastructure Setup: The WeFi platform automatically initializes a unique, user-specific MPC wallet destination. Key shares are generated independently and bound to the user's internal identifier.
Phase 1: Distributed Custody (The Default): As funds are sent to the receive address, the operations layer indexes the chain and detects the transfer. The platform cannot move these funds without the user's explicit MPC signature.
Phase 2: Custody Deposit (User-Approved): Custody only begins when a user chooses to move funds into a platform vault (e.g., for high-yield products). The system creates a transfer request, and the user approves via an MPC signature.
2. Non-Custodial NFC Wallet: The Generational Wealth Layer
For users who prioritize ultimate sovereignty over convenience, WeFi offers a Non-Custodial NFC Wallet. This is designed for assets that the user intends to hold for years—not spend at a POS terminal.
Hardware-Based Security: Private keys are stored on a specialized hardware card equipped with an NFC chip.
Physical Authorization: To unlock the wallet or sign a transaction, the user must physically tap their card against their smartphone.
Zero-Platform Access: Neither WeFi nor its partners have access to the keys on the card. This "Cold Storage" approach ensures that even in extreme scenarios, the user's generational wealth remains under their exclusive, physical control.
Strategic Gains
Self-Custody by Default: Minimizes liability and regulatory overhead until custody is required.
True Sovereignty: A real wallet inside the app rather than a mere internal balance.
Compliance Boundary: Establishes a clear, blockchain-recorded moment when custody begins.
Transparency: A clear "approve-to-deposit" moment that mirrors familiar banking UX.
Event-Driven Backend: Unified system for inbound detection and confirmation tracking.
Progressive Responsibility: Start with MPC convenience and add hardware security when ready.
Strategic Comparison: Traditional vs. Distributed
Asset Location
Internal Bank Ledger
Centralized Omnibus
Unique Onchain Wallet
Ownership
Bank Liability
Exchange Liability
User-Owned / Delegated
Visibility
Opaque
Internal Balance Only
Verifiable Onchain
Unilateral Freeze
Yes
Yes
No (MPC architecture requires user signature; WeFi cannot act alone)
Single Point of Failure
Yes
Yes
No (Distributed MPC)
Last updated