Wallet Security
2 min read
Overview
Adjusted uses Privy to provide embedded wallets directly inside the application.
These wallets are non-custodial. Neither Adjusted nor Privy can access user private keys. The wallet infrastructure is designed so that no single party ever holds enough information to reconstruct a key.
Non-Custodial Embedded Wallets
Every user wallet is created and managed through Privy's embedded wallet system.
In practice, that means:
- wallets are generated inside the user's browser session
- private keys are never transmitted in full to any server
- neither Adjusted nor Privy can sign transactions on a user's behalf
- users retain sole control over their funds
This is a meaningful distinction from custodial models, where a platform holds keys and could theoretically act on them.
Key Sharding
Privy splits each wallet's private key into multiple shards distributed across independent security domains.
No single shard is sufficient to reconstruct the key. The shards are held across:
- the user's device
- Privy's infrastructure
- a hardware-backed recovery share
This means a compromise of any single domain does not expose the key. An attacker would need to simultaneously breach multiple independent systems to reconstruct a private key.
Hardware-Backed Enclaves
Privy runs sensitive cryptographic operations inside AWS Nitro Enclaves.
Nitro Enclaves are isolated compute environments with no persistent storage, no network access, and no operator shell access. They are designed so that even AWS infrastructure administrators cannot access the data processed inside them.
This is the environment where key shards are handled. It provides a hardware-enforced boundary around the most sensitive part of the wallet lifecycle.
Independent Audits
Privy's wallet infrastructure has been audited by multiple independent security firms:
- Cure53 — security assessment of the wallet and authentication stack
- Zellic — smart contract and cryptographic audit
- Doyensec — application security review
These are not internal reviews. They are third-party assessments by firms with established reputations in security research.
Compliance and Certification
Privy holds SOC 2 Type I and Type II certification.
SOC 2 Type II is particularly relevant because it evaluates whether security controls are not only designed correctly but are operating effectively over time. It covers access controls, data encryption, monitoring, and incident response.
Bug Bounty and Incident Response
Privy maintains an active bug bounty program through HackerOne, providing a structured channel for external security researchers to report vulnerabilities.
The infrastructure also includes 24/7 incident response capability, meaning security events can be detected and addressed continuously rather than during business hours only.
What This Means for Users
The wallet layer is not something Adjusted built from scratch. It delegates to infrastructure that is independently audited, compliance-certified, and designed around the principle that no single party should hold enough information to compromise a wallet.
Summary
Adjusted delegates wallet infrastructure to Privy, whose security model is built around three core ideas:
- no single party holds enough information to reconstruct a private key
- sensitive cryptographic operations run inside hardware-isolated enclaves
- the entire stack is independently audited and compliance-certified
For details on how the protocol itself handles transaction security, see Protocol Security. For a complete technical overview of Privy's security architecture, see the Privy Security Documentation. For a broader overview of Adjusted's security approach, see Security.