Get early access ↗
SECURITY · NO TRUST REQUIRED

Is Bad Wallet safe?

Fair question — you should ask it of any wallet. Here’s exactly how Bad Wallet protects your Bitcoin, in plain English, with nothing hand-waved.

Bad Wallet is non-custodial. Your keys and your coins live on your device. We never hold them — which means we can’t lose them, freeze them, or hand them over.

The questions everyone asks

Do I have to give you my seed phrase?

No — and we’ll never ask. Your seed phrase and the private keys it unlocks are generated and kept on your device. It never travels to our servers; there’s no field to type it into on our side, because we never want it.

Then what do you actually store?

Almost nothing. To talk to our servers your app derives a separate identity key — on its own path, walled off from the keys that hold your coins — and the matching public key acts as a pseudonymous username. That’s all we see. No name, no email, no phone, no ID. No KYC.

Could a hacker drain my wallet through your servers?

No. The key that authenticates you to our servers is deliberately not the key that controls your funds — different derivation paths, never mixed. Even if our servers were fully breached, there are no private keys and no coins there to steal. We can’t move your Bitcoin, and neither can anyone who breaks in.

How do you keep accounts secure with no passwords?

Every request your app makes is signed with your identity key — the same secp256k1 cryptography Bitcoin itself uses — and stamped with a timestamp and a one-time number. Our servers verify the signature, reject anything replayed or stale, and require a small proof-of-work so bots and abuse get expensive fast. No password to phish, no account to breach.

What if I lose my phone?

Your seed phrase is your backup — store it safely and you can restore your wallet on any device. Because we don’t hold your keys, a lost phone never means lost coins. Heading somewhere risky? Bad Wallet supports decoy wallets.

Decoy wallets, explained →

Can I verify any of this myself?

Yes — that’s the whole point. The Bitcoin engine that handles your keys and signs your transactions is open source. Don’t trust us; read it. The client apps go open source when the beta opens.

github.com/Sour-Labs/btc-wallet-kmp ↗
For the technically curious

A five-step gate runs before any request is processed: (1) a ±120-second time window, (2) per-route proof-of-work, (3) a replay cache keyed to your public key, timestamp and nonce, (4) ECDSA signature validation (DER encoding, low-S), and (5) per-key rate limiting. Your API identity is derived at a hardened path (m/2026'/0'/0') kept separate from the BIP-44/84/86 paths that hold your funds — so compromising one can never expose the other.

Read the full security protocol →

Don’t trust. Verify.

That’s the whole idea behind Bitcoin — and behind Bad Wallet.