Self-Custody & Security - Stabil Wallet

How Keys Are Managed

Custodial

You → Company Server
holds your keys → Blockchain

Company can freeze, access, or lose your funds

Self-Custody (Stabil)

You
hold your keys → Blockchain

Only YOU control your funds — no intermediaries

You Hold the Keys

In a self-custody wallet, your private keys are generated on your device, encrypted on your device, and never transmitted to any server. Unlike exchanges like Coinbase or Binance that hold your keys for you — and can freeze your account, get hacked, or go bankrupt — Stabil gives you complete sovereignty over your assets.

Your keys are generated locally using cryptographic randomness
Private keys are encrypted with AES-256-GCM before storage
Keys exist in memory only during signing, then destroyed
No server ever sees your mnemonic or private keys
No account registration required — fully anonymous
You can export and backup your keys anytime

Architecture

4-Tier Security Architecture

Defense in depth — every layer is hardened.

Tier 1

iOS Keychain (Hardware-Backed)

// Tier 1: Hardware-Backed Keychain
KeychainService.store(
  data: encryptedMnemonic,
  key: "wallet.mnemonic.{id}",
  accessLevel: .whenUnlockedThisDeviceOnly
)
// ✓ Backed by Secure Enclave
// ✓ Excluded from all backups
// ✓ Requires device unlock

Stores AES-256 encryption keys, PIN hash, and encrypted mnemonics. On modern iPhones, hardware-backed via the Secure Enclave — a separate processor that never exposes raw key material to the OS.

Tier 2

Encrypted Database

// Tier 2: GRDB + SQLCipher
DatabaseManager.initialize(
  passphrase: keychain.getDatabaseKey()
)
// Wallet metadata, addresses, balances
// Transaction history, contacts
// All encrypted at rest with AES-256

All wallet data is encrypted at rest using SQLCipher. The database passphrase is stored in Tier 1 (Keychain), so even if someone extracts the database file, they cannot read it without the hardware-protected key.

Tier 3

UserDefaults (Non-Sensitive Only)

// Tier 3: Only non-sensitive preferences
UserDefaults.standard.set("dark", forKey: "theme")
UserDefaults.standard.set("USD", forKey: "currency")
// ✗ NO private keys
// ✗ NO balances
// ✗ NO addresses

Only user preferences like theme, currency, and display settings are stored in UserDefaults. No sensitive data of any kind is ever written to this unencrypted storage layer.

Tier 4

Memory Only (Zero Persistence)

// Tier 4: Keys live ONLY in memory
func signTransaction(mnemonic: MnemonicPhrase) {
  let wallet = HDWallet(mnemonic: mnemonic) // created
  let signed = wallet.sign(transaction)      // used
  // wallet deallocated here — key gone forever
  return signed
}
// ✓ Private keys NEVER written to disk
// ✓ Destroyed immediately after use

Private keys and HD wallet instances are created in memory only for the brief moment of signing. Once the transaction is signed, the key material is deallocated and ceases to exist anywhere.

Derivation

From Seed to Signature

How your 12 words become blockchain addresses.

1

12/24 Words BIP-39 Mnemonic

→

2

512-bit Seed PBKDF2-HMAC-SHA512
2,048 iterations

→

3

Master Key HMAC-SHA512 with
“Bitcoin seed”

→

4

Child Keys BIP-44 derivation paths

m/44'/60'/0'/0/0 → Ethereum
m/84'/0'/0'/0/0 → Bitcoin
m/44'/501'/0' → Solana
m/44'/195'/0'/0/0 → TRON
+ 17 more chains...

→

5

Addresses Public keys →
blockchain addresses

Your mnemonic phrase is the ONLY thing you need to recover all your wallets across all 21 supported chains.
Guard it carefully — anyone with your 12 or 24 words has full access to your funds.

Authentication

PIN & Biometric Protection

Multiple layers of authentication before any sensitive operation.

PIN Security

// PBKDF2-HMAC-SHA256 — 100,000 iterations
let hash = PBKDF2(
  password: userPIN,
  salt: randomSalt(32),
  iterations: 100_000,
  keyLength: 32
)
// Constant-time comparison prevents timing attacks
// Escalating lockouts: 1m → 5m → 15m → 1h → 3h

5 attempts per cycle before lockout activates
Escalating lockout durations (1 min to 3 hours)
Constant-time comparison prevents timing attacks
100,000 PBKDF2 iterations make brute-force infeasible

Biometric Authentication

Face ID / Touch ID

Hardware-level biometric verification

.biometricCurrentSet access control policy
Automatically invalidated if biometric enrollment changes
Falls back to PIN if biometrics unavailable
No biometric data stored by the app — handled entirely by iOS

Signing

Sign Without Exposure

Your private key exists for milliseconds.

User Taps Send

User initiates a transaction from the wallet interface.

Authenticate

Face ID or PIN verification required before proceeding.

Decrypt Mnemonic

AES-256-GCM decryption from Keychain — mnemonic loaded in memory only.

Derive Private Key

BIP-44 path derivation for the target chain — in memory only.

Sign Transaction

Cryptographic signature created using the chain-specific algorithm.

Destroy Key Material

HDWallet and PrivateKey instances deallocated from memory immediately.

Broadcast

Only the signed transaction is sent to the blockchain — never any key data.

After step 6, no private key exists anywhere — not in memory, not on disk, not on any server. The only thing that leaves your device is the signed transaction.

Promises

Our Promises

What Stabil will never do.

Never Store Your Keys on Servers

Your mnemonic and private keys exist only on your device. We operate zero servers that hold user key material.

Never Track Your Balances

Balance queries go directly to blockchain RPCs, not through our servers. We have no visibility into your portfolio.

Never Require Registration

No email, no phone number, no KYC. Create a wallet in seconds, fully anonymous. Your identity is yours alone.

Never Access Your Funds

We have zero ability to move, freeze, or seize your assets. There is no admin panel, no backdoor, no override.

Never Send Keys Over Network

Private keys are never transmitted. Only signed transactions are broadcast to the blockchain network.

Never Log Sensitive Data

Mnemonics, keys, PINs, and full addresses are never written to logs. Debug output is redacted in all builds.

Cryptography

Cryptographic Standards

Battle-tested algorithms trusted by the world's largest institutions.

Purpose	Algorithm	Strength
Mnemonic encryption	`AES-256-GCM`	256-bit key, authenticated
PIN hashing	`PBKDF2-HMAC-SHA256`	100,000 iterations
Seed derivation	`PBKDF2-HMAC-SHA512`	2,048 iterations
Master key	`HMAC-SHA512`	512-bit output
EVM signing	`secp256k1 (ECDSA)`	256-bit curve
Solana / Aptos signing	`Ed25519 (EdDSA)`	256-bit curve
Address hashing	`Keccak-256`	Ethereum standard
Bitcoin addresses	`SHA-256 + RIPEMD-160`	Double hash
Keychain storage	`Secure Enclave`	Hardware-backed
iCloud backup	`AES-256-GCM + PBKDF2`	100K iterations

Comparison

Self-Custody vs Custodial

Know the difference.

Feature

Custodial (Exchanges)

Self-Custody (Stabil)

Key ownership

Company holds keys

You hold keys

Fund access

Can be frozen / seized

Only you can access

Registration

Email, KYC required

No registration needed

Privacy

Full transaction tracking

No tracking

Hack risk

Exchange hack = your loss

Only your device matters

Recovery

Reset password via email

Recovery phrase (your responsibility)

Downtime

Exchange maintenance

Blockchain is 24/7

Censorship

Government can order freeze

Censorship resistant

Technology

Open Architecture

Built on industry-standard tools and cryptographic libraries.

Stabil is built with Swift 5.9+ and SwiftUI for modern iOS development. We use WalletCore by Trust Wallet for multi-chain key derivation, GRDB for encrypted local database management, and KeychainAccess for Secure Enclave integration. There is no proprietary cryptography — every algorithm is an industry standard, auditable and battle-tested.

Swift 5.9+ SwiftUI WalletCore GRDB + SQLCipher KeychainAccess 102,832 Lines of Code

Self-Custody Security