Self-custodial wallets, as a service

Embed a self-custodial wallet in your product.

Sigil lets you ship a production-grade wallet without building the cryptographic infrastructure. Shamir 2-of-3, multi-OIDC and EVM-ready, behind a clean SDK.

Start buildingRead the developer docs
app.tsx@sigil/sdk
import { Sigil } from '@sigil/sdk';

const wallet = new Sigil({
  organizationId: 'org_xxx',
  publishableKey: 'pk_live_xxx',
  iframeUrl: 'https://wallet.sigilkeys.com',
  authMode: 'sigil',
});

await wallet.init();
const sig = await wallet.signMessage('login at 12:34');
Product

Built for teams that take custody seriously.

Self-custody by design

Private keys are reconstructed only inside an isolated iframe on the user's device, for milliseconds. No one — not Sigil, not the integrator — ever holds them.

Multi-OIDC, on your terms

Plug in your existing identity provider through a generic OIDC adapter. Keycloak ships in the MVP; Auth0, Cognito and Firebase Auth are a drop-in away.

EVM-ready

Sign messages, typed data and transactions for any EVM chain. BIP-39 export, recovery flow and re-share built in.

EU-native infrastructure

Hosted, designed and operated in Europe. MiCA-aware, GDPR by default, backed by the technical custody team of the Bit2Me group.

How it works

Three steps to ship.

  1. 01

    Install the SDK

    Add @sigil/sdk to your React app. The SDK injects a sandboxed iframe and exposes a typed API.

  2. 02

    Configure your project

    Point Sigil at your OIDC issuer and allowed origins from the portal. No backend changes required.

  3. 03

    Wallets, ready

    Your users sign in once and get a wallet they fully own. You stay focused on your product.

Security

Engineered to fail safely.

Security isn't a feature in Sigil — it's the architecture. Keys are sharded end-to-end. Reconstruction happens only inside the user's browser. Every operation is logged. No internal team can sign for any user, by design.

01

Hardware-rooted cryptography

KEKs in Cloud KMS, never extractable. DEKs are wallet-bound and authenticated. Re-encryption happens at the edge.

02

Defense in depth

Origin allowlists, CSP and SRI, IAM separation of duties, immutable audit logs. Each layer assumes the previous one fails.

03

Transparent by policy

Open libraries. Public bug bounty. External audits before GA. Reproducible iframe builds — verify before you trust.

In progress
SOC 2 Type II
Planned
ISO 27001
Planned
Cure53 audit
Active
HackerOne
Compliant
GDPR
Aware
MiCA
Architecture

Custody belongs to users, not platforms.

Most "self-custody" wallets aren't really self-custody. The provider holds two of three shares and could sign for you. Sigil splits shares across three truly independent parties.

2-of-3USERDevice share · localStorageSIGILProvider share · KMS-wrappedCLIENTRecovery share · your backend

ANY 2 SHARES = 1 SIGNATURE · 3 PARTIES = 0 SINGLE-POINTS-OF-FAILURE

Use cases

Built for teams shipping the future onchain.

Onboard users without seed phrases.

Migrate from custodial to self-custody without losing UX. Comply with MiCA without rebuilding. Offer wallets your users can take with them — and keep the regulatory clarity intact.

vs alternatives

Honest comparison.

SigilPrivyCoinbase CDPMagicDIY
Custody modelTrue 2-of-3Provider-managedProvider-managedProvider-managed
EU hostedYesNoNoNoMaybe
Pluggable authAny OIDCLimitedNoNoYes
MiCA-readyNativeAdaptedLimitedLimitedOn you
PricingPer projectPer MAWBundledPer MAUEng. cost
Self-host optionRoadmapNoNoNoYes

Based on public documentation as of April 2026. We'll update if you spot something off.

Operated by DAC

Sigil is operated by DAC, the technical custody division within the Bit2Me group. Years of regulated infrastructure, behind a developer-first product.

Ready to integrate?

Tell us about your use case and we'll set you up.