01
Hardware-rooted cryptography
KEKs in Cloud KMS, never extractable. DEKs are wallet-bound and authenticated. Re-encryption happens at the edge.
Self-custodial wallets, as a service
Embed a self-custodial wallet in your product.
Sigil lets you ship a production-grade wallet without building the cryptographic infrastructure. Shamir 2-of-3 keys, multi-network support (Ethereum, Bitcoin, Solana and more) — all behind a single SDK call.
app.tsx@sigilkeys/sdk
import { Sigil } from '@sigilkeys/sdk'; const wallet = new Sigil({ organizationId: 'org_xxx', publishableKey: 'pk_live_xxx', iframeUrl: 'https://wallet.sigilkeys.com', }); await wallet.init(); // One call: build → sign → submit. Any network. // Ethereum, Bitcoin, Solana and more — same SDK. const { txHash } = await wallet.executeBatch({ chain: 'base', calls: [ { to: USDC, data: encodeApprove(SwapRouter, amount) }, { to: SwapRouter, data: encodeSwap({ ... }) }, ], });
Product
Built for teams that take custody seriously.
Self-custody by design
Private keys are reconstructed only inside an isolated iframe on the user's device, for milliseconds. No one — not Sigil, not the integrator — ever holds them.
Multi-OIDC, on your terms
Plug in your existing identity provider through a generic OIDC adapter. Keycloak ships in the MVP; Auth0, Cognito and Firebase Auth are a drop-in away.
Multi-network ready
Sign messages, typed data and transactions across Ethereum, Bitcoin, Solana and more. BIP-39 export, recovery flow and re-share built in.
EU-native infrastructure
Hosted, designed and operated in Europe. MiCA-aware, GDPR by default, backed by the technical custody team of the Bit2Me group.
How it works
Three steps to ship.
- 01
Install the SDK
Add @sigilkeys/sdk to your React app. The SDK injects a sandboxed iframe and exposes a typed API.
- 02
Configure your project
Point Sigil at your OIDC issuer and allowed origins from the portal. No backend changes required.
- 03
Wallets, ready
Your users sign in once and get a wallet they fully own. You stay focused on your product.
Security
Engineered to fail safely.
Security isn't a feature in Sigil — it's the architecture. Keys are sharded end-to-end. Reconstruction happens only inside the user's browser. Every operation is logged. No internal team can sign for any user, by design.
02
Defense in depth
Origin allowlists, CSP and SRI, IAM separation of duties, immutable audit logs. Each layer assumes the previous one fails.
03
Transparent by policy
Open libraries. Public bug bounty. External audits before GA. Reproducible iframe builds — verify before you trust.
In progress
SOC 2 Type II
Planned
ISO 27001
Planned
Cure53 audit
Active
HackerOne
Compliant
GDPR
Aware
MiCA
Architecture
Custody belongs to users, not platforms.
Most "self-custody" wallets aren't really self-custody. The provider holds two of three shares and could sign for you. Sigil splits shares across three truly independent parties.
ANY 2 SHARES = 1 SIGNATURE · 3 PARTIES = 0 SINGLE-POINTS-OF-FAILURE
Use cases
Built for teams shipping the future onchain.
Onboard users without seed phrases.
Migrate from custodial to self-custody without losing UX. Comply with MiCA without rebuilding. Offer wallets your users can take with them — and keep the regulatory clarity intact.
New · Sigil Agents
Wallets your AI agents can actually use.
Typed autonomous agents — Payment, Trading, Compliance — built on top of TEE-custodied wallets and per-agent policies. Sigil ships the system prompt and toolset, you bring the wallet, the LLM key, and the budget.
Payment
Pay vendors, payroll, refunds
Recipient allowlists and per-tx caps are enforced before any signature reaches the TEE.
Trading
Execute DEX swaps
Slippage caps, allowed pairs and per-hour drawdown limits baked into the system prompt.
Compliance
Monitor and flag
Read-only by design — watches transactions and escalates anomalies to a human.
vs alternatives
Honest comparison.
| Sigil | Privy | Coinbase CDP | Magic | DIY | |
|---|---|---|---|---|---|
| Custody model | True 2-of-3 | Provider-managed | Provider-managed | Provider-managed | — |
| EU hosted | Yes | No | No | No | Maybe |
| Pluggable auth | Any OIDC | Limited | No | No | Yes |
| MiCA-ready | Native | Adapted | Limited | Limited | On you |
| Pricing | Per project | Per MAW | Bundled | Per MAU | Eng. cost |
| Self-host option | Roadmap | No | No | No | Yes |
Based on public documentation as of April 2026. We'll update if you spot something off.
Operated by DAC
Sigil is operated by DAC, the technical custody division within the Bit2Me group. Years of regulated infrastructure, behind a developer-first product.
Still on the fence?
See what you can build with Sigil.
A live demo that goes from email-OTP sign-in to multi-network signing in 30 seconds. Same code path your users would hit.
Ready to integrate?
Tell us about your use case and we'll set you up.