Home / Solutions / Crypto WalletsNew
Solutions · Crypto wallets

Your keys, your coins, your consent.

Hardware wallets proved who holds the keys. SoM Sig proves the key-holder is acting freely — on-device, hardware-rooted, self-custodial, and bound to every signature your wallet produces. The consent-provenance layer the crypto stack has been missing. Coercion-resistant. Privacy-preserving. No third-party trust required.

Talk to engineering Read the protocol spec
SIGNING FLOW · TWO ATTESTATIONS User DEVICE · CAMERA · MIC UNLOCK CAPTURE Hardware wallet KEYS · CRYPTOGRAPHIC SIG "who holds the keys" SoM Signature ON-DEVICE · HARDWARE-ROOTED "freely consenting" Provenance + Scope + TTL Transaction CRYPTO_SIG + SoM_SIG → NETWORK · IRREVERSIBLE
01 · The threat landscape

Crypto's risk surface moved from online to physical.

A decade ago, crypto threats lived in your software stack — phishing, malware, key compromise. In 2024–2026 they live in your front door, your dating app, and your DM screen. The signature primitive is the same; the attacker is closer.

Threat 01 · Physical

Wrench attacks & flash kidnapping.

Crypto's irreversibility makes physical coercion uniquely effective. From the Ledger CEO kidnapping in early 2025 to a documented surge of home invasions targeting known holders, the "$5 wrench" is no longer a meme. Identity-proven, in-pocket hardware-signed transactions are exactly what an attacker wants: irreversible, untraceable to recovery, instant.

Jameson Lopp's physical-attack tracker · 2024–2026
Threat 02 · Social

Pig butchering & long-running scams.

Months of grooming, a fake investment platform, a friendly "guide." The victim signs freely — but not with intact understanding. By the time they realize, the funds are gone on a chain that does not forgive. FBI IC3 reported pig-butchering and crypto-investment scams as the single largest category of consumer financial loss in the United States in recent reporting.

FBI IC3 annual reports · 2023–2025
Threat 03 · Software

Signed approvals you didn't really agree to.

Drainer kits trick users into signing token approvals or transaction hashes whose semantics they don't grasp. The signature is cryptographically valid; the consent is not informed. Address-poisoning, malicious permit2 approvals, and lookalike-domain phishing have industrialized this. Hardware wallets prove the key; nothing in the stack proves the understanding.

Chainalysis · Wallet-drainer activity tracking
⚠ Without SoM Signature

Your wallet signs whatever you tell it to.

There is no record of state of mind. No defense against a wrench at your kitchen table. No friction on the malicious approval you skim-read. Once broadcast, the transaction is final. There is no fraud team to call. The user is the last line of defense, and the user just signed.

✓ With SoM Signature

Every signature carries provenance of clear consent.

Wallet policy can hold transactions where indicators show distress, confusion, or coercion. Disputes have evidence. Insurance has a basis. Recovery flows have a starting point. The wallet still does what you tell it — once it's verified that the "you" is freely you.

02 · A worked example

A home invasion. The same wallet, with one policy enabled.

Marcus is a known builder in the crypto space. Public profile, on-chain footprint, visible holdings — the kind of person Lopp's tracker is full of. One evening, two attackers force entry. Here is how the next two minutes unfold with SoM Sig in his wallet's signing flow.

Time
In the room
Wallet · signature
T+0:00entry
Forced entry, weapon shown Two attackers in the apartment. Marcus is told to open his laptop and "send everything to this address." He complies — at this point compliance is the right choice, full stop.
Idle Wallet locked. No signature events. No baseline yet. SoM Sig does not engage until a transaction is being composed.
T+0:45unlock
Wallet unlocked Marcus unlocks his hardware-wallet companion app on his laptop. Attackers dictate a destination address and an amount: 12.4 BTC.
Baseline established Wallet-app foregrounded. Quick Scan establishes Marcus's session baseline — but immediately flags it as outside his historical envelope. Distress markers elevated from the first frame. Baseline · elevated
T+1:20compose
Transaction composed under instruction Marcus types the destination address dictated to him. The wallet's address-poisoning check flags the recipient as "no prior history with this address." Marcus dismisses the warning. He presses Sign & broadcast.
Deep Scan · pre-signing 30-second on-device capture. Three independent indicators above coercion threshold: sustained extreme distress (facial); scripted-speech prosody; gaze instability inconsistent with reading. Coercion · high confidence
T+1:52policy
Wallet policy engages Marcus configured this six months ago: "Transactions over 1 BTC with high-confidence coercion indicators → 24-hour timelock, no override on this device, encrypted alerts to 3 of 5 guardians." The policy fires.
Signature held, not broadcast Cryptographic + SoM signatures sealed, bound together. Broadcast queued, not sent. Policy engine refuses release for 24 hours absent fresh clear-consent attestation. Timelock · 24h
T+1:55UX
Wallet displays the timelock Wallet UI: "Transaction queued. Will broadcast in 23:59:58 unless cancelled. This timelock cannot be bypassed from this device."
Alerts dispatched E2E encrypted alerts to Marcus's three pre-configured guardians. Silent on Marcus's device. Each guardian gets the held-signature ID, provenance summary, and pre-agreed code-word safety protocol.
T+2:30decision
The hard moment The attackers see the timelock. They cannot wait 24 hours; Marcus cannot bypass the local policy. They take the laptop, threaten Marcus, and leave. The trade-off is real: the policy bought his funds at the cost of disruption that may extend the encounter.
State preserved Timelock survives device removal — held signature lives on the hardware root. Attackers cannot release without Marcus's fresh clear-consent attestation from a registered device.
T+0:30:00safe
Marcus is safe Guardians reach him through the pre-agreed channel. Physically uninjured. Files a police report; the SoM provenance record provides forensic timestamp and indicator data. Cancels the held transaction with a fresh clear-consent signature from a backup device.
Transaction permanently cancelled The 12.4 BTC never moved. Provenance record retained for insurance and law enforcement.
T+24:00review
Marcus reviews his policy Raises the timelock threshold slightly, enables the duress-decoy UI variant, adds two more guardians. The next time, the wallet will show attackers a more convincing "broadcast successful" screen. Trade-offs all the way down.
SDK records the lesson Policy update committed. Provenance record archived to Marcus's encrypted personal cold-store. He keeps it; we don't see it.
What changed in those two minutes

The wallet still did what its owner instructed — it sealed the signature, exactly as Marcus pressed sign. What it refused to do was broadcast a transaction whose signing was accompanied by high-confidence coercion indicators, against Marcus's own pre-set policy. The cryptographic primitive grew a consent-provenance layer. That layer is what made the funds recoverable, the encounter survivable, and the policy itself something an attacker cannot defeat.

Honest framing. SoM Sig dramatically raises the cost of physical-coercion attacks. It does not prevent them. A determined attacker may escalate violence when faced with a timelock. The duress-decoy UX variant trades one risk profile for another. Each user chooses their own policy. We do not impose one.
03 · The privacy guarantees

Self-custody is the point. We don't break it.

The crypto community has spent a decade building hardware-rooted trust for keys. We're extending that to consent — not replacing it with a new trust party. These are guarantees we commit to in our developer agreements.

If any of these guarantees are broken, the integration is broken. We treat them as load-bearing. Independent audit of the verification stack is a precondition for our v1.0 launch into the wallet ecosystem.

More detail in the protocol specification → /spec/som-wallet-protocol-v1

  • On-device only. Raw biometric data — frames, audio — never leaves the user's hardware. Capture, scoring, and signing happen inside Secure Enclave / StrongBox / TPM 2.0. We do not have an API to retrieve it. No exception.
  • No server required. For self-custody wallet flows, RTScale runs entirely standalone. No connection to our cloud at any point in capture or verification. The signature is a portable cryptographic artifact that any verifier — wallet, contract, custodian — can validate offline.
  • Decomposed indicators, not biometric data. The signature payload contains scored indicators (consent clarity, distress level, coercion confidence). The underlying biometric features are not reconstructible from the signature. Cryptographic erasure on user request renders even the indicators unverifiable forever.
  • Opt-in always, revocable always. SoM Sig is a wallet capability the user enables. The wallet works without it; we don't gate baseline functionality. Disable at any time. Re-enable at any time. No regulator can mandate it through us — we have no backdoor to enable.
  • Open verification. The verification library for wallet integrations will be open-source under permissive license. The signature scheme is standard primitives — EdDSA, hardware attestation chains, W3C VC serialization. Anyone can audit. Anyone can implement.
  • User policy, not provider policy. The wallet enforces policies the user configures. We don't ship "RTScale-approved" lists. We don't blocklist addresses. We don't decide what counts as suspicious. The signature reports indicators; the user's wallet policy decides what to do with them.
04 · Integration patterns

How SoM Sig drops into the stack you already run.

The signature is a payload, not a wallet. Hardware wallets, smart contract wallets, MPC custodians, and browser extensions each take a different integration path.

Hardware wallets · companion-app capture

Pattern 01
The hardware wallet signs the transaction. The companion app captures SoM. Two signatures, one logical event, bound by the transaction hash. The hardware wallet's existing security model is untouched; SoM adds the consent layer alongside. Air-gapped flows transfer both signatures via QR code.
LedgerTrezorKeystoneBitBoxGridPlus

Browser extension wallets · WebAuthn-like surface

Pattern 02
SoM SDK drops into the extension's signing flow. When the extension surfaces a confirmation popup, the SDK opens the capture surface in the same UX — the user does not switch apps. Policy enforced at the extension; signature attached to the dApp's payload as an extension field.
MetaMaskRabbyPhantomBackpack

Smart contract wallets · on-chain verification

Pattern 03
SoM signature becomes a signature scheme the contract accepts. Account-abstracted wallets (ERC-4337, ERC-7702) enforce policy at the contract level — the bundler validates the SoM signature against the wallet's configured policy before submitting the UserOp. Coercion-detection lives in code, not in trust.
SafeZeroDevBiconomyPimlicoERC-4337

MPC & institutional custody · threshold attestation

Pattern 04
SoM is one of the threshold signers' policy inputs. Institutional custodians require a SoM signature from the human approver alongside the threshold cryptographic signature. Coerced approvals from a controlled approver still need to pass the consent layer.
FireblocksCopperBitGoPrivyTurnkey

Multi-sig wallets · per-signer SoM

Pattern 05
Each multi-sig signer contributes their own SoM attestation alongside their cryptographic signature. The wallet's policy can require N-of-M of the signatures to also show clear consent. A coerced 3-of-5 still fails if two of those three signers' SoM indicators show coercion. The cryptographic threshold and the consent threshold are independent — and both must be met.
SafeSquadsDenMultisigwallet contracts (generic)
05 · Threat coverage

What SoM Sig actually defends — and what it doesn't.

Honest accounting. Several attack surfaces fall cleanly within the consent-provenance model. Others are partially mitigated. A few are outside the primitive entirely.

Attack
How SoM Sig changes the picture
Coverage
Wrench attack · home invasion physical coercion
Coercion indicators at signing trigger user-configured timelock and guardian alerts. Attacker cannot bypass without fresh clear-consent attestation from a registered device. Demonstrated in §02 worked example.
Strong
Pig butchering · long-running romance scam social engineering
Sustained subtle distress markers characteristic of coached transactions surface above the user's baseline. Wallet policy can apply cooling-off period and warning UX. Catches the moment of doubt many victims later describe wishing they'd had.
Strong
Address poisoning spoofed recipient address
Combined with wallet's recipient-verification check, SoM detects the micro-confusion that often accompanies a user about to send to a near-lookalike. Wallet pauses for explicit re-verification of recipient. Not foolproof — distracted users can still confirm — but raises the bar.
Partial
Drainer signed approvals malicious smart contract approvals
SoM captures during the approval signing flow. If indicators show confusion, hurry, or pressure (common when users have been phished onto a hostile site), the wallet's policy can apply friction. Pairs with the wallet's tx simulation/preview.
Partial
SIM-swap recovery hijack account takeover via telecom
Recovery flows can require fresh SoM capture from the registered hardware. The attacker, having SIM-swapped the user's phone number, still cannot fake biometric capture from the user's specific device. Wallet recovery fails on the SoM check.
Strong
Compromised endpoint · malware-driven signing silent unauthorized transactions
Wallet requires Presence-class SoM capture for transactions. Malware cannot fabricate a hardware-rooted live capture of the user. Silent draining stops when SoM is in the path.
Strong
Seed-phrase compromise attacker has the words
The seed phrase reconstructs the keys but not the device. SoM-enabled wallets bind capture attestation to specific registered hardware. An attacker who knows the seed can restore on a new device but cannot fake the original device's attestation chain. Some protection, but seed-phrase compromise remains a category-defining risk.
Partial
Stolen unlocked device physical theft while authenticated
SoM Presence-class capture required for transactions. Thief is not the user; live capture fails to match registered baseline. Wallet declines. Note: this requires baseline-binding policy be enabled — default is off for privacy.
Strong
Protocol-level exploits bridge hacks, smart contract bugs
SoM Sig is a signature-time attestation. It does not protect against vulnerabilities in the protocols you interact with after broadcast. A drained bridge drains the bridge. This is outside the primitive.
Out of scope
06 · Frequently asked questions

Builder questions, answered honestly.

Pulled from working sessions with wallet engineering teams, account-abstraction protocol designers, and institutional custody platforms.

Q1 Does this require sending biometric data to RTScale or anyone else?

No. Capture, scoring, and signing happen entirely on the user's device, inside hardware-attested secure execution (Secure Enclave, StrongBox, TPM 2.0). The signature payload contains decomposed indicators and provenance — a small cryptographic artifact — not raw frames or audio. There is no API to retrieve biometric data, even for the user themselves. Cryptographic erasure of the indicators on user request renders them mathematically unverifiable. This guarantee is contractual.

Q2 Will this work with my Ledger / Trezor / hardware wallet?

Yes, through the companion-app pattern. The hardware wallet produces the cryptographic signature, exactly as today; the companion app captures and seals the SoM signature using the device's camera and microphone. Both signatures are bound to the same transaction hash. The hardware wallet's existing security model is unchanged. Air-gapped flows work: both signatures can transfer via QR code along with the transaction payload.

Q3 Does this break self-custody? Am I adding a new trust party?

No new trust party. For self-custody wallet flows, RTScale's stack runs entirely on the user's device. The verification library is open-source. The cryptographic primitives are standard (EdDSA, hardware attestation chains, W3C Verifiable Credentials). You can audit the entire path, replace any component, run without our cloud, and the system still works. The signature is portable — any verifier can validate it offline. Self-custody means you trust your hardware and your code; we don't move that line.

Q4 Will this slow down my DeFi flow? I make ten transactions a day.

Quick Scan latency is ~200 ms p95 on-device — well below the latency of any network round-trip. Your wallet's existing confirmation popup time dominates. For routine transactions below user-configured thresholds, you can disable SoM entirely; for above-threshold transactions, you absorb a single Deep Scan when threshold is crossed. The policy is yours. We have integration partners doing high-frequency on-chain activity at production scale; they configure thresholds that match their flow.

Q5 What if my hardware is destroyed or stolen?

Your seed phrase still recovers your wallet — SoM Sig does not replace the existing recovery flow. On a new device, you re-establish the SoM baseline (about 60 seconds of normal-state capture across a few sessions) and resume. If your policy required guardian alerts, your guardians will have records of any held transactions during the period your device was unavailable. SoM is an additional layer of consent provenance, not a replacement for seed-phrase recovery.

Q6 How does this work with account abstraction (ERC-4337, ERC-7702)?

SoM Sig becomes one of the signature schemes the smart contract wallet accepts. The wallet's validation logic checks the SoM signature against the wallet-owner-configured policy before approving the UserOp. The bundler can be SoM-aware (validating before submission) or SoM-agnostic (passing through; on-chain validation alone). We have reference implementations for ERC-4337 against Safe and ZeroDev contracts, and we are tracking ERC-7702 closely as it stabilizes.

Q7 Can a government force this on users? Are there backdoors?

SoM Sig is a wallet capability the user opts into. We have no kill switch, no master key, no override path. The signatures are cryptographic; we cannot fabricate or revoke them on a government request because the verification can be performed offline by anyone with the public key infrastructure. If a regulator demanded a backdoor, the architecture makes us unable to provide one without breaking the open-source verification stack — which would be immediately detectable. We treat the absence of backdoors as load-bearing.

Q8 What about privacy-maximalist chains and tools — Monero, Tornado-style mixers, zero-knowledge wallets?

SoM Sig captures consent provenance at the user's device — it does not observe the on-chain payload. A Monero transaction's privacy properties are preserved; the SoM signature attests to the consent surrounding the act, not the transaction's contents. For ZK-wallet flows, the SoM signature can be included in a zero-knowledge proof of clear-consent without revealing the underlying indicators. We're collaborating with one ZK-wallet team on a reference implementation; spec link in the protocol section once it's public.

Build with the protocol

Bring your wallet. We'll wire SoM Sig in during a working session.

Sixty minutes, your codebase, our SDK. Hardware wallet companion app, browser extension signing flow, ERC-4337 module, or MPC threshold input — pick the integration pattern that matches your stack. We'll have a working end-to-end signature in your environment before the session ends. No deck.

Schedule a working session Read the protocol spec