Building a Secure, Non-Custodial Wallet Infrastructure for Multi-Chain Users
- Groow Labs
- Web3 , Wallets , Infrastructure
- 07 Dec, 2025
Introduction
Non-custodial wallets are the foundation of Web3. They are not just user interfaces for signing transactions, but critical security infrastructure that determines how users interact with blockchains, manage assets, and recover from failures. This case study details how we designed and built a secure, extensible, multi-chain non-custodial wallet system capable of supporting both retail users and advanced on-chain interactions.
The primary challenge was to deliver institution-grade security guarantees without sacrificing usability, onboarding speed, or cross-chain flexibility.
Problem Statement
The client faced several structural challenges common to modern wallet products:
- Users struggled with complex key management and seed phrase handling
- Supporting multiple chains significantly increased operational complexity
- Transaction signing UX differed across chains and standards
- Security features often conflicted with ease of use
- Future extensibility (DeFi, NFTs, account abstraction) was limited by early design choices
The wallet needed to be secure by default, flexible by design, and scalable across chains and use cases.
Design Principles
The wallet architecture was guided by a strict set of principles:
- User-Owned Keys – Private keys must never leave the user’s device
- Chain-Agnostic Core – Blockchain-specific logic isolated into adapters
- Defense in Depth – Multiple layers of security, not a single control
- Progressive UX – Simple flows for beginners, power features for advanced users
- Future-Proofing – Ready for account abstraction and smart wallets
High-Level Architecture
The system was designed as a modular wallet stack with clear responsibility boundaries.
Core Components
- Client Application – Mobile and web wallet interfaces
- Key Management Layer – Secure key generation, storage, and signing
- Chain Adapters – EVM, SVM, and Move-based blockchain support
- Transaction Engine – Unified transaction building and simulation
- Backend Services – Indexing, notifications, and gas abstraction
Each component could evolve independently without compromising wallet security.
Key Management & Cryptography
Key Generation
Keys are generated locally using cryptographically secure randomness and never transmitted or logged. The wallet supports:
- EOA-based keys (secp256k1)
- HD wallets (BIP-32 / BIP-44)
- Multiple accounts derived from a single root seed
Secure Storage
Private keys are encrypted at rest using device-level security:
- Secure Enclave / Keychain (iOS)
- Android Keystore
- Encrypted IndexedDB / WebCrypto (Web)
Encryption keys are bound to device authentication (PIN / biometrics), preventing offline extraction.
Transaction Signing & Simulation
Before signing any transaction, the wallet performs:
- Transaction decoding – Human-readable display of intent
- Simulation – Estimated balance changes, gas usage, and contract effects
- Risk Flagging – Detection of common malicious patterns
This significantly reduces phishing and blind-signing risks while maintaining fast approval flows.
Multi-Chain Support Strategy
Instead of duplicating logic per chain, we implemented a chain adapter model.
Adapter Responsibilities
- Transaction encoding/decoding
- Fee estimation
- Nonce management
- Signature format handling
Supported environments included:
- EVM chains (Ethereum, Polygon, Arbitrum)
- Solana-style message signing
- Move-based chains via custom payload builders
This abstraction allowed rapid expansion to new networks without core changes.
Account Abstraction & Smart Wallets
The wallet was built with forward compatibility for account abstraction (ERC-4337).
Smart Wallet Capabilities
- Gasless transactions via relayers
- Batch and atomic transactions
- Social recovery and guardian-based access
- Session keys for dApps
Users could seamlessly upgrade from EOAs to smart wallets without changing addresses or losing assets.
Security Model & Threat Mitigation
Threats Considered
- Key extraction attacks
- Malicious dApp interactions
- Front-running and replay attacks
- Compromised devices
Mitigations
- Strict origin validation for dApp connections
- EIP-712 typed data enforcement
- Nonce and chain ID validation
- Optional spending limits and transaction policies
The wallet followed a zero-trust dApp interaction model.
Backend & Supporting Infrastructure
While keys remained client-side, backend services supported:
- Blockchain indexing for balances and history
- Push notifications for transaction status
- Gas price estimation and relaying
- Fiat on-ramp and off-ramp integrations
All backend systems were designed to be stateless with respect to user keys.
UX & Product Decisions
Security features were surfaced progressively:
- Beginners see simplified confirmations
- Advanced users access raw calldata and gas controls
- Warnings are contextual, not intrusive
This approach maximized safety without overwhelming users.
Testing, Audits & Validation
- Cryptographic flows unit-tested extensively
- Integration tests across supported chains
- External security reviews of signing logic
- Continuous fuzz testing on transaction parsing
No private key material was ever exposed during testing or logging.
Outcome
The final wallet infrastructure delivered:
- True non-custodial security guarantees
- Seamless multi-chain support
- Extensible architecture for DeFi, NFTs, and smart wallets
- A user experience that scaled from beginners to power users
The system is production-ready, audit-friendly, and positioned as a long-term foundation for Web3 interaction.
Closing Thoughts
A non-custodial wallet is not just a product — it is security infrastructure. By treating cryptography, UX, and extensibility as first-class concerns, we delivered a wallet system that users can trust today and build upon tomorrow.