Waymont is designed to simplify self-custody and onchain risk. Its transparent, audited, and built on the best.
We believe that crypto should be secure by default. This starts with the ability to store your assets, seamlessly.
Waymont is built on Safe, which currently secures approximately $100B+ in assets and has passed the highest security standards including Formal Verification.
If one component of your account is compromised, you're protected by at least two other isolated components like biometric signing, transaction policies, and recovery.
The industry's best security auditors have reviewed Waymont's implementation. View our latest audit report from Trail of Bits.
Managing the single point of failure of a hardware wallet or browser extension wallet is awkward, stressful, and risky.
Waymont simplifies this with redundant design. If one component of your account is compromised, you're protected by at least two other isolated components like biometric signing, transaction policies, and recovery. Terms of Service.
If your single-sign-on login is compromised → You’re still protected behind biometrics and transaction policies
If your SSO login is compromised due to weak passwords or lack of 2FA, an attacker would need your biometric secured signing key, after which they will still be limited by your transaction policies.
If the Gnosis Safe contracts are hacked
The battle tested Safe (formerly Gnosis Safe) contracts currently secure around $40 billion in digital assets. Since 2018, these smart contracts have passed the highest possible security standards in the industry including 11+ audits. While highly unlikely, if Safe is hacked, the Ethereum community may consider a chain rollback.
If your Mobile App is compromised → You’re still protected behind your SSO login or transaction policies
If your Mobile App is compromised, an attacker will still need access to your SSO login and be limited by your Waymont secured transaction policies. In addition, private keys are secured using a combination of iOS Keychain and Secure Enclave to maximize security. Keychain items are encrypted and stored in Apple's Secure Enclave, a dedicated and secure hardware-based key manager isolated from the main processor.
If your Policy Guardian is compromised→ You’re still protected behind biometrics and SSO login
If your Policy Guardian, which checks if transactions fit into your transaction policies, is compromised it will stop blocking transactions. However, an attacker would also need to gain access to your biometric secured signing key to sign transactions and your SSO login to initiate transactions. The Waymont Policy guardian can never initiate a transaction.
If your guardians approve a fraudulent recovery request → You’re still protected behind 4 day timelock, notifs, and SSO
If your guardians approve a fraudulent account recovery request, you will be notified immediately and a 4 day waiting period begins during which time you have the ability to cancel the recovery request. In the case of successful signer recovery, an attacker would still need to gain access to your SSO login to initiate a transaction. You may also opt-out of the Guardian Recovery module at any time.
If Waymont’s web frontend is compromised → You’re still protected behind mobile integrity checks and transaction policies
If an attacker spoofs the transaction details on our frontend, our mobile device runs clientside transaction simulation checks to verify the integrity of every transaction you sign. Suspicious transactions are blocked by default. You should verify the asset changes on web match the details you sign on mobile.
If Waymont’s API or service goes down, discontinues→ You’re still protected by the ability to offramp from Waymont
If Waymont discontinues business or the API goes down, your keys remain secure and your own. You have the ability to exit our system after a 14-day waiting period after which you can off-ramp to another service provider at anytime.
If you lose your signer, and your guardians also lose their phones→ You’re still protected by encrypted backups
If your guardians lose their phones or recovery signers, you will still be able to recover your assets as guardians are forced to store an encrypted backup of their recovery signing key to their iCloud account. Guardians can recover their signing keys via iCloud and approve a recovery request for your account. Alternatively, you may also request account recovery through Waymont Recovery modules (if enabled).
If your mobile device is insecure, stolen, or lost→ You’re still protected behind your policy guardian, SSO login, and recovery
If your mobile device has poor passcode security, or it is lost or stolen, then an attacker would still need access to your SSO login to initiate recovery. They would still be limited by your policy guardian. And you could trigger recovery through your signers.
Waymont Mobile App is compromised → 1) Google or Apple SSO and 2) your transaction policies.
Private keys stored on local devices use a combination of iOS Keychain and Secure Enclave to maximize security. Keychain items are encrypted using 256-bit keys stored in Apple's Secure Enclave, a dedicated hardware-based key manager isolated from the main processor. Decrypting data within the Keychain requires a round trip through the Secure Enclave with biometrics adding an extra layer of security. If the iOS keychain or application processor is compromised, Waymont mobile wallet keychain items remain encrypted because the encryption key is kept in a hardened hardware module separate from the main processor.
Waymont Policy Guardian Module is compromised → Still need mobile signer and Google SSOIf the policy guardian was compromised, an attacker could change your transaction policies, but they would still need: access to your mobile app and access to your Google account.
Recovery Module
The Recovery Module assists users in regaining access to their vaults if lost. Though highly unlikely, a full compromise of this module could lead to full control over a user's vault. Users can deactivate this feature at any time.
WaymontSafeAdvancedSigner is compromised →
This module enables backup signing devices. If compromised simultaneously with the Policy Guardian, it could lead to a loss of funds. This feature can be deactivated at any time by having a single signing device.
Human readable transactions is compromised → you will still be covered by your transaction policies If the module for human readable transaction is compromised, then you may sign a malicious transaction, but these will still be protected by your X.
API
Should our API be compromised or unresponsive, users may be unable to sign transactions. However, their funds will remain secure, and they can remove Waymont from their vault.
Choosing the right guardians.
If your guardians collude or are coerced against your will, and they trigger the recovery of your private keys, a 4 day waiting period will start during which you will receive notifications via all communication channels and have the ability to cancel a recovery request. In the case of successful recovery, an attacker would still need to gain access to your SSO login to initiate a transaction. You may also opt-out of the Guardian Recovery Module.
Choosing which security modules to enable
If you you opt-in or opt-out of Waymont Modules including the Guardian Recovery Module, Off-chain Recovery Module, Deadman’s Switch, and Policy Guardian your security can be optimized for your needs and risk tolerance. Opting-out of a previously opted-in module requires a timelocked waiting period.
Enabling 2FA and using secure passwords for Apple and Google
If your Google account is insecure and not secured by 2FA or has weak password protection, then an attacker could gain access to your SSO giving them the ability to initiate transactions. In this scenario, the attacker would also need access to your mobile signing device and be limited by your transaction policies.
Deciding on your transaction policies
If you decide to enforce weak transaction policies, it will inherently limit your security. Alternatively, Waymont will also support custom transaction policy parameters including: daily limits, IP address, time of day, etc. Waymont Concierge will help you setup strong policies in your 1:1 onboarding call.
Waymont Mobile App is compromised → 1) Google or Apple SSO and 2) your transaction policies.
Private keys stored on local devices use a combination of iOS Keychain and Secure Enclave to maximize security. Keychain items are encrypted using 256-bit keys stored in Apple's Secure Enclave, a dedicated hardware-based key manager isolated from the main processor. Decrypting data within the Keychain requires a round trip through the Secure Enclave with biometrics adding an extra layer of security. If the iOS keychain or application processor is compromised, Waymont mobile wallet keychain items remain encrypted because the encryption key is kept in a hardened hardware module separate from the main processor.
Waymont Policy Guardian Module is compromised → Still need mobile signer and Google SSOIf the policy guardian was compromised, an attacker could change your transaction policies, but they would still need: access to your mobile app and access to your Google account.
Recovery Module
The Recovery Module assists users in regaining access to their vaults if lost. Though highly unlikely, a full compromise of this module could lead to full control over a user's vault. Users can deactivate this feature at any time.
WaymontSafeAdvancedSigner is compromised →
This module enables backup signing devices. If compromised simultaneously with the Policy Guardian, it could lead to a loss of funds. This feature can be deactivated at any time by having a single signing device.
Human readable transactions is compromised → you will still be covered by your transaction policies If the module for human readable transaction is compromised, then you may sign a malicious transaction, but these will still be protected by your X.
API
Should our API be compromised or unresponsive, users may be unable to sign transactions. However, their funds will remain secure, and they can remove Waymont from their vault.
Experience a new standard of self-custody and onchain security. Request access today.