Trust
Built for self-custody
Your keys never leave your device. KrayWallet cannot freeze, move, or recover your funds — only you can, with your mnemonic.
The oath: mnemonic never leaves the device · all signatures are local · we cannot freeze or access your funds · your Bitcoin remains yours even if we disappear · the code is open.
Vault encryption
Your seed is encrypted at rest with AES-256-GCM. The encryption key is derived from your password via PBKDF2-SHA256 (210,000 iterations on the PWA; extension uses the same family of primitives). The password itself is never stored — only a temporary session key exists while the wallet is unlocked.
Standards
- BIP39 — 12 or 24-word mnemonic; optional passphrase (25th word) on restore.
- BIP86 — Taproot (P2TR) addresses.
- BIP-340 — Schnorr signatures for messages and Taproot spends.
Local signing
Bitcoin transactions, Ordinals/Runes PSBTs, and L2 authorization messages are signed on your device. Websites never receive your password. Sensitive actions (cancel listing, Dev Scrolls, KrayChat admin, L2 tx messages) always open a confirmation UI in the extension.
Origin approval
On the Chrome extension, the first time an unknown site calls connect() / requestAccounts(), you must approve that origin. Until approved, other API calls are rejected. kray.space (and subdomains) and localhost are auto-approved. Approval is remembered per origin.
What we cannot do
- We cannot see or transmit your mnemonic.
- We cannot reset your password without the seed — write recovery words on paper.
- We cannot reverse a broadcast Bitcoin transaction.
- Exchanges can freeze accounts; a self-custodial wallet cannot be frozen by us.
Open source
Audit the extension at github.com/tomkray/kraywallet-extension.