Your Wallet. Your Keys. Our Guardrails.
The crypto world loves a binary. Custodial or non-custodial. Your keys or theirs. Total control or total trust.
WireMe started there too. Now we're building something better.
The Problem With Both Extremes
Non-custodial wallets put you in full control. But that also comes with full responsibility. Forget your seed phrase? Your funds are gone. No appeals, no support ticket, no second chances. For most people making everyday transactions, that's not freedom. It's a liability.
Custodial wallets flip the equation: the platform holds your keys, which means they hold your money. You're trusting a company to stay solvent, stay honest, and stay online. That's not ownership. That's a bank with a different logo.
WireMe is building something different. Call it semi-custodial or more precisely, a multi-signature wallet that puts control in your hands while keeping a safety net in place.
Two Keys. One Wallet. No Single Point of Failure.
When you join WireMe, we deploy a smart contract wallet for you on-chain. That part hasn't changed. What's new is how that wallet is controlled.
Your wallet requires two signatures to move funds through WireMe's escrow infrastructure:
- Your key — derived from your password or Face ID, and stored securely in your Google or Apple keychain so it follows you across your devices.
- WireMe's key — our co-signature, required to interact with our on-off ramp rails.
Neither key works alone. WireMe can't move your funds without you. You can't use our escrow infrastructure without us. That mutual dependency is the point. It's what makes the system trustworthy for both sides.
For pure crypto-to-crypto transfers like sending to another wallet or moving funds off-platform, only your key is needed. WireMe's key never enters the picture. That's your money, moving the way crypto was designed to move.
But when you want to cash out to M-PESA through a broker? That's where the co-signature kicks in. You enter your password or use Face ID, your key signs the transaction, WireMe countersigns, and our smart contract escrow verifies both before accepting the funds. Every interaction with the escrow like accepting a broker's offer works the same way.
What Happens If You Lose Access?
This is where most wallet systems leave users stranded. We didn't want to build one of those.
When you create your WireMe wallet, a recovery key – a unique, encrypted string – is sent to your email. Think of it as a spare key locked in a safe: you shouldn't need it, but it's there when you do.
Here's how recovery works if you forget your password or lose the device you use for Face ID:
- Your recovery key, combined with one of the original two wallet keys, generates a replacement key
- A waiting period begins – giving you or WireMe time to cancel the recovery if something looks wrong
- Once the waiting period clears, the new key is in place and your wallet is accessible again
The waiting period isn't a delay for its own sake. If someone forces you to hand over your password, they still can't access your funds immediately. It give you a window to cancel and respond.
One important caveat: if you lose both your password and access to your recovery email, your funds cannot be recovered. Not by you, not by WireMe. We only hold one key — and one key isn't enough. We're not building a backdoor into your wallet, even for ourselves.
Is My Password Enough to Keep This Secure?
Two things make brute-forcing your password not worth attempting:
Rate limiting. Too many wrong guesses and WireMe enforces a cooldown. There's no rapid-fire attack path.
Salted key derivation. Your password alone doesn't generate your wallet key. WireMe adds a cryptographic salt — unique to your account — before the key is derived. Even if two users picked the same password, their keys would be completely different. This significantly raises the cost of any attack.
Why This Matters
Trust in crypto gets built slowly and lost fast. The semi-custodial model is our answer to that problem: a wallet where you hold real keys, WireMe holds real accountability, and neither party can act unilaterally.
It's not custodial. It's not non-custodial. It's infrastructure built for the real world — where people forget passwords, lose phones, and need a way back in without handing over their financial lives to a company they've only just met.
That's the WireMe standard.
