Skip to main content
Multi-Layer Security Wallet’s dedicated mobile wallet is used by Organization Members and Admins to approve and reject transactions, and take other actions. Under the hood, the mobile wallet securely stores a private key on a Member’s mobile device. That private key is used to cryptographically sign approvals and rejections.

Security Features

The dedicated Multi-Layer Security Wallet mobile wallet has a suite of security features that make it significantly more secure than other hardware and software wallets:
  1. The mobile wallet can only be used with Multi-Layer Security Wallet to limit the attack surface. In other forms of wallets, such as self-custody (i.e. multisignature wallets), users can manage their cryptographic private keys using any external wallet, like Metamask or Ledger. Those wallets can be used to sign any transaction and can be used with any decentralized application. If the wallet is used with a malicious or compromised decentralized application, the user can be tricked into signing a malicious transaction with the same private key that manages their funds, potentially causing their funds to be stolen. By having a dedicated mobile wallet that can only be used with Multi-Layer Security Wallet, users’ private keys aren’t being used to interact with other potentially dangerous applications.
  2. The mobile wallet shows users what they’re actually approving. A well known security limitation of many wallets, especially hardware wallets like Ledger, is “blind signing”. Instead of displaying a human-readable explanation of what is being signed, these wallets display an obscure technical string of letters and numbers that users can’t interpret. Users are therefore likely to accidentally approve malicious transactions. In contrast, Multi-Layer Security Wallet’s dedicated mobile wallet decodes transactions into a human-readable format locally on the user’s device, so they know exactly what the transaction they’re signing will do. This makes it possible for users to easily identify and reject malicious transactions. Blind signing vs human-readable explanations
  3. The mobile wallet runs the Policy Engine locally to verify that a transaction is actually valid. This is part of Multi-Layer Security Wallet’s approach of having “multiple redundant layers of security”. Before a user can approve a transaction, the Policy Engine runs locally on their device to determine if the transaction is valid to prevent them from signing a malicious transactions in the first place.
  4. The mobile wallet stores private keys in secure hardware enclaves and trusted execution environments (TEE). Similar to hardware wallets, the mobile wallet securely stores private keys in Secure Enclaves and Trusted Execution Environments (TEE) which isolate the private keys and prevent other applications from accessing them at a hardware level.
  5. The mobile wallet is harder to compromise with malware. Due to the locked-down and sandboxed nature of modern mobile operating systems, it is significantly more difficult for attackers to install malware on a user’s mobile device than it is on their desktop, and the scope of what the malware can accomplish is far more limited. For example, in the Radiant Capital incident where over $50M was stolen, attackers compromised the computers used by Radiant Capital’s multisig signers with malware. The malware intercepted transactions sent to their Ledger hardware wallets, replacing them with a malicious transaction. Along with the “blind signing” limitations of their Ledger wallets, the signers were tricked into signing the malicious transaction that resulted in the theft of the organization’s funds.