We onboard clients as we have availability. Request access and we will reach out with more information.
Waymont solves for end-to-end onchain security so that you don't have to.
One platform combines: recovery, inheritance, transaction policies, biometric & multi-factor auth & more to protect you from all directions.
Every Waymont transaction requires 1) biometric signing and 2FA 2) authentication from your Google or Apple Account and 3) compliance with your custom transaction policies.
Waymont is built on Gnosis Safe, which currently secures approximately $100B+ in assets and has passed the highest security standards including Formal Verification.
Waymont was built with the help of the industry's best security auditors. View our latest audit report from Trail of Bits.
Waymont builds in safeguards to protect your assets at all times.
Every Waymont transaction requires 1) biometric signing and 2FA 2) authentication from your Google or Apple Account and 3) compliance with your custom transaction policies.
So if one component is compromised, you're covered by at least 2 other layers of security.
If your Waymont Web single-sign-on (SSO) login is compromised → You are protected behind biometrics and transaction policies
If your Waymont Web SSO login is compromised, an attacker would need your biometrics to sign transactions and would be limited by your transaction policies.
If the Gnosis Safe contracts are compromised
We use the Safe{Core} SDK. The Safe contracts currently secure 100B in assets and have passed Formal Verification. While highly unlikely, if Safe is hacked then the Ethereum community may consider a chain rollback.
If your Waymont Mobile App is compromised → You are protected behind your SSO login or transaction policies
If your Trusted Signing Device is lost, stolen, or hacked, an attacker would
still need access to your Waymont Web SSO login to initiate a transaction, and would be limited by your transaction policies.
Learn more about Waymont Mobile App security.
If your Policy Guardian is compromised → You are protected behind your biometrics and SSO login
The Waymont Policy Guardian checks outgoing transactions against your policies. It only has the ability to block transactions. It can never initiate or sign for you.
You would still need both your Trusted Signer and Waymont Web SSO to move your funds. You may also offboard from Waymont at any time.
If your guardians approve an undesired recovery request → You may cancel it from Waymont Web behind a 4 day timelock
If your guardians approve a recovery request against your will, you will be notified immediately and a 4-day waiting period begins.
You will be able to cancel the recovery request from within Waymont Web.
If the Waymont Web frontend is compromised → You are protected behind Waymont Mobile integrity checks and transaction policies
If the Waymont Web frontend is compromised, the Waymont Mobile App runs clientside transaction simulations pulled directly from Alchemy.
You can verify the integrity of every transaction you sign, and suspicious transactions are blocked by default.
You will also still be limited by your transaction policies.
If Waymont’s API or service goes down, discontinues → You can offramp from Waymont without our help
You always own your keys, regardless of Waymont's continuity. You always have the ability to exit our system and take your keys elsewhere without our help
If your Guardians lose their Recovery Signing Devices → You are protected by encrypted backups
Recovery requires approval 51% of your Guardians. If more than 51% of your Guardians lose their Recovery Signing Devices, then they will be able to restore their signing keys from their iCloud.
Guardians are forced to backup their encrypted key data to iCloud to ensure you don't lose access to your funds.
Waymont Mobile App is compromised → 1) Google or Apple SSO and 2) your transaction policies.
Private keys stored on local devices use a combination of iOS Keychain and Secure Enclave to maximize security. Keychain items are encrypted using 256-bit keys stored in Apple's Secure Enclave, a dedicated hardware-based key manager isolated from the main processor. Decrypting data within the Keychain requires a round trip through the Secure Enclave with biometrics adding an extra layer of security. If the iOS keychain or application processor is compromised, Waymont mobile wallet keychain items remain encrypted because the encryption key is kept in a hardened hardware module separate from the main processor.
Waymont Policy Guardian Module is compromised → Still need mobile signer and Google SSOIf the policy guardian was compromised, an attacker could change your transaction policies, but they would still need: access to your mobile app and access to your Google account.
Recovery Module
The Recovery Module assists users in regaining access to their vaults if lost. Though highly unlikely, a full compromise of this module could lead to full control over a user's vault. Users can deactivate this feature at any time.
WaymontSafeAdvancedSigner is compromised →
This module enables backup signing devices. If compromised simultaneously with the Policy Guardian, it could lead to a loss of funds. This feature can be deactivated at any time by having a single signing device.
Human readable transactions is compromised → you will still be covered by your transaction policies If the module for human readable transaction is compromised, then you may sign a malicious transaction, but these will still be protected by your X.
API
Should our API be compromised or unresponsive, users may be unable to sign transactions. However, their funds will remain secure, and they can remove Waymont from their vault.
Choosing the right guardians.
Choosing the right guardians is critical. These individuals will be able to trigger recovery of your private keys.
If they collude or are coerced, you may still cancel recovery within the 4 day waiting period. You will also be protected behind your Waymont Web SSO.
Choosing which security modules to enable
If you you opt-in or opt-out of Waymont Modules including the Guardian Recovery Module, Off-chain Recovery Module, Deadman’s Switch, and Policy Guardian your security can be optimized for your needs and risk tolerance.
Opting-out of a previously opted-in module requires a timelocked waiting period.
Enabling 2FA and using secure passwords for Apple and Google
If your Google account is insecure and not secured by 2FA or has weak password protection, then an attacker could gain access to your SSO giving them the ability to initiate transactions. In this scenario, the attacker would also need access to your mobile signing device and be limited by your transaction policies.
Deciding on your transaction policies
If you decide to enforce weak transaction policies, it will inherently limit your security. Alternatively, Waymont will also support custom transaction policy parameters including: daily limits, IP address, time of day, etc. Waymont Concierge will help you setup strong policies in your 1:1 onboarding call.
Waymont Mobile App is compromised → 1) Google or Apple SSO and 2) your transaction policies.
Private keys stored on local devices use a combination of iOS Keychain and Secure Enclave to maximize security. Keychain items are encrypted using 256-bit keys stored in Apple's Secure Enclave, a dedicated hardware-based key manager isolated from the main processor. Decrypting data within the Keychain requires a round trip through the Secure Enclave with biometrics adding an extra layer of security. If the iOS keychain or application processor is compromised, Waymont mobile wallet keychain items remain encrypted because the encryption key is kept in a hardened hardware module separate from the main processor.
Waymont Policy Guardian Module is compromised → Still need mobile signer and Google SSOIf the policy guardian was compromised, an attacker could change your transaction policies, but they would still need: access to your mobile app and access to your Google account.
Recovery Module
The Recovery Module assists users in regaining access to their vaults if lost. Though highly unlikely, a full compromise of this module could lead to full control over a user's vault. Users can deactivate this feature at any time.
WaymontSafeAdvancedSigner is compromised →
This module enables backup signing devices. If compromised simultaneously with the Policy Guardian, it could lead to a loss of funds. This feature can be deactivated at any time by having a single signing device.
Human readable transactions is compromised → you will still be covered by your transaction policies If the module for human readable transaction is compromised, then you may sign a malicious transaction, but these will still be protected by your X.
API
Should our API be compromised or unresponsive, users may be unable to sign transactions. However, their funds will remain secure, and they can remove Waymont from their vault.
A new standard of onchain security and experience. Request access today.