As crypto and web3 applications become more integrated into everyday products, developers are looking for infrastructure to power seamless, secure user experiences for all sorts of users—from seasoned crypto veterans to blockchain beginners. Embedded wallets enable developers to integrate secure key management directly into their apps, creating a seamless experience where any user, regardless of their comfortability with crypto, can hold, manage, and transact with digital assets—all without ever leaving the product interface.
This page is for developers, product teams, and founders building in web3 who want to understand the potential embedded wallets have as a game-changing technology in the blockchain space and beyond. Read on to learn everything you need to know about embedded wallets, including how they differ from other crypto wallets, top use cases and benefits, and more.
Table of contents
2) How are embedded wallets different from other crypto wallets?
2.1) Embedded wallets: in-app key management
2.2) Benefits of embedded wallets
3) How embedded wallets work: architecture and infrastructure
3.1) Shamir’s Secret Sharing (SSS) in embedded wallets
3.2) Threshold Signature Schemes (TSS) in embedded wallets
3.3) Trusted Execution Environments (TEE) in embedded wallets
4.1) Embedded wallets use case #1: Holding value
4.2) Embedded wallets use case #2: Moving assets
What are embedded wallets?
Embedded wallets are a developer tool that enables developers to securely embed wallet systems into their applications and products directly. Simply put, this enables users of any product to buy, hold, sell, and/or trade cryptocurrencies, enabling investments in-app, global money transfers, and more—all on crypto rails.
At the heart of any blockchain interaction lies the cryptographic signature—a proof of ownership over a private key. Traditionally, managing private keys has required the usage of standalone wallets, often in the form of browser extensions, mobile apps, or hardware implements. But as crypto moves deeper into mainstream applications, embedded wallets have emerged as a new approach to private key management.
Unlike traditional wallets—which are either fully custodial (where a third party holds the user's keys) or non-custodial (where users manage their own keys, often through browser extensions)—but this came with some associated costs, notably in terms of ease of use. Embedded wallets offer a flexible middle ground. They allow developers to securely build in key management directly, with options ranging from full custody to user-controlled keys. This unlocks smoother in-app experiences where users don’t need to install separate extensions or manage seed phrases. From onboarding new users in DeFi apps to powering blockchain-based transactions in games and social platforms, embedded wallets are becoming essential tools for developers across various industries.
How are embedded wallets different from other crypto wallets?
To understand embedded wallets, it's helpful to first look at the kinds of crypto wallets that have historically dominated the space.
Most crypto wallets have tended to fall into two categories: custodial (hosted) and non-custodial (self-hosted).
Custodial wallets are managed by a third party which holds users’ private keys on their behalf, and accordingly are deemed to be a custodian of funds. These wallets are entirely abstracted from the user, as that user is giving control over funds to the custodian. This means they can be easier to use for newcomers, but come with trade-offs in terms of user control of assets and security considerations.
Non-custodial wallets give users full control of their private keys, requiring them to manage backups, security, and transaction signing themselves—this can be a significant barrier of entry. Examples include hot wallets like MetaMask (browser-based, internet-connected) and cold wallets like Ledger and Trezor (offline, hardware-based).
These traditional wallets were designed primarily as standalone consumer products, often with complex interfaces that assume a working understanding of blockchain mechanics.
This means that users who are crypto-literate can manage their private keys and transact directly onchain without further abstraction of the technology.
Embedded wallets: in-app key management
Embedded wallets, by contrast, are not standalone products for consumers and end-users. They are a developer tool that enables developers to integrate secure key management infrastructure directly into their application’s backend and frontend. This means end-users can create and use a wallet entirely within an app, without needing to install an extension, manage a seed phrase, or understand how blockchain works behind the scenes.
What makes a wallet embedded is not just where it lives (in-app), but how seamlessly it blends into the product experience. The end-user doesn’t need to think of an embedded wallet as a separate tool—from their perspective, they simply sign in, and their crypto wallet is already there, ready to use. From there, the developer can choose how much of the underlying rails to expose to the end-user—for instance, it’s up to the developer to decide whether to surface transaction screens or tokens to the end-user. This approach unlocks simpler, more accessible experiences for end-users while giving developers full control over their app UX.
With a stronger understanding of what separates embedded wallets from the crowd, let’s next move on to evaluating the benefits embedded wallets can offer—and whether they are right for your team.
Benefits of embedded wallets
Embedded wallets provide powerful benefits for both end-users and developers. At a high level: for end-users, they empower intuitive, secure experiences that don’t require deep crypto knowledge; for developers, they enable a secure way to increase user engagement through simplified UX, all while reducing overall development complexity. Let’s take a closer look here.
For users, the top benefits of embedded wallets include:
Simplified onboarding: Users can easily engage with an application without needing to navigate the complexities of traditional wallets or browser extensions.
Improved User Experience (UX): Embedded wallets create a seamless in-app experience, removing the need for separate wallet applications.
Easy self-custody: Users maintain full control over their assets and private keys without needing to manage seed phrases directly, ensuring a more user-friendly self-custodial experience.
Reduced Friction: Eliminating the need for external wallets reduces friction for users unfamiliar with web3 concepts.
Flexibility and Control: Users can export their private keys, offering an "escape hatch" to other wallet solutions if desired.
Potentially lower gas fees: Features like gas sponsorship and smart wallet functionality can simplify transactions for users and potentially reduce gas costs for users.
On the developer side, key benefits include:
Increased user engagement: By simplifying the onboarding and UX, embedded wallets can help attract and retain more users within your application.
Customizable UI: Developers can customize the wallet UI to align with their application's design and provide a more integrated user experience.
Cross-chain compatibility: Embedded wallets can support various blockchains, including Ethereum, Solana, and all EVM-compatible chains, enabling broader reach for applications.
Access to powerful features: Utilize features like gas sponsorship, transaction batching, and smart wallet capabilities to enhance the user experience and application functionality.
Reduced development complexity: Embedded wallets handle the key management and security aspects, freeing up developers to focus on building core application logic.
Continued interoperability: Embedded wallets can be designed to work seamlessly with other integrations and wallet connector solutions.
Improved security: Strong embedded wallet infrastructure ensures high uptime, low latency, and employs secure hardware and client-side computation to safeguard user assets and private keys. They come bundled with transaction simulation, policy engines, and more to help protect users from threats on the web.
How embedded wallets work: architecture and infrastructure
Next, we will explore how embedded wallets work with a little more detail. Embedded wallets systems typically include features like key management logic, transaction signing, and user authentication. They can be configured to support different custody models depending on product needs.
Under the hood, embedded wallet systems generally rely on one or more of these foundational key security methods to protect users’ private keys: Shamir’s Secret Sharing (SSS), Threshold Signature Schemes (TSS), and Trusted Execution Environments (TEEs). These techniques allow applications to perform critical cryptographic operations—like key generation and transaction signing. While each approach has different trade-offs in terms of security, performance, and custody flexibility, they all enable developers to embed secure key management directly into their apps.
At Privy, we use multiple of these solutions in tandem to improve all tradeoffs and offer best-in-class security and performance. Let’s consider the pros and cons of each of these different embedded wallet architecture options:
Shamir’s Secret Sharing (SSS) in embedded wallets
Shamir’s Secret Sharing (SSS) is a time-tested cryptographic technique that splits a private key into multiple shares, with a threshold number required to reconstruct the original key. This approach guarantees perfect secrecy—fewer than the required number of shares reveals no information about the key itself.
SSS has the advantage of being mature and well-understood, with decades of real-world use and strong open-source support. Its flexibility allows developers to store shares across different systems or parties, and to rotate or destroy compromised shares without needing to overhaul the entire architecture. Because most operations happen client-side, SSS scales efficiently and supports fast transaction signing—20 to 40 milliseconds is typical with a well-optimized setup.
However, SSS does come with some trade-offs. Since the private key must be reassembled in order to sign transactions, there’s a single point of failure at the point of reconstitution. While this risk is localized to individual users rather than systemic, it requires a well-secured execution environment. SSS also lacks built-in verifiability—this means SSS must be supplemented by code and processes that there’s no cryptographic way to prove that a key was generated correctly or that shares have been securely destroyed.
Threshold Signature Schemes (TSS) in embedded wallets
Threshold Signature Schemes (TSS) (often referred to as MPC) enable multiple parties to collaboratively produce a cryptographic signature without ever reconstructing the private key. This eliminates the single point of failure inherent in schemes like SSS, since no party ever possesses the full secret. While TSS can be implemented across decentralized networks, most embedded wallet use cases rely on simpler two-party setups, where signing is split between the user and the service provider.
The primary advantage of TSS lies in its security model: because keys are never reassembled, there’s no single point of failure. It also offers flexibility in how trust is distributed—developers can design systems that span multiple parties depending on their threat model and custody requirements.
That being said, TSS is still an emerging cryptographic primitive. The first efficient two-party ECDSA protocol only arrived in 2017, and most available libraries remain relatively immature, with few production-grade implementations at scale. This makes TSS systems more complex to build and audit, increasing the surface area for potential vulnerabilities. Performance is also a challenge—unlike SSS, which can sign in tens of milliseconds, TSS often requires network roundtrips for each signature, introducing latency that can stretch to multiple seconds in real-world conditions.
Trusted Execution Environments (TEE) in embedded wallets
Trusted Execution Environments (TEEs) run cryptographic operations within a secure hardware enclave, ensuring that private keys are never exposed and that only authorized code can execute. Clients can verify that the correct operations were performed through attestations, providing proof that key management was handled securely on the server-side.
TEEs offer strong security by leveraging hardware protections, making them more resilient than software-based solutions. They also scale well, offering lower latency and avoiding network roundtrips seen in TSS systems. However, the security of TEEs depends on the integrity of the enclave, which has historically been vulnerable to exploits. Additionally, TEE-based systems often require vendor-specific hardware (like Intel SGX or AWS Nitro), introducing potential hardware dependencies, vendor lock-in, and centralization risks. In short, it’s important to be aware that whoever owns the enclave owns the keys.
How Privy’s system works: embedded wallets built with TEEs and SSS for enhanced security and flexibility
At Privy, we use Trusted Execution Environments and Shamir’s Secret Sharing as layered components in our cryptosystem to offer best-in-class security and performance. Privy uses SSS to shard wallets into key shares, which are end-to-end encrypted and distributed across fully segregated services. To enforce reconstitution security and verifiability, Privy layers in TEEs, which offer a highly isolated and secure execution environment for reassembling keys, as well as built-in attestations for verifiability.
By utilizing these two technologies, Privy’s system guarantees that:
Keys are only stored as encrypted shares distributed across separate security boundaries.
Keys can only ever be accessed and reassembled within TEEs for specific operations, under the wallet owner’s control.
Next, we will explore the top use cases for embedded wallets, and the industries that are most benefitting from this technology.
Embedded wallets use cases
Embedded wallets power a wide range of applications, such as:
Fintech and Payments – Enable seamless crypto onboarding, investing, and treasury management.
DeFi and Trading – Let users trade, swap, and stake assets without leaving your app.
Consumer Applications and Gaming – Power in-app asset ownership, rewards, and user identity.
AI and Onchain Agents – Equip autonomous agents with wallets for secure onchain interaction.
Most of these use cases fall into two core categories: holding value and/or moving assets. In the first, users need to buy, hold, or trade digital assets—whether it’s crypto on a trading platform, stablecoins in a neobank, or in-game tokens. In the second, users are primarily transferring value—sending stablecoins across borders, funding apps, or enabling P2P payments. Embedded wallets enable both with seamless, secure user experiences built directly into products. Let’s take a deeper dive into the top use cases for embedded wallets.
Embedded wallets use case #1: holding value
Embedded wallets unlock new possibilities for apps that allow users to buy, hold, and sell crypto assets—whether they’re trading tokens, earning rewards, or collecting in-game items. By integrating wallets directly into the product experience, developers can eliminate the need for users to connect third-party wallets like MetaMask or Ledger, making the process faster, safer, and more intuitive.
This seamless experience is especially powerful for trading platforms and neobanks, where users can fund a wallet once and execute trades, set limit orders, or automate strategies like dollar-cost averaging without ever leaving the app. It also enables more complex use cases, like AI-driven trading agents or embedded DeFi tooling, with minimal friction.
For consumer, gaming, and creator apps, embedded wallets make it easy to onboard users and let them earn or collect digital assets as they use the product—whether it’s tipping a creator for a social post, unlocking a collectible in a game, or redeeming rewards in an app that hold real-world value. These assets can be stored in wallets created invisibly behind the scenes, helping the product feel familiar and accessible, even if users have never interacted with crypto before.
Embedded wallets use case #2: moving assets
Embedded wallets are a powerful foundation for products that help users move money across a range of distances. From peer-to-peer payments to business payouts, embedded wallets allow apps to offer fast, low-cost transfers using stablecoins and other digital assets, without requiring users to link a traditional bank account.
Products like global Venmo alternatives, crypto-native neobanks, or treasury management platforms can use embedded wallets to let users hold stablecoins like USDC and send funds instantly. This unlocks secure, permissionless value transfer for users without access to traditional banking, and streamlines B2B use cases like payroll, invoicing, and cross-border disbursements.
With built-in wallets, these systems can offer intuitive UX (e.g. abstracting away blockchain complexity) while still giving users full control over their funds.
Why choose Privy.io for embedded wallets?
With a better understanding of what exactly embedded wallets are and why developers are using them today, you may be asking: why should I choose Privy for embedded wallets?
Privy is chosen by developers because it provides a production-grade embedded wallet solution built for scale, speed, and security. Architected for self-custody, Privy combines best-in-class key management—leveraging both key splitting and secure enclave technologies—to eliminate single points of failure and put users in control. With sub-100ms signing latency, clear uptime guarantees, and support for over 50 million accounts, Privy is battle-tested in production at scale.
Privy’s wallet infrastructure gives you the flexibility to manage key signing directly or integrate onchain infrastructure like smart accounts out of the box. Wallets ship with features including:
Cross-chain usage: Create and manage wallets on all EVM- and SVM-compatible blockchains, including Ethereum, Base, Arbitrum, HyperEVM, Solana, and Eclipse. Users can also utilize the underlying cryptographic keys directly to transact on other chains, like Bitcoin, Spark, TRON, Stellar, and more.
Robust transaction controls: Execute arbitrary transactions with wallets, such as transferring funds and arbitrary interactions with smart contracts. Make transactions idempotent to ensure that they are only submitted once in case of a retry.
Onchain indexing: Broadcast transactions onchain and register event listeners (via webhooks) on transaction status, deposits, and withdrawals.
Powerful policy engine: Enforce granular policies what actions a wallet can take, set allowlisted contracts or recipients, maximum amounts to be transferred, restrictions on smart contract calldata, and more. Enforce MFA on transactions, require approval signatures from a quorum of parties, and more.
Flexible custody model: Cryptographically enforce a chain of custody on wallets, allowing you to require approvals from m-of-n parties to execute certain wallet actions.
Automated gas sponsorship: Never worry about topping up a wallet. Keep wallets loaded to pay for transactions at all times.
Rich onchain integrations: Leverage features like Privy’s wallet UI library, RainbowKit connector, transaction and balance webhooks, or automated gas management to streamline your integration with the blockchain.
Conclusion
Embedded wallets are transforming how developers bring users onchain—powering everything from global payments to in-app rewards, trading, and beyond. By integrating secure, seamless wallet infrastructure directly into your product, your team can unlock new capabilities, improve UX, and scale with confidence.
To learn more and start building with production-ready embedded wallets, visitprivy.io.