Understanding Self-Hosted Crypto Wallets

What is a Self-Hosted Wallet?

A self-hosted wallet is any crypto wallet where the user, not a third party, controls the private keys. This is distinct from custodial wallets, where a service provider manages the keys. Self-hosted wallets offer autonomy and security but come with the responsibility of safeguarding the private keys. A lost private key means complete loss of access to the funds stored in the wallet.

Benefits of self-hosted wallets include:

  1. Privacy: Users’ transactions aren’t tied to their personal identities.
  2. Security: No third-party risks of data breaches or hacks.
  3. Financial Freedom: Users retain total custody of their assets.

Challenges include the risk of key loss, the absence of customer support, and increased complexity for verifying transactions due to regulatory requirements.

Why is Wallet Ownership Verification Necessary?

  1. Regulatory Compliance (AML/CFT)
    Authorities are implementing Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) measures to ensure that cryptocurrencies aren’t being used illicitly. Verifying wallet ownership helps regulated institutions confirm that funds are under the control of the intended, authorized individuals.

    The FATF Travel Rule requires cryptocurrency businesses like exchanges and payment services to collect and share sender/receiver information for transactions exceeding a certain threshold (set at $1,000 or €1,000 in many jurisdictions).

  2. Transparency and Preventing Criminal Activity
    Criminals can use unhosted wallets because they enable direct control of funds and greater anonymity compared to hosted wallets (which are operated by providers such as crypto exchanges). Ownership verification ensures that funds are tied to a legitimate owner, preventing misuse of self-hosted wallets for illicit activities.
  3. Trust in Transactions
    For peer-to-peer or institutional transactions involving large amounts of crypto, counterparty verification can boost trust. For example, a company might want proof that a specific wallet belongs to a legitimate business before engaging in a transaction.
  4. Institutional Adoption
    As cryptocurrencies start becoming a part of enterprise finance or cross-border settlements, ensuring the legitimacy of wallets is critical for compliance and security in the broader financial system.

When is Wallet Ownership Verification Required?

Wallet ownership verification is not always required, but here are some scenarios where it commonly arises:

  1. Withdrawals from Centralized Exchanges
    When users withdraw funds from a regulated cryptocurrency exchange (e.g., Binance, Coinbase, Kraken) to an external self-hosted wallet, they may be asked to prove they own the destination wallet, especially for large transactions that exceed regulatory thresholds (e.g., $1,000 or €1,000 under FATF guidelines).

  2. Onboarding Institutions or High-Value Clients
    Some financial institutions or payment processors require verification when onboarding clients who use self-hosted wallets, particularly companies handling significant crypto payments or investments.

  3. Cross-Border Transactions
    In cross-border payments involving regulated financial service providers, wallet ownership verification may be required to comply with both local AML laws and international standards.

  4. Over-The-Counter (OTC) Trades
    OTC desks that facilitate large transactions between buyers and sellers often require proof of wallet ownership to ensure compliance and reduce risks of fraud.

What Do Wallet Owners Need to Do to Prove Ownership?

Wallet owners can prove ownership of their self-hosted wallets through a variety of methods. These are the most common approaches:

  1. Manual Signing Method
    This cryptographic approach uses a user’s wallet’s technical capabilities to digitally sign a message, proving ownership of a specific wallet address. Wallet owners interact with a VASP by providing this signature as proof.

    How It Works    : 1) a VASP sends a request for digital signature verification, 2) the customer uses their wallet interface to generate a signature and provide it to the VASP, 3) the VASP validates ownership cryptographically, ensuring AML compliance.

  2. Visual Proof Method
    Users provide visual evidence—like a screenshot or video clip—of their wallet and transaction details as proof. This method is simpler but far less secure than cryptographic methods.

    How It Works    : 1) a wallet user takes a screenshot (or video) of the wallet showing the transaction address, 2) the evidence is sent to the VASP for manual verification, 3) if the wallet address matches, the transaction proceeds.

  3. Satoshi Test
    The Satoshi Test involves sending a small, randomly specified amount of cryptocurrency from the user’s wallet to a designated address controlled by the VASP. This method serves as proof of wallet ownership.

    How It Works: 1)     a VASP requests the user to perform a microtransaction of, say, 0.0000001 BTC (“1 satoshi”), 2) upon receiving the correct amount, the VASP confirms the wallet’s ownership.

What is AOPP?

AOPP, short for Address Ownership Proof Protocol, is a simple protocol designed to securely and cryptographically verify that someone controls a specific cryptocurrency wallet address. It allows to simplify verification process.

The AOPP system leverages the digital signature feature inherent to cryptocurrency wallets. When someone wants to prove that they own a wallet address, they sign a message with the wallet’s private key. This signature can then be verified without ever exposing the private key. Here’s a step-by-step breakdown of how it works:

  1. A regulated cryptocurrency exchange or service provider requests proof of ownership for a specific wallet address. This can be part of a withdrawal or compliance flow.
  2. The entity generates a challenge message for the user to sign, often based on a string that includes identifiable details (like a transaction ID or request message). The exact string depends on the service.
  3. The user opens their self-hosted wallet (hardware wallet, software wallet, mobile wallet, etc.) that supports AOPP.
  4. The wallet signs the generated message using the private key associated with the wallet address in question. The signature proves that the user has control over the private key without ever exposing it.
  5. The wallet sends the signed message back to the requesting institution (e.g., crypto exchange). This returned data includes the signed challenge and the public address.
  6. The requesting party verifies the cryptographic proof by checking that the returned signature matches the wallet’s public address and the initially sent message. If the signature matches, it serves as proof that the user indeed owns the wallet.

Key Features of AOPP

  1. Security: The protocol relies entirely on cryptography. Since the private key is never disclosed, the user’s wallet remains secure even during the verification process.
  2. Ease of Use: Simple implementations of AOPP can allow wallet users to verify ownership with just a few clicks, significantly reducing manual effort (compared to traditional manual methods like exporting and sharing wallet details).
  3. Privacy: AOPP helps ensure only necessary data is exchanged—primarily the cryptographic proof itself and nothing else about the wallet’s contents.
  4. Compatibility: Many popular wallets and services are building AOPP support. It’s becoming a cross-platform standard for cryptocurrency compliance, meaning users can utilize various tools to interact with regulated entities without being locked into one ecosystem.

List of Self-hosted Wallets

  • AirGap
  • Billfodl Steel Wallet
  • Bitbox Desktop Wallet
  • Bitcoin Core
  • Bitcoin Wallet (Android)
  • BitLox
  • BitPay Wallet
  • BlueWallet
  • BRD (Breadwallet)
  • Breez
  • Coinkite Coldcard
  • Coinomi
  • Edge
  • Electrum
  • Exodus
  • Green
  • KeepKey
  • Ledger
  • MtPelerin
  • Mycelium Bitcoin Wallet
  • Phoenix
  • PINT wallet
  • Relai
  • Samourai
  • SimpleHoldWallet
  • Sparrow
  • Specter
  • Trezor
  • Trust Wallet
  • Wasabi
  • Zap