Skip to content

Reference stack

Build a crypto wallet and custody stack

A wallet and custody architecture covering onboarding, key management, transaction policy, qualified custody, compliance, fiat connectivity and network operations.

FintechsExchangesTreasuriesWeb3 platforms

Intended audience and markets

Audience

FintechsExchangesTreasuriesWeb3 platforms

Markets

Global subject to jurisdiction

Infrastructure layers

01

Embedded or application wallets

Required

Create wallet experiences and authenticate users.

Selection criteria

  • Custodial model
  • Recovery and export
  • Supported networks
02

Key management and policy

Required

Control keys, approvals and transaction policy.

Selection criteria

  • MPC or HSM model
  • Quorum and policy controls
  • Recovery and audit
03

Regulated or institutional custody

Optional

Use external custody where legal or risk requirements demand it.

Selection criteria

  • Legal entity and permissions
  • Asset and network support
  • Segregation and insurance
04

Blockchain compliance and Travel Rule

Required

Screen addresses and exchange counterparty data.

Selection criteria

  • Chain coverage
  • Risk methodology
  • Travel Rule interoperability
05

Fiat connectivity and liquidity

Optional

Fund, convert and settle wallet balances.

Selection criteria

  • On/off-ramp licences
  • Liquidity and settlement
  • Bank eligibility

Implementation sequence

  • Embedded or application wallets
  • Key management and policy
  • Regulated or institutional custody
  • Blockchain compliance and Travel Rule
  • Fiat connectivity and liquidity

Regulatory considerations

  • Custody, transfer, exchange and wallet services may each be separately regulated.
  • Self-custody UX does not eliminate sanctions, fraud or consumer-protection obligations.

Technical considerations

  • Threat-model account recovery, key compromise, insider risk and smart-contract interactions.
  • Use allowlists, policy approvals, simulation and transaction monitoring.

Questions to ask providers

  • Which legal entity contracts for each service and in which jurisdictions?
  • Which responsibilities remain with the product operator rather than the provider?
  • What are the implementation, approval, testing and migration timelines?
  • How are incidents, exits, data portability and business continuity handled?
  • Who can recover, freeze or move assets under each failure scenario?

What this stack does not cover

  • Token economics, DeFi protocol risk and investment advice are outside this stack.

Related stacks

Reviewed on 2026-07-07.

Provider options are examples of infrastructure roles, not endorsements or a guarantee of suitability, availability or regulatory compliance. Confirm requirements for your product with each provider and qualified advisers.