What Is Wallet-as-a-Service? A Complete Guide for Crypto Builders in 2026
A 2026 guide to wallet-as-a-service (WaaS) — what it is, when to use it, how non-custodial WaaS differs from custodial, and how to choose a vendor.
Wallet-as-a-service is the boring layer that decides whether your crypto app ships in six weeks or six quarters. Pick the wrong abstraction and you will spend the next year writing key-management code instead of product.
Every team building on-chain hits the same wall. You want users to sign a transaction. To do that, you need a private key. To safely hold a private key you need an HSM, or MPC, or social recovery, or all three. You need it on iOS, Android, web, and probably a backend signer too. You need it on Ethereum, Base, Solana, Bitcoin, and whatever chain your largest customer asks for next quarter. You need audited code, recovery flows, gas sponsorship, and a webhook when a transaction lands. None of that is your product. All of it is required for your product to exist.
Wallet-as-a-service exists to make that problem someone else's job. This guide is a technical walkthrough of what a WaaS platform actually is, what sits inside it, when to use it, when not to, and how to evaluate one.
A short history: from custodial exchanges to embedded WaaS
The first generation of crypto user accounts were exchange accounts. Coinbase, Mt. Gox, and Bitstamp held your keys and showed you a balance. The user experience was great. The trust model was a single point of failure, and the regulatory model was "we are a money transmitter, please don't sue us." Billions of dollars later, the industry learned that custody is hard.
The second generation was browser extensions: MetaMask, Phantom, and the long tail of forks. Keys lived on the user's device. The trust model improved. The user experience collapsed. Anyone who has watched a non-crypto-native user write down a seed phrase knows this is not a path to a billion users.
The third generation, roughly 2020 to 2023, was MPC and smart-contract wallets. Fireblocks productized institutional MPC. Argent and Safe brought account abstraction to consumers. Privy, Dynamic, Magic, and Web3Auth packaged the cryptography behind an SDK so an app developer could call wallet.create() instead of running their own threshold signing infrastructure.
That is the category we call wallet-as-a-service today. The pitch is straightforward. You get a signing API, a recovery flow, and an SDK that runs on every platform your users live on. The vendor handles the key shards, the audits, the chain integrations, the gas estimation, and the on-call rotation. You ship product.
The fourth generation, which is where 2026 lives, is multi-chain embedded WaaS with first-class account abstraction, passkey recovery, and a node and indexer underneath the same API. The interesting question is no longer "should I use a WaaS?" It is "which one, and how do I avoid lock-in?"
What sits inside a wallet-as-a-service platform
A serious wallet-as-a-service platform is six or seven separate systems behind one SDK. If you only see "create wallet" and "sign transaction" in the docs, you are looking at a demo, not a platform.
The technical primitives you should expect:
- Key generation and storage. Usually threshold signatures (MPC, often GG20 or CMP for ECDSA, FROST for Schnorr) or Shamir secret sharing across user device, vendor, and a recovery shard. The key is never reconstituted in one place.
- Signing. A signing API that speaks the chain-native formats: secp256k1 for EVM and Bitcoin, ed25519 for Solana and Aptos, BLS12-381 for chains that need it, plus message standards like EIP-191 and EIP-712 for typed data.
- Account abstraction. ERC-4337 bundlers and paymasters for EVM chains so users can pay gas in stablecoins or have the app sponsor it. On other chains, this looks like fee delegation or sponsored transactions.
- RPC and node infrastructure. A read and write path to each chain that does not depend on a public RPC that rate-limits you at 3 a.m. on launch day.
- Gas estimation and resubmission. EIP-1559 fee logic, mempool monitoring, automatic replacement transactions when a nonce stalls. This is the unglamorous code that decides whether your "send" button feels reliable.
- Recovery. Passkey-based recovery, social recovery via guardians, email plus device, or some combination. The recovery flow is the single biggest UX decision in your wallet stack.
- Indexing and webhooks. A consistent view of balances, NFTs, and transaction history across chains, plus webhooks that tell your backend when something changes on-chain instead of you polling.
- Compliance hooks. Travel rule support, screening, and the audit trail your future BSA officer will want.
The right mental model is "Stripe for keys." You are not paying for a cryptography library. You are paying for the cryptography library plus the chain integrations plus the operations plus the audits plus the on-call. A typical in-house build of the same surface is twelve to eighteen months of senior engineering before you ship the first user-visible feature.
A minimal API surface looks roughly like this:
const wallet = await blocsafe.wallets.create({ chains: ["ethereum", "base", "polygon", "solana"], recovery: "passkey", owner: { userId: "u_8421" }, }); const tx = await blocsafe.wallets.sign({ walletId: wallet.id, chain: "base", transaction: { to, value, data }, }); await blocsafe.webhooks.subscribe({ walletId: wallet.id, events: ["transaction.confirmed", "balance.changed"], });
Everything else, from passkey ceremony to bundler selection to nonce management, sits behind those calls.
Non-custodial vs custodial WaaS
The label "wallet-as-a-service" covers two very different products, and confusing them will get you in regulatory trouble.
Custodial WaaS means the vendor controls the keys. Your users authenticate, the vendor signs, the vendor is on the hook if funds move incorrectly. This is the model behind most exchange-built wallet APIs and some institutional offerings. It is operationally simple and legally heavy. In most jurisdictions you are now either a money transmitter, a virtual asset service provider, or relying on the vendor's license, which means your product lives or dies by their compliance posture.
Non-custodial WaaS means no single party can move funds alone. MPC splits the key. Smart-contract wallets require the user's signer. Shamir shards live on the user's device and a recovery service. The vendor cannot unilaterally sign. This is the model most modern wallet APIs ship by default, including Blocsafe, and it is the only model that lets a consumer app credibly say "we do not hold your funds."
| Dimension | Custodial WaaS | Non-custodial WaaS |
|---|---|---|
| Key control | Vendor holds full key | Split across user, vendor, recovery |
| Regulatory burden | Heavy (MTL, VASP, BitLicense) | Lighter; varies by jurisdiction |
| User onboarding | Email and password | Passkey, social, MPC, or smart account |
| Recovery | Vendor resets account | Passkey, guardians, or shard recovery |
| Failure mode | Vendor compromise drains users | User device loss without recovery |
| Best for | Exchanges, regulated fintechs | Consumer apps, games, payments |
Pick custodial only when you have a real reason: you are already a licensed custodian, your users explicitly want a brokerage relationship, or your jurisdiction requires it. For most builders shipping a consumer or developer product, non-custodial WaaS is the right default.
How WaaS pricing usually works
Pricing in this category is not standardized, which makes comparison painful. Three models dominate.
Per monthly active wallet (MAW or MAU). You pay a few cents to a few dollars per wallet that signed at least one transaction in the month. This rewards engagement and punishes dormant accounts. Good for apps with steady DAU. Painful if you have a long tail of one-time users.
Per wallet created. A flat fee at creation, then either free or metered usage. Predictable for growth modeling. Dangerous if you have bot signups or speculative airdrop traffic.
Per API call or per signature. Closer to AWS-style metering. Every signing call, every RPC read, every webhook fires a meter. Best for backend-heavy use cases like payments and treasury, where wallet count is small but call volume is high.
Most serious vendors blend the three. Expect a base platform fee, a per-MAW component, included RPC credits, and overage pricing for signatures and indexer queries above some threshold. Watch for hidden charges in three places: gas sponsorship markups, chain-specific surcharges on non-EVM networks, and SLA tiers that lock support response time behind enterprise contracts. Ask for a 12-month projection with your real usage curve before you sign anything.
When you should NOT use WaaS
Wallet-as-a-service is the right answer for most teams. It is the wrong answer for some.
You are building a self-custody hardware product. If your value proposition is a hardware wallet, a secure element, or an air-gapped signer, the entire point is that no service touches the key. A WaaS SDK undermines the pitch.
You are a regulated custodian. If you already hold a trust charter, a BitLicense, or a VASP registration and your product is custody, you have likely built the equivalent of WaaS in-house and your auditors will not love a new third-party dependency in the signing path.
You run high-frequency, batched-signing infrastructure. Market makers, MEV searchers, and large bridges sign at rates and latencies that vendor APIs are not designed for. Sub-millisecond signing on a fixed key set is usually a local HSM or in-process signer job, not a network call.
Your threat model excludes any cloud signer. Some institutional and national-security use cases require that no key material, ever, in any form, touches a multi-tenant service. That is a valid constraint and it rules out almost every WaaS vendor.
If you are not one of those four, you are probably better off using WaaS and spending your engineering time on the product that actually differentiates you.
A buyer checklist
Take this into every vendor call. If they cannot answer cleanly, keep looking.
- Key custody model. MPC, Shamir, smart-contract wallet, or hybrid? Who holds which shards, and what happens if the vendor disappears?
- Supported chains. Which chains today, which on the roadmap, and how long does adding a new chain take? Multi-chain support is easy to claim and hard to maintain.
- Signing latency. P50 and P99 signing latency for a single ECDSA signature, measured from SDK call to signed payload. Anything over 500 ms at P99 will be felt by users.
- Recovery flow. Walk through the exact UX when a user loses their device. Passkey, guardians, email, hardware? How long does it take?
- SDK platforms. Native iOS and Android, React Native, web, and a server SDK in your backend language. Wrappers around a web SDK do not count.
- Security posture. SOC 2 Type II, SIG, penetration test cadence, bug bounty, and the names of the firms that audited the cryptography.
- Pricing transparency. A written price sheet, not a "let's jump on a call." If the pricing requires a sales motion, your growth modeling will too.
- On-call and SLA. Production support response time, incident communication, status page history. Look at the last 12 months of incidents, not the marketing page.
Where Blocsafe fits
Blocsafe is non-custodial wallet-as-a-service for teams that want one API across 30+ chains. We ship MPC-backed wallets with passkey recovery, ERC-4337 account abstraction on supported EVM networks, native signing on Solana, Bitcoin, and the long tail of non-EVM chains, plus the RPC nodes, the indexer, the webhooks, and the payment gateway underneath the same SDK. The opinion behind the product is simple: a wallet API should let you ship a multi-chain app in a weekend, and it should never be the reason your users cannot recover their funds.
You can sign up for Blocsafe and complete business verification at /signup.
Blocsafe Engineering
Blocsafe is non-custodial Wallet-as-a-Service infrastructure for multi-chain apps. We write about the wallet, node, and on-chain primitives that production teams need.
Ready to ship a non-custodial wallet?
Get access to Blocsafe →