I'm a product designer. This is me architecting an entire wallet — end to end.
Your keys.
Made usable without
lying about the risk.
Self-custody is a promise most wallets don't keep well: hand a person absolute sovereignty, then hand them the entire burden of a private key. Custos is my end-to-end study of the whole system — HD key management, an on-chain swap engine, a transaction state machine, gas, multi-chain, and the security-critical UX — designed so the sovereignty is usable, and so the interface never pretends the risk is smaller than it is.
What this is. Custos draws on real production work and is rebuilt here as an independent study under a fictional brand and original IP. It is a design-and-architecture study — not a live product, and it has not undergone third-party security audit. Names and figures are abstracted.
Where my domain ends. I design the system and the security-critical UX. I do not offer wallet security as a service. On a fully compromised device, no browser or app can guarantee what-you-see-is-what-you-sign; a phishing blacklist lags real attacks; honeypot detection is a probabilistic signal, not a guarantee. Everything here sits on top of standard defence-in-depth and a real security team's audit — never in place of them.
Sovereignty is easy to grant and brutal to carry.
"Not your keys, not your coins" is a good principle and a terrible onboarding experience. The moment a wallet is truly self-custodial, the user inherits everything a bank used to absorb: key generation, backup, phishing, approval risk, gas, failed transactions, fake tokens.
So the design job isn't to hide that burden — hiding it is how people lose everything. It's to sequence it, make each risk legible at the moment it matters, and refuse to let the interface imply a safety it can't deliver. That principle runs through every module below: make the honest thing the easy thing.
Nine module groups. One path from tap to chain.
Every layer a self-custody wallet needs — and the honest division of labour between what the client does and what the chain does. Tap a module to inspect it, or trace a full swap through the stack.
Entry layer
Wallet core (on-device)
Connectors · DEX engine
Blockchain interaction
On-chain
The key is generated on the device and dies in memory.
Standards do the cryptography — BIP39 entropy → mnemonic, BIP32/44
HD derivation at m/44'/60'/0'/0/x, a JSON Keystore encrypted with AES-256-GCM
behind a scrypt-derived key. The design job is the choreography around them: generate, use, and
wipe, with the secret spending as little time in memory as possible.
(scrypt N=262144)→ Secure storage
WhenUnlockedThisDeviceOnly), Android Keystore + EncryptedSharedPreferences, Web
IndexedDB + a non-extractable WebCrypto key.The four steps that decide whether a beginner survives.
Password → seed reveal → forced verification → address. This is a simulation — it generates nothing real and stores nothing. It shows the security gating: the seed is hidden until acknowledged, screenshots are discouraged, and you can't proceed without proving you saved it.
Bring your own wallet, one abstraction.
WalletConnect V2
QR / deep-link relay sessions, auto-reconnect, chain & account change events — the mobile-wallet bridge.
EIP-1193 injected
MetaMask and other injected providers via the standard request interface — the desktop path most users take.
wagmi + viem
One connector abstraction over both, with typed calls, session persistence, and unified state — the internal wallet and external wallets speak the same interface downstream.
Quote, exact-approve, swap, and a transaction that tells the truth.
The swap output is computed live with the constant-product formula (x·y=k)
against a mock reserve, so price impact and minimum-received are real maths, not decoration. Approval
defaults to the exact amount — never MaxUint256. Then the transaction moves
through a state machine that shows pending, confirmations, success, or a decoded failure — because "it's
processing…" forever is how wallets lose trust.
The interface's job is to make the dangerous thing visible.
Three of the failure modes that actually drain wallets — infinite approvals, blind signatures, and malicious contracts — surfaced as design. Tap through them.
Institutional-grade calm for a high-stakes surface.
A dark, high-contrast system — deep navy grounds, electric blue for action, semantic green/amber/red that never carry meaning by colour alone. Money data uses a monospace so digits align; nothing critical is below 15px; touch targets clear 44px; motion is subtle and reduced-motion-safe.
Ten screens share it: assets overview, send/receive, swap, DApp browser, token detail, token manage, create, import, the transaction-confirm modal, and approval management.
Knowing what not to build is the design.
The architecture is exhaustive; the first release should not be. Scoping an 8-week MVP — and naming what to refuse — is where a designer earns the "product" in product design.
What this evidences — and what it does not.
See it move, or read the neighbours.
A designer who can architect the whole system — and scope it honestly.
That's the signal Custos is meant to send: system depth, security literacy, and the discipline to say what a concept does not prove.