Wallets are usually blockchain viewers; private key generators; swapping operators; bridging connectors.

Currently most Wallets have been designed for retail use where the digital values held and small. This can be a challenge when the value is considerable and reliance must be placed on one browser and wallet on a smartphone. If the first instance these should be run behind a corporate firewall.

Ideally a wallet should be held on a stripped down desktop with few apps and interactions. It should be air gapped where possible, especially when not in use.

Code risk (1)
Does the wallet use google analytics?
1.61 Wallets that create private keys need enhanced security
Is the wallet open source?
1.64 Open source wallets state how they generate private keys and code dependencies
Does the wallet allow you to copy phrases / private key to the clipboard?
1.77 Copy and pasting data to a Clipboard is inherently insecure as other applications and domains may have access to it; data maybe stored in plain text; data may be archived to a cloud service without your knowledge. Although there is a move towards a universal clipboard with accompanying standards, the big tech companies have struggled to agree. Consequently developers may have to code workarounds. A private key is the value of the digital asset and needs to be very secure. Many wallets create backup seed phrases for recovery purposes. These need to be written down but many actors copy and paste into password managers.
Does the wallet provider conform to the CCSS?
Governance risk (3)
Are the owners / controllers known?
3.65 Ownership and control of a wallet need to be assessed
Loss or Theft risk (12)
Is the wallet opening ceremony audited?
12.127 For indemnification purposes, wallets must be opened following rigorous security procedures
Is the wallet (software / hardware) purchased or obtained directly from the provider?
12.128 Wallets must be obtained directly from the issuer and not from resellers. Software / apps must be downloaded from the providers website or repository. Hardware must be sealed and sent by approved courier from the provider.
Operated by BinariiLabs
Privacy disclosure

We respect, as should all of us, your privacy. We aim to collect as little as possible. We use no marketing cookies and try to keep our code dependancies to a minimum. If you think we can do better, let us know. Further information: Privacy Policy

Show cookies (should be none)

No financial advice

These global standards, best practice guidance and risk due diligence questions are an attempt to make DeFi a level playing field. They are not intended to provide any investment advice. Claims made in this website do not constitute investment advice and should not be taken as such. In the meantime, it would be very useful if the jurisdictional regulators would start working together and treating these new financial related projects as a different form of instrument. The Howey Test (1946) was designed in an era of deeds of title and paper bearer certificates. DeFi can be humanless and profit is not always the motive for using protocols. TradFi Derivatives for example are based on underlyings of real assets like the fair value of incorporated companies whose value is derived from fiat currencies which are themselves derivatives on an underlying like gold or a printing machine. Fiat is seen to be a real asset which it clearly is not. The new DeFi world matches actors with agendas. Most of the time the agenda is to do things better and faster. Defi enables everyone including the bankless and unserved members of the community to transact without having to understand how to use Excel or have an MBA from an elite university or be able to able to decipher the millions of pages of legal text opinions as to whether a bitcoin is a currency, a security, a commodity, a derivative, an underlying, a valueless number, type of gambling or something that will just go away. While we wait for a consensus by the old guard, the new guard will create their own computer based standards. Our aim is to turn these standards into bots or smart contracts that do all of this behind the scenes. Image a world where the community agree on how to transact and just do it without a parental overseer who is always a bit behind the curve...


You can grab this data (=importdata(api)) for free. The full data set is here at


If you have a key you can grab completed rddqs for the most current relevant actor services at


Collateral & Code

Hero image from freePik.com

Actor Icons from svgRepo.com.

Other icons from cryptoLogos.

DeFi Universe coinMarketCap.com

Our Logo Icon (svg).

Our Brand Logo (svg).

See our tech profile at builtWith.com





VASP lists.