Beyond Seed Phrases
Seed phrases placed the burden of institutional-grade security on everyday users. JIL Wallet is designed for a more modern security model - one that supports self-custody without forcing users to rely on a single fragile secret phrase. The layers below work together as defense in depth.
Threat Model
The JIL Wallet security model is designed against three classes of threats: compromise of a single share or factor (phishing, device theft, credential leakage), compromise of the wallet provider (the JIL operator should not be able to move user assets unilaterally), and compromise of the underlying cryptography (forward-looking design for the era of stronger computational adversaries).
MPC distributed signing addresses class one - no single exposed factor compromises the wallet. The structural property that JIL holds no share that can sign alone addresses class two - the operator cannot become a custodian by accident or design. Post-quantum cryptographic primitives address class three - the system is designed to remain secure against adversaries with substantially greater computational resources than exist today.
Self-Custody Architecture
MPC 2-of-3 key splitting. You always hold a shard. No single party - including JIL - can access your assets alone.
Layered Authentication
Passkeys, biometrics, TOTP 2FA, device trust scoring. Multiple layers that adapt to risk level.
Post-Quantum Cryptography
Dilithium signatures and Kyber key encapsulation. Future-proof against quantum computing threats.
Recovery Without Compromise
Lost your device? Recover access through identity verification without exposing your keys or giving up self-custody.
Every layer of the JIL platform has been independently tested and verified by third-party security firms. The following assessments were performed across the full stack.
Penetration Testing
Full black-box and white-box penetration testing across all infrastructure layers - network perimeter, web application, smart contracts, and bridge relay attack surfaces. OWASP Top 10 and blockchain-specific threat models applied.
API Security Testing
Comprehensive REST API assessment covering authentication flows, authorization boundaries, input validation, rate limiting, session management, and data exposure across all wallet and enterprise endpoints.
Service Endpoint Validation
End-to-end validation of all microservice endpoints including inter-service communication, message queue integrity, database access controls, and TLS certificate chain verification.
Performance Testing
Load testing, stress testing, and capacity planning across settlement infrastructure, bridge operations, and wallet services. Validated under sustained production-scale traffic and peak-load scenarios.
Security Testing
Static analysis, dependency vulnerability scanning, secrets detection, and secure coding review across the full codebase. SAST and DAST tooling applied to all frontend and backend components.
Click each item to view test cases and results
The security testing and validation described on this page was performed by the following independent firms:
Emerging Technologies, LLC
Arizona, United States
BlockchainX
India
Assessment completed March 2026
Security is not a feature. It is the foundation.
Every layer of JIL - from wallet to bridge to settlement - is built with security as the primary design constraint, not an afterthought.