About
Secure digital asset custody without sacrificing convenience
What is Lockx
Lockx provides enterprise-grade digital asset security through soulbound NFT Lockboxes. We combine smart contract automation with patent-pending key fraction technology to eliminate single points of failure while maintaining the convenience and flexibility of standard wallets.
Traditional crypto custody forces users to choose between convenience and security. Hot wallets offer easy access but are vulnerable to phishing and hacks. Hardware wallets provide better security but require physical devices and complex backup procedures. Multisig solutions add security but increase operational complexity and require the management of multiple keys. Exchange wallets freeze accounts, enforce limits, and require identity doxing.
Our platform tackles the crypto wallet security problem on the token level, leveraging soulbound ERC-721 NFTs as untransferable and decentralized Lockboxes. Every Lockbox takes full advantage of its tokenized design, ensuring all operations are ownership-gated and require a separate signed authorization request from your Lockbox NFT's unique signing key, ensuring your assets cannot be drained or moved even if your primary wallet is compromised, phished, or attacked.
Our story
We began our journey in November of 2017 during one of the first crypto booms (and bust). Back when Bitcoin was at $8,300 and Ethereum was at $460. The thrill of learning and watching a revolutionary technology grow exponentially was nothing short of incredible. We learned all about cryptographic encryption, begged our friends to invest, and marveled about the decentralized and autonomous nature of the blockchain. We experimented with altcoins, got rugged, made money, and lost money.
After the crash that followed, like many others, we attempted to withdraw our funds from the exchange we were using. To no one's surprise, we were met with the dreaded notification: "Please take a picture of yourself holding your driver's license." "Please verify your income." "Daily withdraw limit reached." "Your account has been frozen for suspicious activity." Endless identity checks, KYC requirements, and arbitrary limits and account freezes that seemed more like it was preventing us from leaving, as opposed to protecting us from scammers.
This made us realize, this is not what the blockchain stands for. An exchange wallet where you have to dox yourself, face random freezes, and can't even withdraw all of your funds at once is no different from a regular bank. The blockchain is supposed to be decentralized, anonymous, and censorship free. From that point forward we switched to pure self-custody and never looked back.
In just a few moments we were able to create a MetaMask wallet and jumped right into experimenting with decentralized apps. We tried out web3 games, participated in beta programs, and even managed to score a rare Starbucks NFT on Polygon that we flipped for a 20x return.
Then came the wake-up call. A Discord notification from what looked like a legitimate NFT project led us to a polished website offering a "free mint." Without thinking twice, we connected our wallet and signed the transaction. In that single click, months of collecting and hard work vanished. Everything was gone after just one click.
This painful experience drove us to build something better. We realized the problem wasn't just the single private key design of wallets, but the fundamental trade-off between convenience and security. It seemed like the only options were to buy expensive hardware wallets or juggle multiple keys for a multisig wallet. While powerful and inherently safer than a single private key design, these wallet options lacked the one click experience we loved with regular hot wallets.
That's when we realized, instead of creating another security wallet, why don't we tackle this problem on the token level? If the tokens themselves can't be stolen or drained, then that solves the problem altogether. Combined with the inherent 1:1 non-fungibility, soulbound (untransferable) standards such as ERC-5192, and smart contract powered ownership gating and cryptographic authorizations, we realized we could encapsulate an entire security system within an NFT. A security system that doesn't require specialized hardware, a security system that doesn't require complex multi party signature workflows, a security system that any self custody wallet can own.
Our mission
Make self-custody simple, secure, and accessible for everyone. We believe users should maintain full control of their digital assets without compromising on security or convenience. Through advanced cryptography, smart contract design, and NFT and tokenization technology, we're building the infrastructure for safer digital asset management.
What we stand for
| Core value | Why it matters |
|---|---|
| Self-sovereignty | Users should own their keys. Your keys, your coins. Free from insider abuse, government overreach, neverending KYC, and more. |
| Transparency | Open code, immutable contracts, public audits, and full key export with our service ensure you are always aware of the state of your assets. |
| Simplicity | Lockx is purposefully made to be simple. Deposit and withdraw from your personal safe deposit box. Use your secondary key to approve. Done. No tokenomics or arbitrary middleware tokens to buy. |
| User experience | Lockboxes are a simple token drop-in for your existing wallet. Retain the convenience of hot wallets and continue to use your current keys while receiving powerful dual-key security. |
| Zero trust | Our web app and interface ultimately has no impact on smart contract functionality. Even if our systems go down, the smart contract will continue to operate autonomously. |
How we work
Dual-key authorization
While self custody gives you full sovereignty over your keys, it also means you need to manage and protect those keys from hackers, phishing, and scams. These attacks target private keys as the obvious single point of failure. If your wallet key gets compromised, your entire wallet is at risk and your assets can be drained instantly with no recovery option.
Lockx solves this by using smart contract-powered dual signature security for every Lockbox. Your wallet that owns your Lockbox is required to initiate withdrawals and a secondary EIP-712 typed signature from your Lockbox is required to authorize it.
Soulbound security
Every Lockbox is soulbound and permanently locked within your wallet ensuring your Lockbox can never be drained or phished out of your wallet. An attacker would need to directly target the assets secured within your Lockbox, which always requires dual-key authorization as described above.
Key fraction technology
Drawing inspiration from real-life safe deposit boxes and bank vaults that require multiple keys at the same time, we created a cryptographic method that combines multiple key fractions together to create your unique Lockbox key. This unique key is created by combining your wallet signature with a random encrypted value that we store within FIPS validated cryptographic modules. When you want to access your Lockbox, you produce your key fraction half by signing with your wallet, and we combine these key fractions together to create your unique Lockbox signing key. After use, the created key is removed from memory and its signature is invalidated permanently.
Since we only store the encrypted fraction, any compromise on our system cannot access your funds, as attackers would only see encrypted fractions that are useless on their own. Additionally, since your key fraction half can always be created from your existing wallet, you can recreate your keys anytime on-demand without needing to manage or juggle additional keys. By recreating your keys on-demand (instead of storing in persistent memory), exposure risk from automated trojan malware or chrome browser attackers that steal keys stored within your local devices is completely removed.
While our key fraction technology is intended for automated convenience and exposure mitigation, we always allow for full seed phrase export for any key created through our system, ensuring you are never locked out of your funds even in the event our system goes down.
No KYC required
We don't require KYC, IDs, SSNs, or emails to use our platform. Instead, we use simple mobile-based 2FA authentication that works with apps like Google Authenticator and Twilio Authy. Since mobile 2FA validates 6 digit rotating codes that is stored locally on your mobile device, it comes with the advantage of never needing to reveal yourself as the authenticator. Our servers would only see and authenticate the current 6 digit code that is required for authentication.
Additionally, we also employ our key fraction technology when creating your 2FA (TOTP) secret. The QR code or 2FA secret that you scan within your existing mobile authentication application is created through the same manner as we do your Lockbox keys: we combine your wallet signature with a random encrypted value that we store within FIPS validated cryptographic modules. This differs from traditional web2 systems, as they typically have to store your 2FA secret on their servers in order to match and validate it against your 6 digit 2FA codes, requiring some degree of trust within their system. Our key fraction system removes this trust requirement completely, as our system only stores its own encrypted fraction, not the 2FA secret itself. Verifying 2FA requires your wallet signature to recreate your original 2FA secret you scanned within your wallet, and your 6 digit code is matched and validated on demand, with the 2FA secret being discarded from memory immediately after verification. Our system is entirely trustless, as we only store encrypted fractions that are entirely useless on their own.
Privacy by design
We leverage the non-fungible nature of NFTs to enforce ownership-gated requirements for all functions in our smart contract. Depositing requires token ownership to prevent spam airdrops, withdrawals need both token ownership and a secondary signature, and even viewing your lockbox contents requires a token ownership check. This makes it much harder for automated scanners and casual onlookers to determine your wallet's true value.
Our systems also do not store records of what you've deposited or withdrawn. All memory management and mappings are handled by the Lockx smart contract with ownership-gated requirements to view your data. All Lockbox data displayed through our dApp occurs entirely client-side by directly retrieving data from the Lockbox smart contract (provided your wallet passes the token ownership check).
What's next?
Our roadmap includes zero-knowledge proof integrations for privacy-preserving deposits and withdrawals, plus partnerships with leading audit firms to keep raising the bar for on-chain security. We're building the infrastructure for a safer and decentralized digital-asset future.
Ready to secure your assets?
Whether you're an individual protecting personal assets or an enterprise securing customer funds, Lockx provides enterprise-grade security without sacrificing convenience.