Skip to main content
Moneda is built with a security-first approach. Your funds stay in a self-custodial smart wallet, meaning only you can authorize transactions — Moneda never has access to move your money.

How does self-custody work?

Your funds live on the blockchain in a smart wallet that you control. Unlike traditional apps that pool customer funds in company accounts, Moneda’s architecture ensures:
  • Only you can authorize transactions from your wallet
  • Moneda cannot access your funds, even in an emergency
  • Funds are always visible on the public blockchain — you can verify them independently

How does passkey authentication work?

Moneda uses passkeys instead of passwords. Passkeys are backed by your device’s secure hardware (Face ID, fingerprint, or device PIN) and are:
  • Phishing-resistant — passkeys are bound to the Moneda domain and can’t be tricked by fake sites
  • Never leave your device — the private key stays in secure hardware and is never transmitted
  • Easy to use — just scan your face or touch your fingerprint to sign in and approve transactions

How are payments approved?

Every payment initiated through the MCP server (or any other channel) requires your explicit approval:
  1. A payment request is created
  2. You receive a push notification on your phone
  3. You review the details and confirm with biometric authentication
  4. Only then does the transaction execute
No money ever moves without your biometric confirmation in the Moneda app — not through MCP, not through any integration.

What happens if I lose my passkey?

If you ever lose access to your passkey, Moneda’s Social Recovery system helps you regain control of your account. You designate trusted recovery contacts — other Moneda users who can vouch for your identity.
  • You choose who to trust — add recovery contacts from your settings at any time
  • No single point of failure — your recovery contacts can help restore access, but they can never move your funds
  • Works alongside passkey sync — if your passkeys sync across devices through a password manager (like iCloud Keychain), you may not need recovery contacts at all
If your passkeys only exist on a single device and that device is lost or damaged, recovery contacts are your safety net. Set them up early — you can manage them in the Moneda app under Settings.

Are the smart contracts audited?

Moneda’s smart contracts and the DeFi protocols used for earnings have been audited by independent security firms. The earnings vaults (Morpho and YO) are established protocols with published audit reports.

How is my data protected?

  • Your account data is encrypted in transit and at rest
  • Moneda does not sell your personal data
  • MCP connections use OAuth 2.0 with PKCE — your credentials are never shared with AI clients
  • You control exactly which permissions your AI assistant has through OAuth scopes

Learn more

Authentication

How OAuth 2.0 keeps your account secure when connecting to AI.

Scopes

Permission scopes that control what your AI assistant can access.

Integrations

Technical infrastructure powering Moneda — Base, Safe, Morpho, and more.

Why Moneda

What makes self-custody better than traditional finance apps.