Why Money Button is Fully Non-Custodial

The Money Button Company does not have access to your money. All funds are held client-side in a wallet encrypted with a hash of your password that our company never sees. We cannot access, block, reverse, freeze, confiscate, or inflate away your funds. All funds are 100% the responsibility of the users who send funds directly to other users without going through an intermediary.

Why did we do it this way? We believe in the vision of Bitcoin as peer-to-peer cash for the entire world. The fact that users can have sovereignty over their own finances is a remarkable and critical property of Bitcoin. The non-custodial, peer-to-peer nature of Bitcoin is what makes it impossible for us or anyone to access, block, reverse, freeze, confiscate, or inflate away your funds. We preserve this vision in everything we do.

It would have been a lot easier to put all the money on a server. We didn’t do it this way because it would break the ethos of Bitcoin. We went way, way out of our way to design a complete architecture that does not give us access to your funds and prevents us from being able to access your funds.

All that being said, we strongly recommend that you back up your mnemonic, which we nudge all users to do during the onboarding process. If you forget your password and don’t write down your mnemonic, we cannot recover your funds (and nor can anyone else). The bankless value proposition of Bitcoin also comes with the requirement of user responsibility. Don’t be lazy. Write down your mnemonic and put it in a safe place. You’ll thank us later when you inevitably forget your password, which almost everyone does.

How does this work? Each user has a password, like most other apps you are familiar with. The button hashes your password two different ways: one for login, and one for encrypting your wallet. Your login password is HMAC(password, loginSeed) and your wallet password is HMAC(password, walletSeed). Our company sees (and then promptly bcrypts) your login password. Because the button enforces strong passwords client-side, it is impossible for us to reverse the hash to recover your password. Therefore, we cannot decrypt your wallet.

Thanks to this architecture, it is possible to log in on multiple devices simultaneously and share the same wallet, even though the keys are only on your device(s) and never touch our server. Most people do not even realize Money Button is fully non-custodial. That is how thoughtful and seamless our UI/UX is.

Leave a Reply