Skip to main content

Overview

Every agent wallet in AgentWallex is secured by Multi-Party Computation (MPC). The full private key is never reconstructed — not in memory, not on disk, not anywhere. Instead, cryptographic key shards are distributed across three independent parties, and any two can cooperate to sign a transaction.

How MPC Works

Traditional wallets store a single private key. If that key is stolen, all funds are lost. MPC eliminates this single point of failure.

2-of-3 Threshold Signing

AgentWallex uses Paratro’s 2-of-3 threshold MPC protocol. Three key shards are generated, and any two are sufficient to produce a valid signature:
ShardHolderRole
Shard 1AgentWallex signing serviceActive signing participant
Shard 2Independent custodian nodeActive signing participant
Shard 3Cold storageRecovery and disaster recovery
During normal operation, Shard 1 and Shard 2 cooperate to sign transactions. Shard 3 remains offline and is only used for recovery scenarios.

Security Properties

  • No single point of compromise — An attacker must compromise two independent systems simultaneously.
  • No key reconstruction — The full private key is never assembled in any single location.
  • Forward secrecy — Regular shard rotation (proactive secret sharing) invalidates old shards.
  • Same wallet address — Shard rotation does not change the wallet’s on-chain address.

Key Generation

Keys are generated using Distributed Key Generation (DKG):
1

Random share generation

Each of the 3 MPC nodes independently generates a random share.
2

Public key derivation

The shares are combined cryptographically to produce a public key (and corresponding wallet address).
3

Shard distribution

Each node retains only its own shard. The full private key never exists.
// When you create an agent, DKG happens automatically
const agent = await aw.agents.create({
  name: "my-agent",
  chain: "eip155:8453",
});

// The wallet address is derived from the distributed public key
console.log(agent.wallet.address); // 0x...

Key Rotation

Key shards are rotated periodically using a technique called proactive secret sharing. This process:
  1. Generates new shards that correspond to the same public key.
  2. Distributes the new shards to all three parties.
  3. Destroys the old shards.
After rotation, even if an attacker had previously stolen a shard, it becomes cryptographically useless.
Key rotation is automatic and does not require any action from the developer. The wallet address remains the same.

Emergency Freeze

Any authorized party can instantly freeze an agent’s wallet, preventing all transactions: 
// Freeze — immediate, no transactions can be signed
await aw.agents.freeze("agent_abc123");

// Unfreeze — subject to mandatory cool-down period
await aw.agents.unfreeze("agent_abc123");
After freezing a wallet, there is a mandatory 10-minute cool-down period before it can be unfrozen. This prevents an attacker from immediately re-enabling a wallet they have frozen and unfrozen.

Infrastructure Safety Net

Beyond developer-configured policies, Paratro enforces hard limits at the MPC signing level that cannot be overridden by API calls:
ControlDefault
Absolute daily cap$50,000
Anomaly detectionML-based, always enabled
Emergency freezeAlways available
Cool-down period10 minutes after freeze
These limits act as a last line of defense, even if your API key is compromised or your business-layer policies are misconfigured.