Wallet Security

Sign in with Ethereum a.k.a web3

This is completely non-custodial, you are in full control of your keys at all times.

Traditional Sign in (Google, Email etc) a.k.a web2

Our traditional sign in method means your wallets will be FULLY managed by Mellow. It is fully custodial with wallets being secured with Fireblocks.

We use Fireblocks as our wallet provider. They secure funds of the likes of Revolut, eToro and Worldpay.

Using Fireblocks allows us to have several layers of protection which helps to protect user funds.

We also have several layers of verification for larger withdrawals too.

Our MPC keys are distributed around the globe.

Alongside the Fireblocks failovers, we offer additional security measures via the Mellow app.

Each user is required to setup a whitelisted address on the Mellow app.

After registering or updating the address, we disable withdrawals for 24 hours and send an email to the registered user where they can freeze their account if required.

Why fully custodial?

We have made a conscious design decision to make the Web2 onboarding fully custodial.

If we envisage 6 months into the future and we are onboarding your average web2 user, it would be a detrimental design decision to allow them to export their own private key.

Imagine Revolut (we have the same setup as them), if a user of Revolut could export their private keys there would be a huge issue with phishing and loss of funds.

Our ethos is simple, keep web2 and web3 completely segmented. Web3 is fully non-custodial, web2 is fully managed without the need to worry about anything crypto.

If you're not sure about what method to use when signing up, please see this link.