An MPC wallet is a crypto wallet that never stores your private key in one piece. The key is split into encrypted shares held in different places, and signing a transaction combines those shares without ever rebuilding the whole key. That design removes the usual weak spot of a crypto wallet, which is the single secret that one mistake can expose.
Most wallets rely on one private key, backed up as a seed phrase. Whoever holds that phrase controls the funds, so losing it or leaking it means losing the money. An MPC wallet spreads the risk across several shares so no single breach hands an attacker everything.
What is an MPC wallet?
MPC stands for multi-party computation. An MPC wallet uses that technique to generate and use a private key as separate shares rather than a single secret. The shares can sit on your phone, a provider's server, a backup device, or some mix of the three. To move funds, a set number of those shares run a signing process together and produce one normal signature. The complete key is never assembled in any single location, not even for a moment during signing.
In practice this means there is no seed phrase to write down for many MPC wallets, and no one device that holds enough on its own to drain the account.
How does an MPC wallet work?
Multi-party computation is a branch of cryptography that dates back to the 1980s. The core idea is that several parties can compute a shared result using everyone's private inputs without any of them revealing their own input to the others. A classic illustration is a group working out their average salary while none of them disclose what they personally earn.
An MPC wallet applies that idea to two jobs: creating the key and signing with it.
Key shares and threshold signing
When you set up the wallet, the protocol generates key shares instead of a single private key. A common arrangement is three shares with a threshold of two, so any two of the three can authorize a transaction. When you send funds, the holders of those shares run a signing protocol that produces a single valid signature for the blockchain. The chain sees an ordinary transaction and has no idea several parties were involved.
Because the rule lives in the cryptography rather than on the blockchain, you can change the share setup, rotate shares, or replace a lost one without moving your funds to a new address.
Why the key is never reconstructed
This is the part that separates MPC from older key-splitting methods. Techniques like Shamir secret sharing also break a key into pieces, but to sign a transaction they reassemble the full key in memory first. For that brief window, the complete key exists in one place, and the single point of failure is back. MPC signs without ever rebuilding the key. The shares stay separate from start to finish.
If you have a self-custody wallet today with a seed phrase, that single backup is the thing MPC is designed to do away with.
MPC vs multisig
People often assume MPC is just multisig with extra branding. The two solve a similar problem in different ways.
A multisig wallet uses several genuinely separate private keys and enforces the signing rule on the blockchain itself, through a smart contract or script. A transaction might need three of five keys to sign, and the chain records each signer.
An MPC wallet uses shares of one key and does the coordination off-chain, then publishes a single signature. Here is how that plays out:
Multisig | MPC | |
Keys | Several separate private keys | One key split into shares |
Where the rule lives | On-chain, in a contract or script | Off-chain, in the cryptography |
Signature on-chain | Multiple signatures | One standard signature |
Chain support | Varies by blockchain | Works across most chains |
On-chain cost | Higher, more to verify | Lower, looks like a normal transaction |
Visibility | Signers and rules are public | Approvals stay private |
Typical use | DAO treasuries, transparent team funds | Institutional custody, consumer onboarding |
Both also differ from a plain single-key wallet, where one seed phrase controls everything. If you want the background on who holds the keys in each model, our guide on custodial vs non-custodial wallets covers it.
Which one fits better comes down to what you care about. If you need a public audit trail, multisig has the edge. If you need flexibility and broad chain coverage, MPC does.
Benefits of MPC wallets
The main benefit is the one already covered. With no single key sitting anywhere, an attacker who compromises one share still cannot sign anything.
For regular users, the more visible win is usually the experience. Many MPC wallets drop the seed phrase entirely. There is nothing to write on paper and lose, which is the step where most people actually lose access to their crypto. Recovery tends to work by reissuing a share rather than restoring a string of words.
A few other things follow from the design. Because the output is a standard signature, an MPC wallet works across most blockchains without special setup, and the transaction reveals nothing about the share arrangement behind it. Teams and businesses can also build approval rules and spending limits into the signing process, so no one person can move funds alone.
Tradeoffs and limitations
MPC is not a free upgrade.
You are trusting an implementation. The cryptography is well studied, but each provider builds its own signing protocol, and many of them are proprietary and harder to audit than an open, on-chain multisig contract that anyone can inspect. A flaw in that code is a real risk.
There is a dependency to watch. If a provider holds one of your shares, your access is tied to that provider staying online and acting honestly. Better setups let you hold and recover shares independently, so it is worth checking how a wallet handles that before you fund it.
Signing needs the shares to coordinate, which can add a little delay. Standards are also younger than the seed phrase model, so moving an MPC wallet from one provider to another is often not simple. And MPC does nothing to stop you from approving a bad transaction yourself. If you sign a malicious request or fall for a phishing page, the wallet produces the signature just the same.
Is an MPC wallet safe?
For the threat most people worry about, a stolen key, MPC is a strong improvement. There is no single key to steal, so a thief has to compromise several shares in different places at once, which is far harder than grabbing one seed phrase.
The catch is that the security rests on the implementation. NIST has documented threshold cryptography, the family of methods MPC wallets rely on, and the takeaway is that the scheme has to be built and audited carefully to deliver on its promise. A poorly built MPC wallet can be weaker than a well-run single-key one.
The everyday risks also do not disappear. Phishing, fake approval prompts, and malware that tricks you into signing still work. Treat an MPC wallet as one strong layer rather than a reason to drop your other habits, and the usual crypto security best practices still apply.
Wallet as a service and embedded wallets
Most people who use MPC never decide to. They meet it inside an app.
What is wallet as a service?
Wallet as a service, sometimes shortened to WaaS, is wallet infrastructure delivered through an API. Rather than building key management from scratch, a company connects to a provider that handles wallet creation, storage, and signing. MPC is a common way those providers keep keys secure, because it lets them run part of the signing flow on their own servers without ever holding a user's full key. A business can offer wallets without becoming a custody operation overnight.
What are embedded wallets?
Embedded wallets are the user-facing side of that idea. The app creates a wallet automatically the first time someone signs in with an email, phone number, or social login. There is no separate wallet app to install and no seed phrase screen. The signup feels like any other account. MPC frequently runs underneath, splitting the key between the user's session and the provider so the wallet is secure without asking a first-time user to learn cryptography. A lot of mainstream crypto onboarding now happens this way, inside games, fintech apps, and marketplaces where the person may not think of it as a crypto wallet at all.
Common use cases
Institutional custody was the first serious home for MPC, and it is where MoonPay's own infrastructure sits. MoonPay Institutional runs self-hosted MPC and TEE key management that gives institutions sovereign control over their wallet keys, with low-latency signing and programmable policy controls so that no single administrator can move assets alone. Funds, exchanges, and asset managers use this kind of setup to keep control distributed and auditable.
Beyond institutions, MPC shows up in consumer self-custody apps that want simple onboarding, in embedded wallets inside fintech and gaming products, and in automated transactions where software needs to sign but the key must never be exposed to the code calling it. Splitting the key into shares fits that last case well, which is why a lot of newer automation and agent tooling leans on similar approaches.
How to evaluate an MPC wallet
If you want self-custody without managing a seed phrase, an MPC wallet lowers the barrier. Before you trust one with real money, get clear answers to a few questions. Who holds the shares, and how many are needed to sign? What happens to your access if you lose a device, and can you recover on your own? Can you export and leave if the provider shuts down? Has the signing protocol been independently audited, and is that audit public?
If you are building a product rather than choosing a wallet for yourself, the same technology reaches you as wallet as a service. Going through a provider lets you give users a wallet in seconds without taking on key management risk directly, and MPC is usually what makes that work behind the scenes. The questions are much the same: where the shares live, how recovery works, and how the provider has been audited.
Frequently asked questions
What is an MPC wallet?
An MPC wallet is a crypto wallet that splits your private key into encrypted shares held in separate places. Signing a transaction combines the shares to produce one signature without ever rebuilding the full key, so no single device or party holds enough to move funds alone.
Is an MPC wallet safe?
It removes the single point of failure that comes with one private key, which makes key theft much harder. Its security depends on how well the provider built and audited the signing protocol, and it does not protect you from approving a malicious transaction yourself.
What is the difference between MPC and multisig?
Multisig uses several separate keys and enforces the signing rule on-chain, producing multiple signatures. MPC uses shares of one key, coordinates off-chain, and produces a single standard signature that works across most blockchains at lower cost.
What is the difference between MPC and Shamir secret sharing?
Both split a key into pieces. Shamir secret sharing reassembles the full key in memory to sign, which briefly recreates a single point of failure. MPC signs without ever reconstructing the key, so the shares stay separate the whole time.
What is wallet as a service?
Wallet as a service is wallet infrastructure offered through an API, so a company can add wallet creation, storage, and signing to its product without building key management itself. MPC often secures the keys behind the scenes.
What is an embedded wallet?
An embedded wallet is a wallet an app creates automatically when a user signs in with email, phone, or a social account, with no separate app or seed phrase. MPC commonly runs underneath to keep it secure.
.png?w=3840&q=90)
