Wallet and Security JTBD
On January 2, 2026, an official Solana Mobile notification deleted a seed phrase without warning. ~$10K gone. No confirmation dialog, no balance check, no recovery path.
That is not an abstract threat model. That is the job failing.
The Job
When a user interacts with a crypto wallet, help them complete their next action safely and obviously, so they never lose assets to preventable failures.
| What users say | What users do | The real job |
|---|---|---|
| "I need a wallet" | Choose whichever has least friction | Find the shortest path to transact |
| "Security matters" | Skip seed phrase backup | Avoid thinking about loss |
| "I want self-custody" | Panic when something goes wrong | Feel in control without bearing all risk |
The stated need and actual behavior diverge. The wallet that wins aligns safety with the path of least resistance — a pit of success where doing the safe thing is easier than doing the unsafe thing.
Failure Register
Every threat is a job that failed. Scored by frequency, severity, and whether the Mycelium can prevent it architecturally.
| ID | Failure Mode | What Goes Wrong | Severity | Frequency | Architectural Fix | Mycelium PRD |
|---|---|---|---|---|---|---|
| WALL-001 | Silent key destruction | Seed phrase deleted without confirmation | Critical | Rare but catastrophic | Move linear types prevent resource drop at compile time | Sui Wallet Safety |
| WALL-002 | Hidden state loss | Assets exist in token accounts the UI doesn't show | Critical | Common | Object model makes all assets explicit and enumerable | Sui Wallet Safety |
| WALL-003 | Phishing/spoofing | Fake site mimics legitimate wallet or dApp | High | Very common | Transaction simulation shows actual effects before signing | Sui Wallet Safety |
| WALL-004 | Clipboard hijacking | Copied address replaced with attacker's address | High | Common | Address book with verified contacts, visual confirmation | Gap |
| WALL-005 | Seed phrase mismanagement | User never backs up, or stores insecurely | High | Very common | zkLogin eliminates seed phrases entirely | Sui Wallet Safety |
| WALL-006 | Social engineering | Fake support tricks user into revealing keys | High | Common | App never touches private keys (wallet adapter pattern) | Sui Wallet Safety |
| WALL-007 | Malware/keylogger | Device compromised, keys exfiltrated | High | Moderate | Hardware signing, biometric confirmation | Gap |
| WALL-008 | Fake wallet software | Counterfeit wallet app or modified firmware | Critical | Moderate | Verified distribution, open-source audit trail | Commissioning |
| WALL-009 | Transaction confusion | User doesn't understand what they're signing | High | Very common | PTB inspector shows all operations before execution | Sui Wallet Safety |
| WALL-010 | MEV extraction | Transaction reordered for profit extraction | Medium | Common on DeFi | Intent-based execution, private mempools | Gap |
| WALL-011 | Supply chain attack | Hardware tampered during manufacturing | Critical | Rare | Device attestation, sealed packaging verification | Gap |
The Pattern
Every failure in the register maps to one of four root causes:
| Root Cause | Failures | Architectural Response |
|---|---|---|
| Silent destruction | WALL-001, WALL-002 | Make state explicit and resources indestructible by default |
| Invisible consequences | WALL-003, WALL-009 | Simulate and show every effect before execution |
| Key exposure | WALL-005, WALL-006, WALL-007 | Eliminate key handling from the user path entirely |
| Unverified trust | WALL-004, WALL-008, WALL-010, WALL-011 | Independent verification at every layer |
The Sui Wallet Safety PRD addresses the first three architecturally. The fourth requires ecosystem-level standards — which is why this superset exists.
Capability Register
What a wallet must do, scored like the HSAAS superset.
Core Wallet Functions
| ID | Capability | Job It Serves | Priority | Edge | Mycelium PRD |
|---|---|---|---|---|---|
| WCAP-001 | Connect without exposing keys | Safe session establishment | Critical | High | Sui Wallet Safety |
| WCAP-002 | Transaction preview/simulation | See consequences before signing | Critical | High | Sui Wallet Safety |
| WCAP-003 | Destructive operation guardrails | Prevent irreversible mistakes | Critical | High | Sui Wallet Safety |
| WCAP-004 | Portfolio visibility | Know what you own, always | High | Medium | Data Interface |
| WCAP-005 | Asset transfer (send/receive) | Move value safely | High | Low | Commodity |
| WCAP-006 | Multi-chain support | One wallet, all chains | High | Medium | Sui Wallet Safety |
| WCAP-007 | Gas abstraction | User never thinks about gas | Medium | High | Sui Wallet Safety — sponsored txs |
| WCAP-008 | Seedless onboarding (zkLogin) | No seed phrase, no wallet install | High | Very High | Sui Wallet Safety |
DeFi Functions
| ID | Capability | Job It Serves | Priority | Edge | Mycelium PRD |
|---|---|---|---|---|---|
| WCAP-009 | Token swap (cross-chain) | Exchange assets without leaving wallet | High | Low | Commodity (aggregators) |
| WCAP-010 | Staking/yield | Earn on idle assets | Medium | Low | Commodity |
| WCAP-011 | NFT management | View, transfer, list on marketplace | Medium | Medium | Sui Wallet Safety — Kiosk |
| WCAP-012 | Multisig/shared custody | Team-controlled assets | High | Medium | Gap |
| WCAP-013 | Governance participation | Vote on proposals from wallet | Low | Medium | Sui Wallet Safety — governance module |
Safety Infrastructure
| ID | Capability | Job It Serves | Priority | Edge | Mycelium PRD |
|---|---|---|---|---|---|
| WCAP-014 | Near-miss logging | Learn from blocked risks | Medium | Very High | Commissioning |
| WCAP-015 | Address verification | Confirm recipient before send | High | Medium | Gap |
| WCAP-016 | Rug pull detection | Warn before interacting with suspicious contracts | High | Medium | Gap |
| WCAP-017 | Recovery path | Regain access after key loss | Critical | High | Agent Platform |
| WCAP-018 | Audit trail | Prove what happened, when, signed by whom | High | High | Commissioning |
Edge Scoring
Where does the Mycelium have genuine advantage in wallet safety?
| Dimension | Score | Rationale |
|---|---|---|
| Current | 7 | Five safety patterns built for Solana, Move contracts deployed on Sui testnet |
| Fit | 9 | Object model + Move type system prevent failures architecturally |
| Value | 9 | $10K loss from a single incident — safety is existential, not optional |
| Edge | 8 | No competitor has cross-chain safety standards extracted from real incidents |
| Priority | 66 | STRONG — invest and own |
The edge is not "another wallet." The edge is extractable safety standards — patterns that any wallet team can adopt, proven across Sui and Solana, grounded in real failure data.
Wallet Selection Framework
Not all wallets serve the same job. Match wallet type to user need:
| User Profile | Primary Job | Recommended Type | Key Requirement |
|---|---|---|---|
| First-time crypto user | Try without risk | zkLogin (seedless) | Zero friction onboarding |
| Active DeFi user | Trade and earn | Hot wallet (Phantom, Metamask) | Speed, multi-chain, swap |
| Long-term holder | Store securely | Cold wallet (Trezor, Ledger) | Air-gapped signing |
| Team/DAO | Shared custody | Multisig (Gnosis Safe) | Threshold signatures |
| Developer/Builder | Test and integrate | Browser wallet + devnet | Faucet access, inspection tools |
Wallet Marketplace
| Wallet | Type | Chains | Open Source | Onboarding |
|---|---|---|---|---|
| Phantom | Hot | Solana, Ethereum, Polygon, Bitcoin | No | Low friction |
| Metamask | Hot | EVM chains | Yes | Docs |
| Rainbow | Hot | Ethereum, L2s | Yes | Mobile-first |
| Sui Wallet | Hot | Sui | Yes | Native |
| Gnosis Safe | Multisig | EVM chains | Yes | Team setup |
| Trezor | Cold | Multi-chain | Yes | Hardware setup |
| Ledger | Cold | Multi-chain | Partial | Hardware setup |
Verification Tools
Before interacting with any protocol, verify:
| Tool | What It Checks |
|---|---|
| Chain Patrol | Known malicious addresses and domains |
| harpie.io | Transaction monitoring and threat detection |
| Quill Audits | Smart contract audit status |
| De.Fi Scanner | Rug pull risk scoring |
| tholos | Portfolio safety analysis |
The Standard Gap
Compare wallet safety to factory engineering:
| What factories have | What wallets don't | What this superset provides |
|---|---|---|
| Near-miss reporting | Incidents buried in support tickets | Public incident documentation |
| Safety procedures | Each team invents their own | Failure register with architectural fixes |
| Cross-site standards | Patterns locked inside companies | Chain-agnostic principles proven on Sui + Solana |
| Commissioning gates | Ship and hope | Progressive verification per component |
The goal is not another wallet. The goal is NIST for crypto wallets — extractable safety standards that prevent known failure modes across every chain.
External References
- Wallet Comparison Spreadsheet
- Technology Stack Mind Map
- Cyfrin Wallet Guide
- Ethereum Wallets
- Solana Wallets
Context
- The Incident — The $10K loss that started the safety standard
- Sui Wallet Safety PRD — The Mycelium capability built from this failure
- Solana Safety Patterns — First implementation, single chain
- JTBD Superset — The demand map this register belongs to
- HSAAS Superset — Horizontal feature register
- VSaaS Superset — Vertical opportunity register
- Everything App — Wallet evolves to identity hub evolves to everything app
- Standards — Where safety patterns graduate to