A microtransaction-based ownership proof method that uses a small, time-bound transfer to confirm control of a wallet. It is useful where the organisation needs a live verification signal tied to the transaction flow rather than a static declaration or screenshot.
Expanded Definition
Satoshi Test is a live verification pattern used in wallet-centric workflows to prove control of a blockchain address through a small, time-bound transfer. In NHI and IAM contexts, it acts as an operational signal rather than a static claim, because the proof is embedded in the transaction path itself.
This differs from screenshot checks, signed statements, or profile ownership assertions, which can be copied, forged, or stale. A Satoshi Test is closest in spirit to a challenge-response control, but definitions vary across vendors and implementation guides because the term is informal rather than standardised. For governance purposes, it should be treated as an evidence-gathering step that confirms possession of the private key at a specific moment, not as a durable identity proof. That distinction matters when the wallet is used as an NHI, a treasury address, or a signing endpoint for automated agents. The most common misapplication is treating a successful microtransfer as permanent proof of ownership, which occurs when teams ignore wallet rotation, custodial delegation, or delayed transaction finality.
Examples and Use Cases
Implementing Satoshi Test rigorously often introduces friction for the user or operator, because it adds a transaction, confirmation delay, and chain-fee overhead, so organisations must weigh proof quality against operational cost.
- Verifying control of a treasury wallet before granting access to an internal asset dashboard, where the wallet owner must return a tiny amount to a designated address.
- Confirming that an AI agent still controls the wallet used for automated payouts, with the test timed alongside the transaction flow rather than a manual support request.
- Proving ownership during dispute resolution for a compromised or transferred address, then comparing the result against guidance from the NIST Cybersecurity Framework 2.0 on validating identity-related evidence.
- Establishing live control before onboarding a wallet into a governance process described in Ultimate Guide to NHIs, especially where the wallet acts as a signing identity for an automation path.
- Checking that a contractor has not merely viewed a seed phrase backup but actually controls the operational wallet used for settlement or collection.
These use cases are most useful when the organisation needs proof tied to current authority, not historical possession.
Why It Matters in NHI Security
Satoshi Test matters because wallet control can change quickly, especially when keys are rotated, custody is delegated, or an address is moved into a smart contract or multisig arrangement. In NHI security, that means identity assurance must follow the transaction path, not just the human narrative around it. This is where the control intersects with Ultimate Guide to NHIs, which notes that 97% of NHIs carry excessive privileges and that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys. A wallet verification method that is too weak can allow a revoked operator, compromised agent, or impostor to keep acting as though ownership is unchanged.
That risk is especially important in zero-trust environments, where trust must be continuously re-established. The NIST Cybersecurity Framework 2.0 supports this kind of ongoing validation mindset, but it does not standardise Satoshi Test itself. Organisations typically encounter the need for this control only after a wallet dispute, unauthorized transfer, or incident review, at which point Satoshi Test becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Wallet proofs depend on secure handling of non-human identity secrets and control evidence. |
| NIST CSF 2.0 | PR.AC-1 | Identity proofing and access decisions require reliable evidence tied to current control. |
| NIST Zero Trust (SP 800-207) | Zero Trust requires continuous verification rather than one-time trust assumptions. |
Use Satoshi Test as one evidence input before granting or restoring access to wallet-linked functions.
