A wallet that is controlled by the user rather than by a custodian or exchange. In governance terms, the organisation cannot rely on an intermediary’s identity controls and must instead verify wallet control directly before permitting regulated transfers.
Expanded Definition
An unhosted wallet is a crypto wallet controlled directly by the user, not by an exchange, custodian, or payment intermediary. In NHI and financial governance, that means the organisation cannot inherit identity assurance, account recovery, or transaction monitoring from a third party; it must verify wallet control at the point of transfer.
Definitions vary across vendors and regulated ecosystems, but the core distinction is custody: a hosted wallet depends on an intermediary, while an unhosted wallet places key management, signing authority, and recovery entirely with the holder. That makes the term especially relevant where transfer approval, sanctions screening, or source-of-funds checks must be anchored to wallet control rather than a named account. The operational challenge is not just proving possession of a key, but proving that the signing party is the same entity the governance process expects. NIST Cybersecurity Framework 2.0 is useful here as a control lens for risk identification, protection, and verification in transaction workflows. The most common misapplication is treating wallet ownership as identity proof, which occurs when teams accept a blockchain address without independently validating control of the signing key.
Examples and Use Cases
Implementing unhosted wallet controls rigorously often introduces friction at checkout or withdrawal, requiring organisations to weigh user autonomy against compliance and fraud-risk reduction.
- A regulated exchange allows withdrawals only after a user signs a challenge message from the destination wallet, proving control before funds leave the platform.
- A treasury team receives funds from a counterparty using an unhosted wallet and applies additional verification because no custodian is present to vouch for identity or sanctions screening.
- A compliance workflow flags first-time transfers to self-custodied wallets and routes them for review, rather than relying on account reputation alone.
- An organisation documents wallet verification procedures in line with the governance emphasis described in the Ultimate Guide to NHIs and maps them to the risk-based access discipline in NIST Cybersecurity Framework 2.0.
- A marketplace accepts deposits from unhosted wallets but requires repeated proof-of-control checks when transaction patterns change, because the wallet is not managed by a custodial identity provider.
For more on how NHI governance treats externally controlled identities and credentials, see the Ultimate Guide to NHIs.
Why It Matters in NHI Security
Unhosted wallets matter because they remove the intermediary layer that many security programs depend on for identity assurance, revocation, and incident response. Once a wallet is self-custodied, there is no custodian to disable, no account lockout to trigger, and no delegated identity system to query for ownership certainty. That raises the bar for proof-of-control, transaction policy, and exception handling.
This becomes especially important when self-custodied wallets are treated like ordinary accounts. NHI governance research from NHI Mgmt Group shows that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, and the same pattern of over-trust applies when organisations assume wallet control equals trustworthy intent. The lesson is consistent with the broader NHI risk picture in the Ultimate Guide to NHIs: identity checks must be explicit, not inherited. Organisations typically encounter the operational impact only after a disputed transfer, fraud event, or sanctions review, at which point unhosted wallet verification becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | ID.AM | Unhosted wallets require explicit asset and identity mapping instead of custodian trust. |
| NIST CSF 2.0 | PR.AA | Wallet control must be proven directly because no intermediary authenticates the user. |
| OWASP Non-Human Identity Top 10 | NHI-01 | Unhosted wallets behave like externally controlled identities that need explicit trust validation. |
Treat each unhosted wallet as a separate trust boundary and validate it before permitting access.
Related resources from NHI Mgmt Group
- What is the difference between federated trust and decentralized trust in wallet ecosystems?
- How should banks prepare for EUDI wallet acceptance in regulated journeys?
- What breaks if an EUDI wallet is treated like a generic login method?
- When should organisations require step-up verification instead of wallet-only trust?
