Subscribe to the Non-Human & AI Identity Journal

What do security teams get wrong about wallet security?

Many teams treat wallet protection as a narrow technical issue, when it is really a privileged access problem. High-power wallets hold signing authority, governance power, and transfer capability, so they need ownership, review, and offboarding controls similar to other privileged accounts.

Why This Matters for Security Teams

Wallet security is often treated as a crypto-specific hygiene task, but the real issue is privilege. A wallet that can sign transactions, approve governance actions, or move funds is an operational control point, not just a storage location. That means the same questions security teams ask about PAM, offboarding, and emergency access should apply here, especially for treasury wallets, admin wallets, and automated agent wallets.

Teams also underestimate how quickly wallet misuse becomes an incident. If a seed phrase, hardware device, browser session, or custody workflow is exposed, the blast radius is immediate and usually irreversible. NHIMG research shows that 97% of NHIs carry excessive privileges, and that pattern maps closely to high-power wallets when ownership is unclear or permissions are not reviewed. The broader lesson aligns with the NIST Cybersecurity Framework 2.0: asset visibility and access governance are not optional when a control can trigger a transfer or policy change. In practice, many security teams encounter wallet abuse only after funds have moved or governance has been altered, rather than through intentional review.

How It Works in Practice

Effective wallet security starts by classifying wallets by function and authority. A read-only analytics wallet, a treasury wallet, a multisig signer, and an AI agent wallet should not share the same control model. High-risk wallets need named ownership, documented approval paths, recovery procedures, and revocation steps that are tested before an incident. NHIMG’s Ultimate Guide to NHIs is relevant here because the same lifecycle failures show up repeatedly in wallet programmes: unclear ownership, excessive privilege, and weak offboarding.

Security teams should build wallet governance around a few practical controls:

  • Separate operational wallets from governance wallets and treasury wallets.
  • Require dual control or multisig for high-impact actions.
  • Store seed phrases and recovery material in hardened secret-management processes, not in shared documents or chat.
  • Rotate access paths and revoke stale approvals after role changes, vendor exits, or agent decommissioning.
  • Log signing, approval, and policy-change events into monitoring and incident workflows.

This is also where identity and NHI governance intersect. If an AI agent can initiate wallet actions, it needs its own identity, its own scoped privileges, and a defined offboarding process. The NIST Cybersecurity Framework 2.0 helps frame the programme as governance, protection, detection, and recovery rather than as a one-time wallet setup. These controls tend to break down when wallet access is embedded in informal operations, because ownership and approval chains are not enforceable during urgent transactions.

Common Variations and Edge Cases

Tighter wallet controls often increase operational friction, requiring organisations to balance transaction speed against loss prevention and governance assurance. That tradeoff becomes especially visible in DeFi operations, cross-chain workflows, and incident-response wallets where fast action matters.

There is no universal standard for wallet security yet, so teams should apply current guidance based on risk. For example, a hot wallet used for customer payouts may justify different approval thresholds than a cold treasury wallet, but both still need ownership and revocation controls. Current guidance suggests treating hardware wallet custody, multisig signers, and automated agent wallets as distinct trust zones, not as interchangeable tools.

Edge cases also matter. A wallet controlled by a third-party vendor, a contractor, or an autonomous agent creates a delegation problem that is closer to privileged access management than to consumer crypto hygiene. In those cases, NHIMG’s NHI guidance is most useful where wallet authority behaves like a service account or API key: it should be attributable, reviewable, and removable. Security teams get into trouble when they assume “non-custodial” means “non-governed,” because the real control risk sits in the signing authority, not the storage label.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
NIST CSF 2.0 ID.AM Wallets need asset visibility and ownership to reduce hidden privilege.
OWASP Non-Human Identity Top 10 Wallets used by services or agents behave like high-risk non-human identities.
OWASP Agentic AI Top 10 Agent-controlled wallets introduce tool-use and execution authority risks.

Govern wallet identities with lifecycle controls, privilege review, and offboarding.