Security model

The search never gets the wallet.

Operator machines can test passwords, but they never receive the full wallet, spending keys, or customer identity.

Why the password alone is not enough

An operator may find the right password, but the password is useful only with the wallet it unlocks. The operator never receives that wallet. A reported match is sent back for verification before any recovery or payout begins.

sent to an operator machine

Only what the search needs

  • A safe test piece
  • An assigned batch of passwords to test
  • A random case reference
never sent to an operator machine

Nothing that can spend

  • ×The full wallet
  • ×Spending keys
  • ×Your name or contact details

Finding the password is not enough to move the funds: the operator never has the wallet it unlocks.

Custody

Choose who holds the encrypted wallet.

Custodial

Distribrute handles the wallet-side work.

You send the encrypted wallet through secure intake. We create the safe test piece, verify a recovered password, and complete settlement. The fleet still never receives the wallet.

Trust required: you trust Distribrute with the encrypted wallet and settlement.

Non-custodial

The wallet stays on your computer.

You create the safe test piece locally. After a match, Distribrute guides a local session to unlock the wallet, build the payout, and sign only after you review and approve it.

Trust required: you trust your own computer and the guided application.

Additional controls

Honest limits

Report a security issue

Email security@distribrute.com with a clear description and steps to reproduce.