Managing crypto deposits at scale shouldn’t require spinning up a new vault for every client. Yet that’s the reality for many institutions, from exchanges and OTCs to neobanks and lenders,  still relying on outdated wallet infrastructure.

Introducing Wallet-as-a-Service (WaaS). Built on io.finnet’s wallet engine APIs, WaaS lets you programmatically create deposit addresses, manage funds, and monitor balances, all from a single master vault.

‍

‍

One Vault. Unlimited Addresses. Complete Control.

‍

You can now generate unique deposit addresses via API, instantly, and at scale, without creating a new vault each time. This streamlines operations for onboarding, high-frequency deposit flows, and privacy-focused workflows.

*This functionality is commonly referred to as HD (Hierarchical Deterministic) addresses in developer documentation.

With Wallet-as-a-Service, you can:

• Simplify management: Generate single or bulk deposit addresses per client or use case. Update, deactivate, and query addresses via API.
  
  
• Enhance privacy: Each address is unique, unused, and tied to a vault, ideal for reducing on-chain traceability.
  
  
• Ensure security: Powered by io.finnet’s trustless Multi-Party Computation (tMPC) technology, every vault benefits from secure key distribution and disaster recovery via BIP39 secret phrase.

*Supported chains: EVM chains (e.g., Ethereum, Polygon, Arbitrum, Optimism, Base) and TRON. More networks are on the roadmap, including Bitcoin, Solana, Ripple, Avalanche, and more.

‍

Built for High-Volume Institutions

‍

This feature was developed in response to direct feedback from: Centralized exchanges, OTC desks and market makers, Lending platforms, Neobanks and crypto-focused fintechs, Crypto custodians and hedge funds.

They needed to:

• Manage thousands of deposit addresses without duplicating vaults
  
  
• Eliminate latency for simple address generation
  
  
• Maintain operational simplicity across users and regions
  
  
• Query native and token balances for real-time reconciliation
  
  

‍

What You Can Do Today

‍

The Wallet Engine APIs allow you to:

• Create deposit addresses, individually or in bulk
  
  
• Customize derivation paths per vault and network
  
  
• Export master public keys per vault
  
  
• Query native and token balances per address
  
  
• Manage visibility (hide/show assets per address)

Addresses are deposit-ready immediately and optimized for high-speed, high-volume financial flows. Latency is measured in milliseconds.

Coming soon to Wallet-as-a-Service: Webhooks for real-time deposit alerts, Outbound transactions + MPC signing, Auto-sweeping & consolidation (Gas station), Expanded chain support across more networks.

‍

Use Cases 

‍

• Exchanges: Create deposit addresses per user. Reconcile faster. Maintain AML and fund segregation requirements.

‍

• Neobanks & Fintechs: Offer crypto deposit functionality with deterministic sub-wallets — without the compliance headache of full custody.

‍

• Lending Desks: Track borrower deposits, loan disbursements, and repayments with separate addresses. Maintain real-time LTV visibility.

‍

• OTC Desks: Assign dedicated sub-wallets to institutional clients. Meet audit, onboarding, and reporting requirements.

‍

How It Works 

‍

1. Your backend calls the Wallet Engine API to generate a deposit address for an EVM or TRON vault.
   
   
2. The address is assigned to a user or transaction (e.g., client_456_ETH).
   
   
3. The deposit arrives, native or token balance is detected and queried via API.
   
   
4. You reconcile or initiate outbound fund movements (outbound MPC signing coming soon).

‍

Everything happens in milliseconds, designed for scale.

‍

Security at the Core

‍

Wallet-as-a-Service inherits io.finnet’s institutional-grade infrastructure:

• tMPC Architecture: Vault keys are distributed across enclaves and never assembled, eliminating single points of failure.

‍

• Inbound Transaction Screening: Monitor deposits for risk before accepting.

‍

• Virtual Signer Policies: Apply rules like transaction caps or whitelisted destinations.

‍

• Role-Based Access Control (RBAC): Restricts endpoint access to Admin or Viewer roles.

‍

• Audited Cryptography: Our TSS implementation is independently reviewed by 3rd party auditors including Kudelski Security.

‍

• BIP39 Disaster Recovery: Vaults can be restored using standard seed phrases, critical for business continuity.

‍

Want Access? Let’s Talk.

‍

This feature is currently available via demo only. Our team will help assess your use case, walk you through the API, and support your integration.

 Discover how Wallet-as-a-Service can simplify and scale your deposit operations, schedule your session.

‍