Swap
Exchange crypto instantly
Settings
Open Source & Transparent
Frozen Wallet runs 100% in your browser. No servers, no accounts, no tracking. Every line of code is readable and verifiable — right now, on your device.
AES-256-GCM Encryption
Your mnemonic is encrypted with a key derived from your PIN via PBKDF2 (100,000 SHA-256 rounds). Uses Web Crypto API — the same standard used by banks and governments. Even if someone steals your device, the vault is unreadable without your PIN.
Fully Non-Custodial
Private keys are derived locally using BIP39 / BIP44 standards. They never leave your browser — not to us, not to any server, not to anyone. You are the sole owner. We physically cannot access your funds, even if we wanted to.
Zero Data Collection
No analytics, no cookies, no fingerprinting, no telemetry. Frozen Wallet stores only 2 items in localStorage: your encrypted vault (fw_vault) and your preferences (fw_pref). Nothing else. Open F12 → Application → Local Storage to verify.
Physically impossible. Your private keys are generated inside your browser and encrypted with your PIN. They are never transmitted anywhere. We have no server, no database, no way to access your keys. The code running on your device is the entire product — there is nothing else. Press Ctrl+U right now to verify.
Your 12-word recovery phrase is encrypted with AES-256-GCM and stored in your browser's localStorage under the key fw_vault. This vault contains only: a random salt, a random IV, and the ciphertext. No plaintext keys ever touch storage. Click "Inspect Live Vault" above to verify in real-time.
Only two types of outbound requests: 1) Price data from CoinGecko (to display portfolio value and 24h changes). 2) Blockchain RPCs to fetch balances, transaction history, and broadcast transactions — using multiple fallback providers for reliability: mempool.space for BTC, 6 public Ethereum RPCs with auto-failover, Solana mainnet with fallbacks, litecoinspace.org for LTC, Etherscan + Blockscout for ETH transaction history. No data is ever sent to Frozen Wallet servers — because there are none. Open DevTools → Network tab to see every request in real-time.
Your funds are safe forever. Your crypto lives on the blockchain, not in this app. Your 12-word recovery phrase works with any BIP39-compatible wallet — Exodus, Trust Wallet, Ledger, Trezor, Electrum, MetaMask. As long as you have your seed phrase, you can always access your funds from anywhere.
Ctrl+U (or Cmd+Option+U on Mac) shows the complete source code. F12 → Sources tab shows every file loaded. F12 → Network tab shows every request made. F12 → Application → Local Storage shows exactly what is stored. Search for fetch in the source to audit all API calls. The entire wallet is two files: index.html (UI + logic) and wallet.bundle.js (crypto engine).
PIN encryption: 6-digit PIN + PBKDF2 100k rounds + AES-256-GCM. Auto-lock: Wallet locks after 10 minutes of inactivity. Clipboard wipe: Copied addresses and keys are auto-cleared from clipboard after 60 seconds. Memory wipe: When you lock, private keys are overwritten in memory before being released. CSP headers: Content Security Policy blocks unauthorized scripts and iframes.
wallet.bundle.js is a standard webpack bundle of well-known open source libraries: bitcoinjs-lib (BTC & LTC key derivation and transactions), ethers.js (Ethereum wallet & signing), @solana/web3.js (Solana integration), and bip39 (mnemonic generation). You can decompile it in any JavaScript beautifier and compare against the official npm packages. No obfuscation — just standard minification.