All articles
solanawalletssecurityhardwarerust

Unruggable: a Solana wallet that grew from a bash script into an ESP32 hardware signer

Unruggable is a security-first Solana wallet project by one builder: a pure-bash CLI wallet, a Rust/Dioxus cross-platform app with MPC key storage (no seed phrase), and a $10-class ESP32 hardware signer whose first production run sold out.

Share
devrels.xyz/a/136short link

Most wallets compete on onboarding: fewer taps, prettier swaps, embedded fiat. Unruggable competes on a different axis: not getting drained. It's a one-builder project (GitHub: hogyzen12) that has evolved through three distinct artifacts — a bash script, a cross-platform app, and a piece of hardware whose first production run is already sold out. It's also no longer just a side project: Unruggable won Grand Champion at Colosseum's Cypherpunk hackathon and is backed by Colosseum. The evolution itself is the story.

Act 1: the bash wallet

The original unruggable is a Solana wallet as a pure bash wrapper around the Solana CLI — minimal dependencies, an ATM-style numeric menu, runs on macOS, Linux, or Windows via WSL2:

bash
git clone https://github.com/hogyzen12/unruggable
cd unruggable && chmod u+x unruggable.sh && ./unruggable.sh

The security argument is subtraction: no browser extension surface, no npm dependency tree, no auto-connecting to dApps — the attack vectors behind most drains simply aren't present. You can read every line it executes. As a daily driver it's spartan; as a statement of threat model it's crystal clear.

Act 2: the app

unruggable-app is the same philosophy with a real UI: Rust + Dioxus (fullstack + mobile), one codebase building for Android, iOS, macOS, Windows, and Linux — Play Store bundles, sideloadable APKs, signed iPhone builds, cross-compiled Windows zips. Under the hood it's solana-sdk 2.3 with staking support via the stake interface. The repo saw commits this week; this is an actively built product, not a hackathon artifact.

Two design decisions carry the security thesis:

  • No seed phrase. Keys are stored locally using multi-party computation — shares split across your devices. There's no twelve-word phrase to photograph, phish, or type into a fake support form. (Per its Colosseum listing, the target threats are exactly the common ones: wallet drains, phishing, browser exploits.)
  • Air-gap option. For amounts that matter, signing moves to dedicated hardware —

Act 3: the ESP32 signer

unruggable-rust-esp32 is open Rust firmware that turns a ~$10 ESP32 microcontroller into a Solana hardware signer: the keypair is generated and stored on the device, and it signs only when the physical BOOT button is pressed. Host libraries exist in Rust, Go, and JavaScript, and the device works standalone or paired with the Unruggable app.

That's the same custody model as a Ledger at a fraction of the price, with firmware you can read and flash yourself. The productized version sold through unruggable.io — where the landing page currently reads, in full, "Initial Run Sold Out." A one-person Solana hardware wallet selling out its first run is a signal worth noting.

The honest assessment

  • Unaudited, solo-maintained. No formal security audit is published for the app, the MPC scheme, or the firmware. The counterweight is total transparency — every layer is open source and small enough to actually review, which is more than can be said for most closed commercial wallets.
  • Early. The app repo sits at ~23 stars, docs assume some terminal comfort, and the hardware supply is, demonstrably, limited. This is for self-custody enthusiasts today, not your onboarding flow.
  • The ideas travel. ESP32-class hardware signing and MPC-instead-of-seed-phrases are patterns any Solana wallet team can study — the firmware repo is effectively a reference implementation, sitting alongside the passkey smart-wallet approach in the "kill the seed phrase" design space.

Resources

TL;DR

  • Unruggable = one builder's answer to wallet drains: bash CLI → Rust/Dioxus app on five platforms → open ESP32 hardware signer.
  • MPC key shares instead of a seed phrase; physical-button signing for the cold path; first hardware run sold out.
  • Unaudited and early — but fully open, cheap, and readable, which is its own kind of security argument.

Keep reading

Get new articles in your inbox

Technical deep-dives on Solana tooling, infrastructure, and ecosystem. No noise.

Unruggable: a Solana wallet that grew from a bash script into an ESP32 hardware signer | devrels.xyz