Unruggable: a Solana wallet that grew from a bash script into an ESP32 hardware signer
Unruggable is a security-first Solana wallet project by one builder: a pure-bash CLI wallet, a Rust/Dioxus cross-platform app with MPC key storage (no seed phrase), and a $10-class ESP32 hardware signer whose first production run sold out.
devrels.xyz/a/136short linkMost wallets compete on onboarding: fewer taps, prettier swaps, embedded fiat. Unruggable competes on a different axis: not getting drained. It's a one-builder project (GitHub: hogyzen12) that has evolved through three distinct artifacts — a bash script, a cross-platform app, and a piece of hardware whose first production run is already sold out. It's also no longer just a side project: Unruggable won Grand Champion at Colosseum's Cypherpunk hackathon and is backed by Colosseum. The evolution itself is the story.
Act 1: the bash wallet
The original unruggable is a Solana wallet as a pure bash wrapper around the Solana CLI — minimal dependencies, an ATM-style numeric menu, runs on macOS, Linux, or Windows via WSL2:
git clone https://github.com/hogyzen12/unruggable
cd unruggable && chmod u+x unruggable.sh && ./unruggable.shThe security argument is subtraction: no browser extension surface, no npm dependency tree, no auto-connecting to dApps — the attack vectors behind most drains simply aren't present. You can read every line it executes. As a daily driver it's spartan; as a statement of threat model it's crystal clear.
Act 2: the app
unruggable-app is the same philosophy with a real UI: Rust + Dioxus (fullstack + mobile), one codebase building for Android, iOS, macOS, Windows, and Linux — Play Store bundles, sideloadable APKs, signed iPhone builds, cross-compiled Windows zips. Under the hood it's solana-sdk 2.3 with staking support via the stake interface. The repo saw commits this week; this is an actively built product, not a hackathon artifact.
Two design decisions carry the security thesis:
- No seed phrase. Keys are stored locally using multi-party computation — shares split across your devices. There's no twelve-word phrase to photograph, phish, or type into a fake support form. (Per its Colosseum listing, the target threats are exactly the common ones: wallet drains, phishing, browser exploits.)
- Air-gap option. For amounts that matter, signing moves to dedicated hardware —
Act 3: the ESP32 signer
unruggable-rust-esp32 is open Rust firmware that turns a ~$10 ESP32 microcontroller into a Solana hardware signer: the keypair is generated and stored on the device, and it signs only when the physical BOOT button is pressed. Host libraries exist in Rust, Go, and JavaScript, and the device works standalone or paired with the Unruggable app.
That's the same custody model as a Ledger at a fraction of the price, with firmware you can read and flash yourself. The productized version sold through unruggable.io — where the landing page currently reads, in full, "Initial Run Sold Out." A one-person Solana hardware wallet selling out its first run is a signal worth noting.
The honest assessment
- Unaudited, solo-maintained. No formal security audit is published for the app, the MPC scheme, or the firmware. The counterweight is total transparency — every layer is open source and small enough to actually review, which is more than can be said for most closed commercial wallets.
- Early. The app repo sits at ~23 stars, docs assume some terminal comfort, and the hardware supply is, demonstrably, limited. This is for self-custody enthusiasts today, not your onboarding flow.
- The ideas travel. ESP32-class hardware signing and MPC-instead-of-seed-phrases are patterns any Solana wallet team can study — the firmware repo is effectively a reference implementation, sitting alongside the passkey smart-wallet approach in the "kill the seed phrase" design space.
Resources
- Site / hardware: unruggable.io
- App (Rust/Dioxus, all platforms): github.com/hogyzen12/unruggable-app
- Original bash wallet: github.com/hogyzen12/unruggable
- ESP32 signer firmware: github.com/hogyzen12/unruggable-rust-esp32 (hosts in Rust, Go, JS)
TL;DR
- Unruggable = one builder's answer to wallet drains: bash CLI → Rust/Dioxus app on five platforms → open ESP32 hardware signer.
- MPC key shares instead of a seed phrase; physical-button signing for the cold path; first hardware run sold out.
- Unaudited and early — but fully open, cheap, and readable, which is its own kind of security argument.
Keep reading
Your wallet is your identity. Sign In With Solana turns that into a real auth protocol: a structured message, a wallet signature, and a server that verifies the Ed25519 sig and issues a session. No email required. Here's how to implement the full stack — frontend signIn call, backend nonce management, signature check, and JWT — plus the security edge cases that trip people up.
An audit report is worthless if you can't confirm the deployed bytecode is what was audited. Solana verified builds fix that: a Docker-pinned toolchain produces a deterministic .so, its hash is compared to the on-chain program data, and the result is written to a PDA anyone can read. Solana Explorer shows a verified badge. Here's the full workflow.
Every production Solana app eventually has the same conversation: which wallet/KMS provider should we use? solana-keychain answers by making the choice irrelevant — one interface, feature-flagged backends, swap without rewriting signing code.
Get new articles in your inbox
Technical deep-dives on Solana tooling, infrastructure, and ecosystem. No noise.