Verify it yourself — Shieldz is non-custodial by cryptography

Verify it yourself

You don't have to take "non-custodial" on faith. Shieldz is non-custodial by cryptography, not by promise — here's exactly why it can't move your funds, and how to check for yourself.

Shieldz only ever sees a public key

To receive payments, Shieldz generates addresses you control and watches them — and that only needs your public key. You give it one of:

None of these can spend. An xpub or a viewing key lets you derive addresses and watch the chain — but it mathematically cannot sign a transaction. So Shieldz can generate your receive addresses and tell you when money lands, and that is the ceiling of what it can do. It never has, asks for, or stores a private key, seed phrase, or mnemonic — there is no field for one. (Developer API keys are stored only as a hash, never in plaintext.)

Addresses are derived deterministically — reproduce them yourself

Receive addresses use standard, public algorithms: BIP-84 native segwit for Bitcoin (from your xpub at m/0/i), ZIP-32 diversified unified addresses for shielded Zcash (from your UFVK), and your own address for EVM stablecoins. Because the derivation is deterministic and uses only your public key, Shieldz cannot substitute an address of its own — every address it shows is one you can re-derive and verify.

The derivation is open source

The exact BIP-39 / BIP-84 / ZIP-32 derivation Shieldz uses is published, MIT-licensed, and tested against the canonical BIP "abandon" vectors: github.com/LeoFinance/shieldz-key-gen. Run it against your own xpub and confirm the addresses match.

// BIP-84 — derive receive address i from your account xpub (public key only)
import { HDKey } from "@scure/bip32";
const node  = HDKey.fromExtendedKey(yourAccountXpub); // no private key involved
const child = node.deriveChild(0).deriveChild(i);     // m/0/i, public derivation
// → bech32-encode child.publicKey to get the bc1… address Shieldz will show

What this means for you

More: Is Shieldz safe? · How it works