A Keystore Companion for MetaMask

Comments (2)

Robert_MacWha · 3h ago

I’ve been frustrated with the tradeoff between hot wallets (convenient and risky) vs hardware wallets (secure and but clunky).

Working at SEAL (https://www.securityalliance.org/) and with SEAL911 I keep seeing the same pattern: One of the most common incident is private key theft, almost always from desktop wallets. Malware goes after browser extensions because your keys sit decrypted in memory.

So I built Lodgelock. It’s a small companion app for MetaMask that keeps keys off the desktop: - MetaMask works as usual but, when it’s time to sign, the request is proxied to your phone. - Keys live on your phone behind biometrics. - The signed payload is sent back to your wallet for deployment.

It adds ~30 seconds compared to a hot wallet, but the keys never touch the desktop.

Some choices I made: - No MPC or proprietary recovery methods, just a standard seed phrase. - Open source, GPL-3.0. - I'm planning to get audited and apply for a MetaMask Grant before calling Lodgelock production-ready.

This isn't a hardware wallet replacement. If you already use a Ledger every time, keep doing that. Lodgelock is for people like me who _should_ use hardware wallets but default to hot wallets because convenience wins.

If you think this would help you, sign up for the email notifications on the website (https://lodgelock.org/#email-signup) or check out the repo (https://github.com/Robert-MacWha/lodgelock-snap).

mqrasi · 3h ago

Can't believe metamask didn't just include 2FA in their product. Almost every day i run into a post on reddit about someone losing their private key or losing funds/NFTs etc by signing a malicious contract or downloading a malicious software.

Cloudflare confirms downtime on August 23rd, silently posts it on status page

Ask HN: The government of my country blocked VPN access. What should I use?

Ask HN: What to learn for math for modeling?

Ask HN: Best self-hosted wiki solution in 2025? Mediawiki or something else?

Ask HN: Redis V8 vs. competition? (Valkey, Dragonfly, etc.)

Ask HN: What options do I have for self-hosted end to end encrypted group chat?

Ask HN: Should we stop worrying that AI will replace developer jobs?

Ask HN: Why hasn't x86 caught up with Apple M series?

Ask HN: Daily/weekly/monthly technical rituals?

Ask HN: Theory That Economic Growth Stagnates in a Civilization

Tired of Broken .onion Links? I Built a Real-Time Tor SE That Works

Ask HN: What to do when you suspect your interview is with a state operative?

Ask HN: How can I recover and run my old mobile game from the 2010s?

Apple App Store Review Mess

Ask HN: Avoiding AI slop in music services

Best up-to-date guides on Vibe Coding

Ask HN: Anyone working on bringing software back from US clouds?

Ask HN: Where can I see a live octopus in Maine?

Staying up to date on the best AI dev workflow?

Ask HN: How much better can the LLMs become assuming no AGI

Ask HN: Did modern AI's coding abilities make you lose interest in programming?

Ask HN: Services for Shutting Down a Startup?

Ask HN: What to Do with Old iPads?

Ask HN: What are the best Google alternatives in 2025?

CompactifAI Inference API

Ask HN: GitHub Copilot down?

Ask HN: Best codebases to study to learn software design?

Ask HN: How to teach a 4 year old to code?

Petition to stop Google from restricting sideloading and FOSS apps

Ask HN: Is there a temp phone number like temp email?

Ask HN: Does sentience put stress on the brain?

Ask HN: Why are so many services rejecting Google Voice numbers for signups?

Stop squashing your commits. You're squashing your AI too

Ask HN: Are AI filters becoming stricter than society itself?

Ask HN: How to Learn to Build Agentic AI Systems (Like Claude Code)

Ask HN: What should I use to run React Native tests on a device?

A Keystore Companion for MetaMask

Comments (2)