2025: what shipped, what didn't

Twelve months in. The honest list:

Shipped this year

• Custodial wallets across 12 chains (EVM family + 4 UTXO + Solana + Tron).
• Sweep + gas-station with auto-refill on chain-specific thresholds.
• Webhook subsystem with HMAC signing, exponential retry, auto-disable.
• Multi-tenant role-based access control with default OWNER / ADMIN / OPERATOR / VIEWER.
• P2P escrow trades and disputes (90 days in production by Q1 2026).
• Internal exchange + DEX-aggregator swap routing.
• Envelope encryption with KMS-wrapped DEKs (started on env-mode, migrated to GCP KMS in Q4).
• Static-analysis tenant-isolation tests in CI.
• Postalynk-backed transactional + marketing email with ~70 templates.
• Stripe billing with platform-id metadata routing.
• hCaptcha-gated public auth endpoints.
• Google sign-in with id_token nonce verification.

Didn't ship that we wanted to

• SOC 2 attestation. Controls are mostly in place; the audit isn't.
• Bug bounty program. Rolling out in Q1.
• 2FA enforcement for tenant users (admins have it; tenant users still don't).
• Multi-region failover. Currently single VPS with off-site backups.
• Open-sourced SDKs in Go and Python. We have curl examples and a TS SDK only.

What we got wrong

We initially priced the Starter plan at $99/mo. That was 5x too high for the segment we were trying to capture. We've restructured: Free tier ($0, 10 wallets), Starter ($19.99, 100 wallets), Growth ($49.99, 1000 wallets), Scale ($99.99, 5000 wallets), Enterprise (custom).

We also underweighted Tron USDT in our initial test data. Multiple early partners told us this within the first month. Lesson: ask people what they'd use you for before you decide what to optimize.

What's next

Q1 2026 we're focused on three things: an SDK in Go, the SOC 2 audit, and the bug bounty. Lighter on shipping new chains, heavier on hardening what we have.

Thanks to everyone who tried us this year. See you in 2026.