The software way
Your 12 words sit in browser memory. One piece of malware and the wallet is drained.
single point of failure
Base
Nobody can take it.
Nobody can trace it.
One wallet, any two shards
A live
A live 
preview of
the 
vault.
Marmo splits your key across a USB drive, a non-custodial co-signer, and an authenticator app β on Base. No single party holds enough to move your funds. Every payment routes through stealth addresses, so your balance and counterparties stay private.
Marmo
Base
ERC-4337 smart accounts
Stealth addresses
Stealth payments
Non-custodial co-signer
Base
ERC-4337 smart accounts
Stealth addresses
Stealth payments
Non-custodial co-signer
Base
ERC-4337 smart accounts
Stealth addresses
Stealth payments
Non-custodial co-signer
Base
ERC-4337 smart accounts
Stealth addresses
Stealth payments
Non-custodial co-signer
The two bad choices
Hot
Hot 
wallets leak. Hardware wallets 
cost. And neither is 
private.
The hardware way
A $150 proprietary box, shipped to your door, locked to one vendor's chip.
expensive & proprietary
The Marmo way
Split the key across hardware you already own, on Base. Math replaces the secure element. Every payment is private by default.
sovereign, private & free
Three shards, one wallet
A
A 
key split into pieces that never 
meet
The drive shard
An encrypted shard written to any standard flash or hard drive. Cold by default, portable by nature. Unplug it and the wallet sleeps.
The co-signer
A non-custodial server that holds exactly one shard and signs blind, without seeing your transaction. Fully hacked, it still cannot move a single coin.
The recovery shard
An authenticator app, not a seed phrase. No twelve words to lose. Lose the drive and your authenticator code plus the co-signer bring the wallet back.
How a payment signs
Two shards
Two shards 
shake hands. The chain does the rest.
Build
The app composes your transaction and hands the bytes to your shards.
Sign
The drive signs, then the co-signer signs after you approve. Two of three.
Combine
The partial signatures merge into one signature, indistinguishable from a normal wallet.
Settle
The chain validates the quorum and finalizes. A single shard would be rejected.
Privacy, on by default
Your
Your security is invisible.
A normal multisig announces itself on-chain. Marmo does not. Threshold signing makes your wallet look like any ordinary account. Add stealth addresses and your payments become unlinkable β private by cryptography, never by policy.
Invisible setup
Threshold signatures collapse your 2-of-3 into one ordinary signature. Nobody can tell you use Marmo, your threshold, or your co-signer.
Blind co-signing
The co-signer enforces your policy against a zero-knowledge proof. It approves the spend without ever seeing the transaction or profiling you.
Unlinkable receipts
Fresh stealth addresses (ERC-5564) per payment keep your inflows unlinkable. Every inbound lands at a unique one-time address β no two payments share an on-chain link back to you.
Private receive
Every
Every 
inbound is a 
fresh address.
No one can link your payments to your wallet β not even the sender.
Share once
Copy your stealth meta-address from Marmo. Post it anywhere β in a bio, on social, in a contract. It is designed to be public.
Sender computes
Anyone derives a one-time address from your meta-address. Only you can recognise it as yours. On-chain it looks like a random unrelated wallet.
Marmo detects
Your wallet scans the chain silently. Incoming stealth payments are recognised and swept to your account β no manual claiming.
drawer.2 / 3shards needed to spend. One is never enough.
0txns traceable. Stealth addresses make every receipt unlinkable.
$0extra hardware. Use the drive you already own.
No seed phrase to lose
Recovery rides on your authenticator app, not twelve words on a sticky note. Lose the drive, open Google Authenticator β your wallet comes back.
Two ways in
One wallet.
One wallet.
Two 
doors.
Desktop or Telegram β same address, same funds. Pick your surface, switch anytime.
Desktop
macOS Β· Windows Β· Linux
Full experience
- Send & receive USDC / USDT
- Swap β powered by Uniswap V3
- Private sends, stealth addresses
- Hardware drive as shard A
- Full 2-of-3 custody
Telegram
Any device Β· no install
No app needed
- Send & receive USDC / USDT
- Swap β powered by Uniswap V3
- Private sends, stealth addresses
- Telegram auth = shard A
- Non-custodial, same guarantee
Same address. Whether you open the app or message the bot, you're signing from the same smart wallet on Base. Marmo never holds a quorum.
The security model
Enforced by the chain,
Enforced by the chain,
not by our code.
Marmo builds on Base ERC-4337 smart accounts. The 2-of-3 threshold lives in a smart contract on-chain, enforced by the network β not by a script we wrote. No hand-rolled cryptography stands between you and your funds.
- Steal the driveUseless. It is one shard of two.
- Hack the laptopThe co-signer never co-signs without your approval.
- Breach the serverOne shard cannot move funds. Full stop.
- Lose a shardThe remaining two recover the wallet.
For developers
One API,
View on npm
One API,
private by default.
.png){kind=icon}
.png){kind=icon}
.png){kind=icon}
Marmo ships as an open SDK for Base. Split a wallet into shards, route through stealth addresses, and send private USDC β in a handful of lines.
import { createShards, MarmoAccount, sendPrivate } from "@usemarmo/base-sdk";
const shards = await createShards({ threshold: 2, total: 3 });
const account = await MarmoAccount.deploy(shards);
// private USDC β unlinkable, screened, non-custodial
await sendPrivate(account, { to: recipient, token: USDC, amount });
Get the app
Download Marmo
Detecting your platformβ¦
macOS
Apple Silicon & Intel
Download 
.dmg β
Windows
10, 11 Β· x64
Download 
.msi.exe β
Linux
AppImage & .deb
Download 
.AppImage.tar.gz β
All builds and checksums on the releases page.