Non-custodial design
Your private keys never leave your machine. LaserSell signs all transactions locally and never transmits keys to any server.
- Keys are generated and stored locally
- All transaction signing happens on your device
- LaserSell cannot freeze funds, initiate withdrawals, or execute trades without your command
Encrypted keystore
LaserSell encrypts your wallet with XChaCha20-Poly1305 authenticated encryption and derives the key using Argon2id, a memory-hard function that makes brute-force attacks prohibitively expensive.
If you have a legacy plaintext wallet.json from another tool, LaserSell will offer to migrate it to the encrypted keystore format automatically.
There is no “forgot password.” If you lose your passphrase, the keystore cannot be decrypted. Your recovery path is re-importing from your seed phrase or private key.
Memory hygiene
During unlocking, your passphrase and decryption intermediates are held in memory only for the instant they are needed. They are explicitly zeroized immediately after, preventing credential scraping by malware.
Best practices
Treat LaserSell as a hot wallet. Do not keep large balances in your trading wallet. Only fund it with what you intend to trade.
Sweep profits regularly. Move gains to a hardware wallet or cold storage. Do not let profits accumulate in a hot wallet.
Use a strong passphrase. Your keystore security depends entirely on passphrase strength.
Anti-phishing
LaserSell support will never ask for your:
- Private key or seed phrase
- Keystore passphrase
- Wallet “validation” or “synchronization” on any website
Anyone requesting these is a scammer. Block and report them immediately.
