Nominis Explains: Hosted vs. Unhosted Wallets

In crypto, wallet infrastructure isn’t just a technical decision; it’s a security and compliance imperative. Understanding the difference between hosted (custodial) and unhosted (self-custody) wallets is crucial for anyone operating in Web3, DeFi, or crypto payments.

This isn’t just theory, it’s where hundreds of millions in losses originate.

• Hosted wallets (like Coinbase, Binance) are managed by third parties—ideal for onboarding and regulatory ease.

• Unhosted wallets (like MetaMask, Ledger) give full control to users, but create visibility gaps in compliance and screening.

The Risk Isn’t Just Regulatory, It’s Financial

Crypto’s traceability is powerful, but only if you’re equipped to use it.

Here are just a few real-world cases from 2024–2025 where a lack of wallet intelligence and monitoring led to significant financial and reputational losses:

 Morpho Labs (April 2025): $2.6M Loss Intercepted

A front-end vulnerability exposed users to theft. A known white hat MEV operator intercepted $2.6 million in stolen funds from an un-hosted wallet, but not before the breach highlighted a major oversight in tracking wallet behaviour post-deployment.

 Bybit Multisig Exploit (Jan 2025): $24M Drained

A hacker bypassed multisig controls due to a flawed smart contract connected to an unhosted operational wallet. Because the attack came from a clean wallet with no negative history, it bypassed standard checks. KYT tools without behavioural analysis failed to flag the risk.

 Ledger Connect Exploit (Nov 2024): $600K Gone in Minutes

Hackers spoofed a legitimate Ledger Connect interface to trick users into approving malicious contracts. Once again, funds moved into unhosted wallets with no compliance monitoring, making tracing slower and damage control harder.

 Axie Infinity Fallout (Late 2024): Long-tail risk from unmonitored wallets

Following the $600M+ Ronin Bridge hack in 2022, 2024 investigations revealed that dozens of dormant un-hosted wallets linked to the attacker continued moving funds through laundering services months later, undetected by many tools that don’t go more than 2–3 hops deep.

The Compliance Illusion: Regulation ≠ Real-Time Protection

Many assume that regulations like MiCA or the FATF Travel Rule are enough to keep bad actors out, but the truth is: regulation is reactive, while criminals are proactive. Real protection requires real-time, intelligence-driven monitoring, especially when dealing with both hosted and unhosted wallets. 

That’s where Nominis stands apart. Unlike standard KYT tools that stop at shallow checks, we trace up to 20 hops deep, remember previously screened wallets to trigger automatic alerts, and allow you to retroactively revisit past investigations with our look-back feature. Our platform applies contextual risk scoring to differentiate between exchanges, mixers, bridges, OTCs, and smart contracts, while fusing darknet and geolocation intelligence to catch threats others miss. Powered by both automation and human insight, Nominis helps you catch what others overlook. Whether you're operating a DeFi platform, launching a token, or handling crypto payments, the wallets you touch matter.

Don't Wait for a Breach. Build Your Risk Shield Now.

Whether you're running a payment platform, DeFi protocol, or launching a token, the wallets you touch matter.

• Are they linked to past exploit activity?

• Are they part of a mixing service?

• Are they tagged in darknet leak forums?

• Are they quietly active in criminal laundering cycles?

We answer those questions before the damage is done.

 Schedule your risk discovery session now.

FAQ: