FEATURES
Invisible wallet
Most wallets ask users to learn three things they don't care about: what a seed phrase is, what a gas token is, and what a network is. The invisible wallet is Tab's attempt to delete all three from the user's day.
What the user sees
- A handle (
@yourname). - A six-digit PIN they choose at sign-up.
- A balance and a list of payments.
That's it. No seed phrase prompt, no MetaMask popup, no chain switcher.
What the wallet is, mechanically
Under the hood it's an ordinary secp256k1 keypair. The private half is generated in the browser using the Web Crypto API, then encrypted with AES-256-GCM using a key derived from the user's PIN through PBKDF2 (with a healthy iteration count). The encrypted blob is stored in IndexedDB and optionally pushed to an encrypted Drive backup.
What happens at signing time
- The user enters their PIN.
- The browser derives the decryption key with PBKDF2.
- The encrypted key is decrypted in memory.
- The transaction or EIP-712 message is signed.
- The plaintext key is wiped from memory immediately after.
Recovery
Two paths. The first is the encrypted Drive backup — sign in with Google, the blob comes back, and your PIN unlocks it. The second is manual export: the user reveals the raw key once and stores it in a password manager. There is no third path, because any third path would mean Tab held something that could be used against the user.