Pushin’ WaaP
Push Chain is building for universal apps. One deployment, users from any chain — Ethereum, Solana, EVM, non-EVM. Transactions from any wallet, fees abstracted away, sub-second finality. The whole point is that users shouldn't need to care which chain they're on.
Push already has its own wallet kit. Users can connect from Ethereum, Solana, and other chains. But when someone shows up without a wallet, how do they get in?
The standard answer is a Wallet-as-a-Service (WaaS). Here, a provider creates a wallet on the user's behalf, handles key management, and offers social login as the front door. But the user's share is gated behind the auth provider, and the remaining key material sits with cloud backups and the wallet provider's own servers, enough to take the user out.
Social Login without giving up self-custody
WaaP takes a different approach. Push Wallet now uses WaaP for social authentication. Users log in with email or Google, and get a self-custodial wallet, without handing key material to an intermediary.
Keys are derived cryptographically from the user's credentials. The social login is only part of the secret, jointly computed with a security secret, without either side learning the other's. The security secret is now stored in an enclave, and will soon be moved to Ika’s decentralized network. Compromising the login provider alone doesn't give anyone access to the key. No cloud backups. No custodian holds sufficient share to take the user out. The user's identity becomes the key, without anyone else keeping a copy.
Universal Keys for Universal Chain
Push Chain abstracts away which blockchain you're on. WaaP abstracts away how you got your keys. Both remove friction without removing ownership.
Push already supports external wallets through wallet abstraction and Push ID — a single identity that maps multiple wallets across chains. WaaP fills the remaining gap, where users without a wallet get one through social login, with the same self-custody guarantees as someone connecting to MetaMask.
And because WaaP is composable across dApps and chains, they are not scoped into Push. A user who onboards here can use the same wallet on any other app that integrates WaaP, or connect externally via WalletConnect, or export their private key anytime.
Recovery that works as people expect
Lose your phone? Switch devices? Just log in again with the same email. Same wallet, same identity.
WaaP wallets are reproducible. Because keys are derived from user credentials through vOPRF, recovery is just using the wallet again. Any login method tied to the same email points to the same account — whether that's Google, GitHub, or the raw email address. There's no backup phrase to store, and no reliance on cloud back ups or social guardians.
What's next
Push Chain is live on Donut testnet, with WaaP already integrated in Push Wallet. As Push Chain moves toward mainnet, WaaP's wallet infrastructure scales with it.
Try Push Wallet → portal.push.org
Build with WaaP → docs.wallet.human.tech
Learn more about Push Chain → push.org/chain
