A non-custodial, keyless mobile wallet with AI-powered DeFi capabilities across 8 blockchain networks.
- Deterministic wallet generation from Google OAuth credentials (no seed phrases to manage)
- SHA-256 hashing with stable identifiers (email + userId)
- Same wallet address recovered across all devices automatically
- Face ID / Touch ID authentication for transaction signing
- 6-digit PIN fallback when biometrics unavailable
- AES-256-CBC encryption with PBKDF2 key derivation (100,000 iterations)
- Rate limiting: 5 failed attempts triggers 5-minute lockout
- Private keys are never stored in React state or sent to servers
- On-demand key generation from encrypted storage
- Auto-wipe from memory after 30 seconds of inactivity
- Keys only decrypted during transaction signing with biometric gate
| Network | Chain ID | Native Token |
|---|---|---|
| Ethereum | 1 | ETH |
| BNB Chain | 56 | BNB |
| Polygon | 137 | MATIC |
| Arbitrum | 42161 | ETH |
| Avalanche | 43114 | AVAX |
| Base | 8453 | ETH |
| Optimism | 10 | ETH |
| Stellar | - | XLM (Ed25519) |
- Automatic RPC fallback and health checking
- EIP-1559 transaction support where available
- Natural language commands: "Swap 100 USDC to ETH on Polygon"
- Groq (Llama 3.3 70B) for fast inference with Gemini fallback
- Supported actions: Swap, Bridge, Send, Buy
- Intelligent parameter collection with conversation context
- 0x Protocol for DEX aggregation and best-price routing
- Symbiosis for cross-chain bridges
- Transak for fiat on/off-ramp
- Moralis for multi-chain balance fetching
- SIP (Systematic Investment Plans)
- Pre-built bundles: Blue-chip, DeFi Index, AI Frontier
- Portfolio tracking with real-time analytics
┌─────────────────────────────────────────────────────────────────┐
│ User Device │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Google │───▸│ Deterministic│───▸│ Biometric │ │
│ │ OAuth │ │ Key Gen │ │ Gate │ │
│ └──────────────┘ │ (SHA-256) │ │ (Face/Touch) │ │
│ └──────────────┘ └──────┬───────┘ │
│ │ │
│ ▼ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ AES-256 │◀───│ Key │◀───│ Transaction │ │
│ │ Encrypted │ │ Decrypt │ │ Sign │ │
│ │ Storage │ │ (PBKDF2) │ └──────┬───────┘ │
│ └──────────────┘ └──────────────┘ │ │
│ │ │
│ ┌──────▼───────┐ │
│ │ Auto-Clear │ │
│ │ (30 sec) │ │
│ └──────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
| Category | Technologies |
|---|---|
| Mobile | React Native 0.81, Expo 54, React 19 |
| Language | TypeScript 5.9 |
| Web3 | Viem, Web3.js, @stellar/stellar-sdk |
| State | Redux Toolkit, Context API, Redux Persist |
| Security | expo-secure-store, expo-local-authentication, crypto-js |
| AI | Groq API (Llama 3.3 70B), Google Generative AI |
| Trading | 0x Protocol, Symbiosis, Moralis, Transak |
- Node.js 18+
- Expo CLI
- iOS Simulator or Android Emulator (or physical device)
# Clone the repository
git clone https://github.com/rohansingh4/Kosh.git
cd Kosh
# Install dependencies
yarn install
# Start development server
yarn start# iOS
yarn ios
# Android
yarn android
# With dev client
npx expo start --dev-clientCreate a .env file in the root directory:
EXPO_PUBLIC_GROQ_API_KEY=your_groq_key
EXPO_PUBLIC_GEMINI_API_KEY=your_gemini_key
EXPO_PUBLIC_ZEROX_API_KEY=your_0x_key
EXPO_PUBLIC_MORALIS_API_KEY=your_moralis_key
EXPO_PUBLIC_TRANSAK_API_KEY=your_transak_key
EXPO_PUBLIC_ENCRYPTION_SALT=your_custom_saltKosh implements a client-only non-custodial architecture:
-
No Seed Phrases: Wallet is deterministically generated from Google OAuth credentials using SHA-256 hashing of stable identifiers (email + userId + Firebase config).
-
Zero Server Storage: Private keys never leave the device. No backend stores or transmits key material.
-
Encrypted at Rest: Keys stored using AES-256-CBC with:
- Device-specific salt (unique per installation)
- PBKDF2 key derivation (100,000 iterations)
- Stored in iOS Keychain / Android Keystore via expo-secure-store
-
Biometric Gating: Every transaction requires Face ID/Touch ID authentication before the key is decrypted.
-
Memory Safety:
- Keys are never stored in React state
- Auto-wipe from memory after 30 seconds
- Secure string overwrite before garbage collection
-
Rate Limiting: 5 failed authentication attempts trigger a 5-minute lockout to prevent brute force attacks.
KoshWallet/
├── components/ # Reusable UI components
│ ├── modals/ # Modal dialogs
│ ├── navigation/ # Navigation components
│ └── trade/ # Trading UI components
├── config/ # Configuration files
│ ├── tokenList.json # Supported tokens
│ └── tradeConst.ts # Network configurations
├── contexts/ # React contexts
├── screens/ # Screen components
├── services/ # API services
│ ├── geminiService.ts # AI assistant
│ ├── ZeroXService.ts # DEX aggregation
│ └── symbiosisService.ts # Cross-chain bridges
├── utils/ # Utility functions
│ ├── passkeyWallet.ts # Keyless wallet generation
│ ├── keyManager.ts # Secure key storage
│ ├── SecureKeyService.ts # Transaction signing
│ └── encryption.ts # AES encryption
└── store/ # Redux store
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
MIT License - see LICENSE for details.
Built with React Native & Expo