Self-custody means you hold your own funds, and no one, including Grvt, can move them without you. If you have ever been unsure exactly how that works here, this is a plain-language walkthrough: where your money actually sits, what signs for it, and how withdrawals work. The short version is your funds sit in smart contracts on-chain that open only when your key signs. Grvt never holds your key. So it cannot move your money, spend it, or send it anywhere. Only you can.
You're not missing something obvious
If this was never clear, that's on us. If you've held funds here without being sure where they actually sit, you're not careless and you're not alone. Crypto throws three different words at you as if they mean the same thing: your signer, your wallet, and the smart contract. They don't. Almost all the confusion, and the worry that comes with it, disappears the moment you separate them.
There's really just one distinction to hold onto: the thing that authorizes a move is separate from the place the funds actually sit. Get that, and the rest is detail.
The signer (authorizes)
Proves it's you. Your signer holds a private key and produces a signature that says "I approve this." It does not hold your balance. It holds the authority to move it, and only you have it.
The wallet (where your key lives)
The home for your signer. On Grvt that is either your own external wallet like MetaMask, or an email wallet created for you when you sign up with email. Both are just places your key is kept. Both belong to you.
The smart contract (where funds sit)
Where the money actually is. Your funds live in audited smart contracts on-chain, not on a Grvt balance sheet. The contract releases them only to an instruction validly signed by you.
The guarantee that matters most - only your key moves your funds. The core of self-custody is simple. A withdrawal is an instruction signed by your key, and the smart contract sends your funds back to your own wallet. Grvt cannot produce that signature, so it cannot move your money, redirect it, or spend it. The authority to move your funds never leaves your hands.
Follow the money: the custody path, start to finish
Here is the full chain of control, in order:
Owner (You) — holds the key. Nothing moves without your signature.
This signs to → Signer (Your wallet) — your external or email wallet. Produces the signature.
This authorizes → Custody (Smart contract) — holds your funds. Opens only to your signed instruction.
This settles to → Base layer (Ethereum) — final settlement. Withdrawals return to your L1 address.
Grvt matches trades and runs the chain. It sits beside this path, never inside it. It cannot produce your signature, so it cannot move your funds.
The key never leaves you. Grvt operates the rails; the contract obeys only you.
Two ways to hold your key: external wallet or email wallet; both are yours
Grvt has two kinds of users. The difference is only where your key is kept, not who controls it. In both cases the answer to "who can sign?" is: only you.
External wallet (MetaMask, Coinbase, WalletConnect)
You already own the wallet. You connect it to Grvt and sign each on-chain action from it, exactly as you would anywhere else in crypto. Grvt never sees your seed phrase and never holds this key. It lives in your browser extension or hardware device. Key custody: you, in your own wallet.
Email wallet (email or social login, powered by Privy)
Sign up with email or Google and Grvt creates an embedded wallet for you. It lets you trade in one click with an email code, so it feels as easy as a normal app. The key is generated and secured so that only you can authorize it. Grvt cannot sign on your behalf, even though you logged in with email. Key custody: you, behind your login.
A closer look at the email wallet and Privy
The email wallet is powered by Privy, wallet infrastructure used across crypto to give people a real self-custodial wallet without a seed phrase to memorize. When you sign up with email or social login, Privy creates a standard crypto account for you, the same kind of account MetaMask holds. It has its own private key and its own address, and it belongs to you.
What makes it safe is how that key is stored. The moment your wallet is created, the private key is generated inside a secure, hardware-isolated environment (a TEE) and immediately split into separate shares using Shamir's Secret Sharing. No single party ever holds the whole key, not Grvt and not Privy. When you sign a withdrawal, the shares are briefly reassembled inside that secure enclave, the transaction is signed, and the reconstructed key is destroyed right away.
So how is this different from MetaMask? Only in where the key lives. MetaMask keeps your key in a browser extension that you manage with a seed phrase. The email wallet keeps it sharded across secure infrastructure behind your login. In both cases the wallet is self-custodial: the only thing that can authorize a move is your key, and only you can trigger it.
You are never locked into the email wallet. You can export your private key at any time and load it into another wallet like MetaMask or Phantom. The export is designed so that neither Grvt nor Privy can read your key while it happens. To do it, open Privy home and follow the steps in the Grvt Help Center (search "export private key").
Why your Grvt balance will not appear in Privy or MetaMask
This is the part that worries people, so it's worth being precise. If you export your key, or view your wallet in Privy's own interface, you will not see your Grvt balance there. Nothing is missing. Privy and MetaMask only display balances for the blockchains they actively index, and neither of them indexes Grvt's chain. Their job with Grvt is narrow: hold your key and sign the transactions that let you withdraw. They are the signer, not the ledger. Your Grvt balance lives on Grvt's chain and shows up in the Grvt app. For the exact same reason, these wallets cannot show your Hyperliquid positions either. A wallet only surfaces what it indexes.
A deposit, step by step: what happens when you fund your account
This is the moment people worry about most, so here's exactly what a deposit does. It's an ordered sequence, and your key is required at the start.
You approve the deposit. Your wallet signs the transaction. This is the only point where you hand over an instruction, and you are the one giving it.
Funds enter the bridge contract. Your assets move from your Ethereum wallet into Grvt's audited bridge contract. They are now held by code, not by a company.
Your balance appears on the Grvt L2. The Grvt Layer 2 exchange contract credits your balance so you can trade, earn, and spend, all still tied to your key.
You withdraw with your signature. A withdrawal signed by your key tells the exchange contract to release your tokens back to your own Ethereum address. Grvt cannot trigger this without you, and cannot redirect it anywhere else.
The honest boundary: what Grvt cannot do to your money
We run a real exchange, so there are things we control, like pausing trading during an issue or sequencing the trades that come in. But none of that reaches your funds. Here's the line we cannot cross.
Grvt cannot:
Move or take your funds. The contract needs your signature, and we do not have your key. Full stop.
Invent a balance or a fake trade. A mathematical proof, posted publicly to Ethereum, checks that every number is real.
Expose your trades to the outside world. Grvt matches your trades, so it sees them, just like any exchange. But they settle on a private chain, so no external party can browse your positions, strategy, or order flow.
In plain terms: you trust Grvt to keep the lights on and to sequence fairly. You do not trust Grvt with your funds or your identity. Even if Grvt pauses trading, your funds are still yours: nothing Grvt controls can move them. That split is the whole point of the design.
Don't take our word for it: how to check this yourself
Self-custody is only real if you can verify it. Three things you can confirm without trusting our marketing.
Make a withdrawal. The simplest test. Sign a withdrawal and watch your funds arrive at your own wallet, released by the contract against your signature.
Check the settlement layer. Grvt posts zero-knowledge proofs to Ethereum. Anyone can confirm that our reported state is mathematically valid, without us revealing your trades.
Hold your own key. Use an external wallet like MetaMask if you want the key entirely in your hands. The custody model is identical either way, this just makes it visible.
The bottom line: you should be able to sleep at night
You can keep most of your assets here and still hold them yourself. The funds sit in smart contracts. The authority to move them sits with your key. Grvt runs the exchange around both and is built so it cannot reach in, even if it wanted to.
So the question this article set out to answer what self-custody of funds means on Grvt, has a clean answer: your funds move only when your key signs, and your key is yours alone. That is what self-custody means here. Not a slogan, a design you can check.
This article explains how self-custody works on Grvt for a general audience. As with any on-chain system, smart contracts carry inherent risks; these, along with the full terms of use, are set out in Grvt's Terms and Conditions. For the underlying design, see Grvt's technical documentation.
