Security you can verify.
Security you can verify.
Lite Wallet is non-custodial and open source. Your private keys live on your device. The binaries are signed and the code is auditable on GitHub.
Lite Wallet is a non-custodial Litecoin wallet released under the MIT license. The source code is public on GitHub. Desktop binaries (Windows .exe, macOS .dmg, Linux .zip) are code-signed. Private keys are generated locally from a 12-word paper key and never leave the user's device. Lite Wallet has no account system, no KYC, and no server-side custody of user funds.
The Lite Wallet security model
Non-custodial by design
Lite Wallet generates the private keys for your Litecoin addresses on your device, during first run. Those keys are derived from a 12-word paper key using BIP-39 and BIP-32 standards. The paper key, the private keys, and the derived MWEB view/spend keys are all local — they are not transmitted to any Lite Wallet server, and there is no Lite Wallet server that holds user funds.
No account, no reset, no backdoor
There is no Lite Wallet account, no email login, no password-reset flow, and no support team that can restore your wallet for you. The 12-word paper key is the single recovery path. This is the tradeoff of non-custodial design: no third party can freeze or seize your funds, and no third party can restore them if you lose the paper key.
Client-side signing, SPV verification
Transactions are signed on your device — the signed blob is what Lite Wallet broadcasts to the Litecoin network. Lite Wallet uses SPV (Simplified Payment Verification) mode, which means your wallet verifies relevant block headers against the Litecoin network without requiring a full 30+ GB node download. Balances are pulled from the Litecoin blockchain directly, not from a Lite Wallet database.
Source code and audit trail
MIT-licensed, public on GitHub
Every line of Lite Wallet is public on GitHub at github.com/litewallet/litewallet. The MIT license permits inspection, modification, and redistribution. Issues and pull requests are tracked in the open. Releases are tagged with the version number that matches the download page and the softwareVersion field in our SoftwareApplication schema.
Reproducible builds roadmap
We aim to ship reproducible builds so any developer with the source can produce byte-identical binaries and compare their hash to ours. This work is tracked openly in the repository; the current state is documented in BUILD.md. Reproducible-build status per platform is in /changelog.
Third-party audit plan
We plan a third-party security audit for the desktop codebase and MWEB integration in the next release cycle. Audit reports will be published on this page with dates and scope. Until then, the open codebase remains the primary verification path.
Your security best practices
Write your paper key on paper.
The 12 words should live on paper or a metal backup plate — never in a photo, a note app, a password manager single-field entry, or any cloud-synced document.
Store two copies, separated.
Keep one paper backup at home and one at a separate trusted location. Two copies protect against fire, flood, or local theft. Both copies give full wallet access, so choose locations carefully.
Use a device passcode.
Enable Lite Wallet's local passcode and your device's biometric unlock. These do not protect the paper key, but they protect the wallet on this device if someone picks up your unlocked phone or laptop.
Move large balances to hardware.
For balances you would miss if lost, use Lite Wallet with a Ledger or Trezor. The private keys live on the hardware device; Lite Wallet never has them. Same 12-word paper-key recovery for the wallet metadata.
Never type the paper key online.
Never enter the 12 words into a browser, a messaging app, a chat support window, or any form labelled 'verify your wallet'. Support will never ask for it. Anyone with the 12 words controls the wallet.
Verify the installer signature.
Before running a new Lite Wallet installer, verify the publisher signature reads LiteWallet.