← Back to the blog
Embedded Wallets for Web3 Games: What They Are and Why They Matter
An embedded wallet is a crypto wallet managed by a platform on behalf of a user. The player creates an account, logs in with an email address or social login, and the platform creates and holds the wallet for them — no seed phrases, no browser extensions, no separate app.
For game developers, embedded wallets solve the single biggest UX barrier in Web3 gaming: most players do not want to manage a crypto wallet. For regulators, embedded wallets create a clear responsibility: whoever holds the wallet is the custodian, and custodianship triggers regulatory obligations.
The problem embedded wallets solve
Traditional Web3 game onboarding requires players to:
- Create a self-custody wallet (MetaMask, Phantom, or similar)
- Record and safely store a 12 or 24-word seed phrase
- Fund the wallet with cryptocurrency
- Connect the wallet to the game
- Sign transactions every time they interact with the blockchain
For players who are already crypto users, this is familiar. For the broader gaming market, it is a substantial friction barrier. Research consistently shows that wallet setup is the point at which most potential Web3 game players abandon onboarding.
Embedded wallets remove that friction. The player creates an account like any other game account. The platform manages the wallet in the background. The player experiences a normal login flow.
How embedded wallets work
Behind a simple login interface, embedded wallets do real blockchain operations. The platform:
- Generates a private/public key pair for the player’s wallet
- Stores the private key in a secure enclave (typically a hardware security module like AWS KMS)
- Signs transactions on behalf of the player using the stored key
- Presents a clean UI that abstracts the blockchain interaction
The player never sees the private key. They cannot export it to another wallet (unless the platform provides a key export function). The platform is the custodian.
Key security models
Hardware Security Modules (HSM). Private keys are generated inside AWS KMS or equivalent hardware. Keys are non-exportable. They never exist in application memory. This is the most secure common implementation.
Multi-party computation (MPC). The key is split between multiple parties (player device, server, sometimes a third party). No single party holds the complete key. Signing requires threshold agreement.
Threshold signatures (TSS). Related to MPC, TSS allows multiple parties to participate in signing without ever assembling the full key.
The regulatory implication
Embedded wallets are custodial by definition. The platform holds custody of the player’s private key, and therefore of the player’s assets.
Under EU MiCA regulation, custodial wallet services require a CASP (Crypto-Asset Service Provider) licence. Running an embedded wallet for EU players without that licence is non-compliant.
This is not a technicality. A CASP licence requires:
- Minimum capital reserves (€50,000–€150,000 depending on class)
- Qualified compliance and AML officers
- Regular audits
- Regulatory reporting
The year-one total cost runs €500,000 to €1,000,000. For most game studios, that is not viable.
Studios have three options:
- Obtain their own CASP licence — expensive, slow (6–12 months), operationally demanding
- Use non-custodial wallets — lower compliance burden but significantly higher player friction
- Build on a licensed platform — the platform holds the licence and provides embedded wallet infrastructure as part of its compliance layer
Genesis Engine is building option 3. Embedded wallets are a platform feature. The CASP licence is held at the platform level. Studios integrate via SDK.
What developers need to know
Zero PII liability. When a licensed third-party platform handles wallet management, player identity documents flow through the platform’s KYC provider (Sumsub in the case of Genesis Engine). The developer’s infrastructure never touches sensitive personal data. This also removes the developer from GDPR scope for identity documents.
AWS KMS by default. Genesis Engine uses AWS KMS hardware security modules for key management. Keys are non-exportable and never exist in application memory.
Regulatory perimeter. Developers building on Genesis Engine operate under Genesis Engine’s regulatory perimeter, not their own. The compliance obligation sits at the platform level.
UX without compromise. Players onboard with email. The wallet experience is invisible during normal play. Developers can expose wallet details to players who want them without forcing all players to engage with them.
Self-custody vs embedded wallets: the trade-off
| Embedded wallet | Self-custody wallet | |
|---|---|---|
| Player friction | Low | High |
| Platform responsibility | Platform holds key | Player holds key |
| Regulatory trigger | Yes (custodial) | Lower (non-custodial) |
| Recovery if player loses access | Platform can recover | Usually unrecoverable |
| Player control | Limited | Full |
| Developer implementation | SDK integration | Wallet connection protocol |
Neither is inherently better. The choice depends on the player experience the game targets and the regulatory infrastructure the developer has access to.
Games that want to reach the broadest player base — beyond existing crypto users — typically need embedded wallets. Games that target crypto-native players who expect full control of their keys may prefer self-custody options.
Common questions about embedded wallets
Can players export their keys from an embedded wallet? Some platforms allow key export. Genesis Engine’s approach allows players to view wallet details; full key export depends on implementation choices. Check the specific platform’s documentation.
What happens to player funds if the platform shuts down? Under MiCA, platforms holding custodial wallets have obligations around asset segregation and return of assets. This is a regulatory protection for players. For platforms without regulatory compliance, the answer is less clear.
Is an embedded wallet less secure than a self-custody wallet? Not necessarily. HSM-backed embedded wallets with hardware key management have strong security properties. The risk profile is different: with embedded wallets, the platform is the attack vector; with self-custody wallets, the player is. In practice, platform-level HSM security is more robust than most individual players’ key management.
Do embedded wallets support all tokens and chains? Depends on the implementation. Genesis Engine supports the chains and token standards relevant to the games on the platform. Not all embedded wallet providers support all chains.
What is wallet-as-a-service? Wallet-as-a-service is the term for embedded wallet infrastructure provided as an API to developers. Rather than building wallet management from scratch, developers call an API that creates and manages wallets on their behalf. Genesis Engine provides this as part of the platform layer.
Genesis Engine provides embedded wallet infrastructure as part of its compliance and payment rails platform for Web3 game developers. Learn how it works.
— Magnus
All posts