Marmo
GitHub Download

Your key lives in three places. Your wallet lives in none.

Marmo splits your Sui wallet into three shards across a cheap drive, a non-custodial co-signer, and your Google login. Spend with any two. The full private key never exists, so a stolen laptop or a stolen drive gets a thief exactly nothing.

Download for your device Read the SDK
$5any USB drive
2 / 3shards to sign
0single points of failure
Built natively on
The two bad choices

Hot wallets leak. Hardware wallets cost. Marmo does neither.

The software way

Your 12 words sit in browser memory. One piece of malware and the wallet is drained.

single point of failure

The hardware way

A $150 proprietary box, shipped to your door, locked to one vendor's chip.

expensive & proprietary

The Marmo way

Split the key across hardware you already own. Math replaces the secure element.

sovereign & free
Three shards, one wallet

A key split into pieces that
never meet

A

The drive shard

An encrypted shard written to any standard flash or hard drive. Cold by default, portable by nature. Unplug it and the wallet sleeps.

B

The co-signer

A non-custodial server that holds exactly one shard and confirms each transaction. Fully hacked, it still cannot move a single coin on its own.

C

The recovery shard

A zkLogin identity behind your Google account. Lose the drive and your login plus the co-signer bring the wallet back. No seed phrase to misplace.

How a payment signs

Two shards shake hands.
The network does the rest.

  1. 01

    Build

    The app composes your transaction and hands the bytes to your shards.

  2. 02

    Sign

    The drive signs, then the co-signer signs after you approve. Two of three.

  3. 03

    Combine

    The partial signatures merge into one multisig signature.

  4. 04

    Settle

    Sui validates the quorum and finalizes. A single shard would be rejected.

Why people switch

Elite security on
the hardware in
your drawer.

Get Marmo
2 / 3 shards needed to spend. One is never enough.
100% open source. Audit the kit, fork it, self-host it.
$0 extra hardware. Use the drive you already own.

No seed phrase to lose

Recovery rides on your Google login through zkLogin, not twelve words on a sticky note.

The security model

Enforced by Sui,
not by our code.

Marmo is built on Sui native multisig, a protocol-level primitive. The threshold is enforced by validators, not by a script we wrote. No hand-rolled cryptography stands between you and your funds.

  • Steal the driveUseless. It is one shard of two.
  • Hack the laptopThe co-signer never co-signs without your approval.
  • Breach the serverOne shard cannot move funds. Full stop.
  • Lose a shardThe remaining two recover the wallet.
For developers

The kit is yours.

Marmo ships as an open SDK. Split a wallet into shards, sign across machines, and submit, in a handful of lines. Build your own self-custody product on top.

View on GitHub
two-of-three.ts
import { Shard, MarmoWallet, signAndSubmit } from "@marmoxyz/sui-kit";

const drive    = Shard.create("drive");
const server   = Shard.create("server");
const recovery = Shard.create("recovery");

const wallet = MarmoWallet.twoOfThree(drive, server, recovery);
// spend with any two shards
await signAndSubmit(client, wallet, tx, [drive, server]);
Get the app

Download Marmo

Detecting your platform…

macOS Apple Silicon & Intel Download .dmg → Windows 10, 11 · x64 Download .msi → Linux AppImage & .deb Download →

All builds and checksums on the releases page.

Split your first wallet Download in minutes