Is COCA safe?
Secure as cash
COCA is built with the idea that users should have ultimately control over their funds as if it was cash in their pocket. For the wallet experience, we use Privy as part of the wallet infrastructure (non-custodial wallet / authentication layer) to make COCA feel like a normal banking app – without the need to know anything about crypto or blockchain.
What this means in practice:
Your funds live in your wallet, not in COCA or third party-owned wallet
The card/payment system is designed to request permissioned, specific amounts for purchases (authorization-based) rather than having full access to your balance
Privy, is a wallet provider built for production security. Privy performs regular third-party security audits across infrastructure and cryptography, and documents multiple independent audits by firms including Cure53, Zellic, and Doyensec, alongside a bug bounty program. Privy also states it is SOC 2 Type I and Type II certified.
What "Self-banking” means?
Self-banking means that COCA:
Cannot move your money on its own
Cannot see or control your full balance
Cannot freeze or take custody of your funds
You approve what happens with your money, just like handing over cash when you make a payment. This is why we call this self-banking – your control your own money, you are the bank.
Where is my seed phrase with Privy?
When using COCA with Privy, you don’t see or manage a traditional seed phrase. This is intentional and designed for traditional-style usability.
How it works?
Your wallet does have cryptographic keys (like any other blockchain solution)
Those keys are not shown as a seed phrase
You are not asked to write down or store a recovery phrase
Instead, Privy uses a secure, non-custodial key management system that lets you access your wallet through familiar methods like email, social login, or device-based authentication.
You still own the wallet and the funds, but you don’t have to handle a seed phrase manually.
Does this mean Privy controls my wallet?
No.
Privy does not have custody of your funds
COCA cannot move your money
All wallet actions require your authorization
Privy’s role is to securely help create, store, and use your wallet keys in a distributed way without exposing them to you, to COCA or Privy itself.
Can I export my private keys?
Yes. You can export your private keys when using COCA. Right now export procedure is irreversible and you will no longer able to use this private key and wallet in COCA.
APY security (Morpho + Gauntlet)
When COCA offers APY, the yield is generated by allocating the funds to established on-chain lending markets. A core route we expect to use is Morpho, where deposits can be managed through vault-style strategies with explicit risk controls. Morpho publishes a dedicated risk & security section for Morpho and Morpho Vaults, outlining the key categories of risk users should understand.
Why Morpho is considered a security-first building block
Audited codebase: Morpho publishes a list of security reviews/audits for key components (including reviews by firms such as OpenZeppelin and Spearbit across different Morpho modules).
Vault risk controls: The MetaMorpho vault design includes role separation and market-level controls like supply caps to limit exposure per market.
Why Gauntlet strengthens the APY setup Gauntlet is a well-known DeFi risk management and research firm and is active in the Morpho ecosystem as a risk-first vault curator, focusing on vault composition, market selection, allocation, caps, and ongoing monitoring.
In practice, this means COCA can rely on:
Curated allocations rather than “dump everything into one market”
Risk limits and rebalancing designed to target better risk-adjusted returns
A methodology that prioritizes risk management, not just "Higher APY"
COCA security is designed so you keep control of your funds while still enjoying a bank-simple experience.
No financial product is “risk-free” – not banks, not stablecoins, not COCA. We designed COCA in a way you get strong control, clear transparency, and layered security.
Last updated