Skip to content
Hightop docs header art
Hightop
Start Here

Your Hightop Wallet#

Your Hightop account is one account, backed by a smart contract wallet on a blockchain, controlled by a control wallet that belongs to you, and shared safely by multiple agents — each with their own rules. You do not get a separate wallet for each agent or each purpose. Everything runs through one place.

You interact with it through a polished app. Your agents interact with it through the API. Hightop handles the infrastructure underneath — blockchain wallets, stablecoin transactions, gas fees, and the connections to traditional money rails — but Hightop does not control your account. The control wallet does. That distinction is worth understanding, because it is what makes the trust model work.

What Is Underneath Your Account#

Your Hightop account is built from three pieces that work together:

Your control wallet is the address that controls your account. It is the only thing that can change the rules — add an agent, update limits, approve a new payment recipient, or remove an agent. Think of it as the master key. No one else, including Hightop, can make policy changes without it. How this wallet is created and how you can upgrade it are covered below.

Your smart contract wallet is where your assets actually live. It holds your balances, your Earn positions, your borrowing state — everything. It also enforces the rules. When an agent tries to do something, the smart contract checks the request against the rules your control wallet configured. If the request fits, it executes. If not, it fails. The rules are enforced onchain — there is no override, no exception, no "just this once."

Your agents are the operators. They send requests through the API, and the smart contract decides whether those requests are allowed. Agents can execute inside their lanes, but they cannot change the lanes. Only the control wallet can do that.

The important separation: the control wallet sets the rules, the smart contract enforces them, and agents operate within them. These are distinct roles — not different views of the same permission level.

How Your Control Wallet Is Created#

When you sign up for Hightop, two things happen behind the scenes. The app creates your control wallet through Turnkey, a secure key-management platform — an embedded wallet tied to your email-based login that becomes the address controlling your account. It also deploys your smart contract wallet on the blockchain — the wallet that will hold your assets and enforce your rules.

You do not see either of these happen. You do not need to write down a seed phrase, buy a hardware device, or install crypto tooling. From your perspective, you sign up with your email and start using Hightop. The control wallet and smart contract wallet exist underneath, ready to go.

There is something important about this arrangement: your control wallet's keys are not stored on Hightop's servers. They live within Turnkey's infrastructure, tied to your email-based authentication. That means a compromise of Hightop's servers alone is not enough to take over your control wallet or move your funds. An attacker would need to also compromise your email-based access path through Turnkey.

This is a meaningful security property. Most platforms that hold money for you store everything — keys, policies, balances — on their own servers. If those servers are breached, the attacker has everything they need. In Hightop's model, the keys and the servers are separate systems.

Moving to a Wallet You Fully Control#

The default Turnkey setup is convenient — you sign up with your email and everything works. But it does still depend on an email-based access path. If you want stronger security assumptions, you can upgrade.

Hightop lets you move control of your account to a wallet you fully control:

  • A hardware wallet — like a Ledger — where the keys are on a physical device you hold
  • A Safe — a multi-signature wallet that requires multiple approvals to act, so no single key can make changes alone

When you move control of the account to one of these, the Turnkey embedded wallet is no longer the controlling address. Your hardware wallet or Safe becomes the control wallet for your account. The email-based access path goes away entirely. The security assumption shifts from "Turnkey plus your email" to "your own keys or signing authority."

Your assets stay where they are — in the smart contract wallet. Your agents keep operating with the same rules. The only thing that changes is who holds the master key. This is an upgrade you can make whenever you are ready, and it does not disrupt anything that is already running.

How Agents Fit Into This Model#

How Hightop Works explains that agents operate inside lanes you define. Here is how that connects to the wallet structure.

When you create an agent in the app, the control wallet writes that agent's rules into the smart contract wallet — its permissions, limits, approved assets, payment paths, and expiry. That update is a real blockchain transaction, signed by your control wallet. In the app, this happens seamlessly — you configure what you want, and the app handles the signing and submission behind the scenes using your Turnkey embedded wallet. You do not see gas fees, transaction hashes, or blockchain confirmations. But the result is that those rules now live onchain, in the smart contract itself.

When the agent sends a request through the API, the smart contract checks the request against those rules. The agent never touches the control wallet. It never holds keys. It operates through the smart contract, which decides on every single request whether to allow or block it.

This is why multiple agents can share one account safely. Each agent has its own lane defined in the same smart contract. A research agent paying approved vendors and a cash management agent moving funds into Earn both operate through the same wallet — but the smart contract enforces completely different rules for each one. One cannot accidentally use the other's permissions.

And if something goes wrong with an agent — a bug, a compromised API key, a hallucination — the damage is bounded by the lane you configured. The agent cannot widen its own lane, and the attacker behind a stolen API key inherits the same narrow authority the agent had.

Why This Structure Protects You#

The reason your account is built this way — control wallet, smart contract wallet, agents as operators — is so that no single point of failure gives an attacker full access.

A Hightop server compromise alone cannot steal your funds. Your control wallet's keys are not on Hightop's servers. Your assets live in the smart contract wallet, which enforces rules independently of Hightop's infrastructure.

A compromised control wallet does not mean instant, unrestricted damage. Some high-risk changes — especially adding a new trusted destination — go through timelocks, new agents or recurring vendors do not become active until their activation delay has passed, and larger one-off payments can sit behind a review delay. Hightop notifies you through its available alerting channels when these delayed changes are initiated, giving you time to cancel before they take effect. But that delay protects the add path, not destinations that are already active. Small one-off payments can still clear within the rules already in force, and an already active trusted destination can be used immediately by the control wallet.

The keys are separate from the servers. The smart contract is separate from both. Delays and timelocks protect some of the highest-risk changes. That is part of the design.

Security and Control covers the full trust model. Why Onchain Enforcement Matters goes deeper on the architecture and how to verify it yourself.

Where to Go Next#

  • Security and Control explains the trust model at a user level — who controls what and how boundaries protect you
  • How Hightop Works covers the three-step model, the rules engine, and what agents can do
  • Wallet Model goes deeper on the smart contract wallet architecture and why crypto rails fit AI agent finance
  • AI Agents explains the agent model in detail — lifecycle, permissions, and what agents cannot do
  • Why Onchain Enforcement Matters covers the full security architecture and how to verify it

Previous

How Hightop Works

Next

Security and Control