Skip to main content
Muun Wallet

About Muun Wallet

Muun is a non-custodial 2-of-2 multisig wallet with a special focus on security and ease of use. This is the source code repository for Muun’s Android wallet, designed to give users full control over their Bitcoin and Lightning transactions.

Quick Start

Get up and running with Muun Wallet development in minutes

Requirements

View runtime and build requirements for the wallet

Architecture

Understand the clean architecture pattern used in Muun

Security

Learn about our security practices and responsible disclosure

Architecture

Muun follows the clean architecture pattern with three distinct layers:
1

Data Layer

Handles all data backends including:
  • Database operations
  • Operating system interactions
  • Network communications
All keystore and data handling happens at this layer.
2

Domain Layer

Contains the core business logic:
  • Domain models
  • Use cases (clean architecture terminology)
  • Transaction signing decisions
All business logic that decides when to sign transactions happens here.
3

Presentation Layer

Contains all UI code:
  • Views and activities
  • User interaction handling
  • Depends only on the domain layer
The presentation layer never references the data layer directly, ensuring proper separation of concerns.

Common Module

There’s also a pure Java common module with code shared across all layers. Most key handling and transaction crafting operations happen in this module.

Auditing

When auditing the Muun codebase, focus on these critical areas:
  • Key Operations: Most key handling and transaction crafting operations happen in the common module
  • Data Security: All keystore and data handling happens in the data layer
  • Business Logic: All signing decisions happen in the domain layer
  • Layer Isolation: The presentation layer only depends on domain, never data directly

Responsible Disclosure

If you discover security vulnerabilities, please report them responsibly.
Send security-related bugs or vulnerabilities to: [email protected] You can encrypt your email using our public PGP key: 
Public key fingerprint: 1299 28C1 E79F E011 6DA4 C80F 8DB7 FD0F 61E6 ED76

Contributions

Muun is currently not accepting contributions in PR form due to team size and development workflow constraints. However, feedback and suggestions for improvements are always welcome.
While we cannot accept traditional pull requests, the team values:
  • Bug reports and issue submissions
  • Feature suggestions and feedback
  • Security vulnerability reports
External contributions have been included in the past, just not through the traditional “accept and merge” PR process.
Language translation contributions cannot be accepted at this time.

Build docs developers (and LLMs) love

Get started for freeTalk to us