Sudo
← Back to blog
Company

Hello, Sudo: Why your next messenger is your wallet

A founder's note on why we built a wallet-native Web3 messenger — non-custodial messaging, native crypto payments, on-chain escrow, pair-to-earn mining and smart-contract groups, all wired to a single identity: your wallet.

Aman Verma@amanv.sudo··9 min read
Premium gold-and-black render of a phone showing the Sudo chat app with a wallet-to-wallet payment in a chat bubble, next to an Ethereum hexagon wallet — Hello Sudo cover image.

Picture this: you spent two years building a Discord server. Twelve thousand members. The kind of community where someone drops alpha at 3 AM and three people show up before sunrise to bounce ideas. One Tuesday morning you wake up to a banner. Server suspended pending review. No reply for nine days. By the time anyone answers, half your community has migrated to three different Telegram groups, none of which talk to each other.

Or: you onboard a freelance client over WhatsApp. You ship the work. They ghost. WhatsApp has no escrow, no record, no way to settle. The $4,000 invoice becomes a story you tell over drinks.

Or: you join a DAO. The treasury sits on a Safe across one chain. The proposal lives on Snapshot. The discussion is on Discord. The voting is on Tally. The execution is somewhere else. Five tools, five logins, five identities. The friction quietly kills participation.

These aren't bugs in the tools. They are features of a model that was never designed for the kind of network we actually live in now. Your wallet has become your handle, your bank, your passport. And yet you still send it messages through systems whose only relationship with crypto is that they're scared of it.

That's the gap Sudo fills.

We started with a stubborn question

When we started Sudo Labs in 2023, the question we kept coming back to wasn't "what's missing from Web2 messengers?" — that's been written a thousand times. The question was much harder.

What does a messenger look like if your wallet was the first user, not the eighth integration?

We mean this literally. Sign-in: no email, no phone number — just a Sign-In With Ethereum signature. Your contacts: the wallets you've actually transacted with, plus the .sudo subnames you've minted. Your handle: portable, ownable, censorship-resistant. Your messages: end-to-end encrypted with libsignal and MLS. Your payments: native, not a "share QR" workaround. Your disputes: resolved by on-chain validators, not a support email.

When you flip every single primitive of a messenger to be wallet-first, the experience stops feeling like "Telegram, but with crypto" and starts feeling like something genuinely different. Familiar enough that you don't need a tutorial, but with affordances Web2 messengers physically can't offer.

Three hexagonal wallet nodes connected by a triangular constellation of gold light, representing wallet-as-identity in the Sudo network.
Wallet-as-identity: three subnames forming a small Sudo network.

Why this is the right moment

A few things converged in the last 24 months that make 2026 the right year to ship a wallet-native messenger, and 2018 the wrong one.

1. Wallets are good now. Hardware wallets are mainstream. Account abstraction (ERC-4337) means smart wallets can sponsor gas, batch operations, and recover from social signers. The user no longer has to write down a twelve-word seed phrase to use crypto. Onboarding finally looks like onboarding.

2. Encryption shipped. The libsignal protocol is battle-tested across a billion devices. MLS (Messaging Layer Security, RFC 9420) gives us forward-secret group encryption that scales to thousands of members without quadratic re-key cost. We don't have to invent anything cryptographic — we just have to wire it correctly. And we publish the wiring so anyone can audit it.

3. L2s made micropayments real. Sending a cent of value used to cost a dollar of gas. On Base, Optimism, and Arbitrum, it costs less than the tip on a restaurant bill. That moves tipping, splitting expenses, and pair-to-earn mining from interesting demos to actual workflows people use every day.

4. The DAO experiment grew up. Communities now run treasuries, ship products, and pay contributors entirely on-chain. They need messaging tools that can read those contracts natively, not screen-scrape Etherscan into a Discord embed.

5. Regulation got clearer (in some places). MiCA in the EU, the UK's FCA registrations, Singapore's MAS payment-service licences — clearer rails for non-custodial software make it possible to ship globally without crossing wires with custody regulations we were never trying to operate under.

The materials are all there. Someone just had to assemble them in the right order, with the right defaults, and ship it.

What Sudo actually does

Sudo is a non-custodial Web3 messenger that combines six things most "crypto messengers" try to bolt on later:

  • Identity. Your wallet is your handle. Mint a .sudo subname (yours.sudo, vitalik.sudo) for a memorable, portable identifier — you own it on-chain, you can move it between wallets, you can never lose it because the registry isn't a server we run.
  • End-to-end encrypted messaging. Direct messages with libsignal; group chats with MLS for forward-secret group keys. We can't read your DMs. If someone took a snapshot of our database, they would get who-talked-to-whom timing metadata at most — never message contents.
  • Native crypto payments. Send any ERC-20 inside a chat the same way you'd send a sticker. The transaction settles in seconds on whatever chain the recipient prefers. Hardware-wallet signing on every platform. See /payments for the supported networks.
  • On-chain escrow. Two parties, a milestone, a stake. If the work ships, the funds release. If it doesn't, an anonymous panel of staked validators settles the dispute on-chain. We have no role in the decision and no power to reverse it. See /escrow for the full state machine.
  • Pair-to-earn mining. Every two-sided conversation — a DM with a reply, a sustained group thread, a reaction in a channel — earns a pair score. The protocol mints SUDO to active participants proportional to that score. Bots cannot game it because the score is weighted by your reputation graph, not by address count. See /mining for the math.
  • Smart-contract groups. A group can be gated by any on-chain condition you can express in Solidity: hold this NFT, stake this token, attend this event, sign this attestation. The membership list is recomputed every time the contract state changes. See /smart-groups.

Each of these is, on its own, a substantial product. The thesis of Sudo is that they are worth meaningfully more together than apart — because the same wallet that says hello to you in a group is the same wallet that pays you, signs the escrow, and votes on the dispute. Identity coherence is the unlock.

Three "aha" moments worth describing in detail

Let me walk through three scenarios where Sudo feels different from what came before. None of these are hypotheticals — people are doing each of them on the testnet today, and the mainnet beta is rolling out now.

Maya is a freelance designer. A founder DMs her on Sudo. They negotiate: $1,800 USDC, split across three milestones — sketches, refined direction, final files. They open an escrow card inside the chat. Maya stakes nothing; the founder funds the full amount upfront. Each milestone is its own button: Release, Dispute, Extend. As Maya hits a milestone, the founder taps Release and the funds hit Maya's wallet — same chat, same scroll position, no Stripe dashboard, no PayPal "holding period."

When the founder asks for "one more revision" outside the original scope, Maya tags the cost. The founder funds the increment. The escrow card updates inline. There is never a moment where Maya is chasing email threads to figure out what was paid for what. The chat is the record.

If they had disagreed about the final files? Tap Dispute. A panel of five anonymous validators forms within an hour, picked via on-chain VRF. Each one stakes SUDO before voting. They commit-reveal their verdict. The majority wins. The funds release accordingly. Maya never knows who they were. Neither does the founder. (Neither do we — we don't run the panel and we don't see the votes until they're posted on-chain.)

A DAO working group ships a research grant

The Stargazers DAO has a treasury on Base. They want to fund a research project. They use a smart-contract group whose membership is "everyone who held our governance token for 30 or more days." The group has a treasury subaccount that can be triggered only by a 3-of-5 multisig of working-group leads.

A contributor proposes the project inside the group chat. People discuss in thread. When the working-group leads agree, they hit Sign payout inside the chat. Hardware wallets bleep on their desks. The treasury releases the funds. The chat shows the transaction hash and the recipient address. Every member can audit the entire history later from any block explorer.

No Snapshot tab. No Discord vote thread. No "where's the link to the Notion doc." The decision, the discussion, and the execution all happen on the same surface, in front of the same audience, against the same on-chain state.

An anon journalist gets paid for an investigation

Sina is an investigative journalist who covers on-chain fraud. She doesn't want her real name attached to her reporting. She mints sina.sudo and uses it to publish to a channel. Readers tip her in any ERC-20 directly to her wallet — no Substack take, no Stripe KYC flow, no risk of getting deplatformed for naming the wrong VC.

When a source wants to whistleblow, they DM her wallet. The conversation is end-to-end encrypted. The first DM from a brand-new wallet costs a tiny refundable gas-only stake — enough to make spam uneconomic, not enough to gatekeep real sources. Sina never sees the source's real identity unless they choose to reveal it. If she ever loses her phone, she recovers her .sudo subname from any device with the same wallet — her audience and her inbox come with her.

How we earn trust

We know "trust us" is the worst thing you can say in crypto. So here is how Sudo earns it, in increasing order of cost:

  1. Open source. The clients, the relay, the smart contracts, the validator software — all on GitHub. You can read every line. You can fork it. You can run your own relay if you don't trust ours. The links live at github.com/Sudomessenger.
  2. Audits. Five firm audits passed so far across the contract suite. New audits on every major release. Every report is published in full — not a marketing summary. See /audits for the PDFs and the open follow-ups.
  3. Bug bounty. Up to $250,000 per critical finding via Immunefi. We have already paid out across smart contracts, clients, and the relay. See /security for the scope.
  4. On-chain accountability. Every validator vote, every slashing event, every mining payout is posted on-chain. Anyone can replay the math. We have no special view of the system that you don't.
  5. Non-custodial. We hold zero user funds. Ever. Not in transit, not at rest, not "for your protection." If Sudo Labs disappeared tomorrow, your wallet, your messages on-device, your subname, and your SUDO balance would all keep working — because none of them depend on us being alive.

And a sixth, hardest one:

The clear ledger of what we won't do. We will not introduce a custodial mode "just for new users." We will not lend out idle funds. We will not run a stablecoin off our balance sheet. We will not put ads in the chat surface. We will not collect off-chain behavioural data to sell. Anything that requires us to be trusted more than we already are, we won't ship.

What's shipping next

This is the first blog post on a long roadmap. Some of what we're working on for the next quarter:

  • MLS group performance. Today, MLS groups peak around 500 active members per chat with acceptable rekey costs. We are targeting 5,000 with a new commit-batching scheme.
  • Stealth pay. Generalised stealth addresses for one-off receivers, so a tip on a public channel doesn't expose the recipient's main wallet to chain analysis.
  • Mobile widget for validator dashboards. Voted #1 in the last feedback round — every release we ship the top three.
  • Cross-chain identity bridging. Your .sudo on Base also resolves on Optimism, Arbitrum, and Polygon by Q3, with deterministic owner-controlled migration.
  • Cover-traffic mode (opt-in). For high-risk users in adversarial environments, the client emits decoy messages on a constant schedule so an observer can't infer activity from message timing.
  • First-party validator hosting. A one-click validator runtime for non-sysadmin token holders who want to stake and participate without spinning up infra. See /validators for the current operator playbook.

We'll publish updates here as each one ships. The whitepaper has the full multi-year horizon if you want to see further than the next three months.

How to get started

If you've read this far, you're our target audience. Here's the shortest path to your first conversation on Sudo:

  1. Download Sudo for your platform — desktop apps for macOS, Windows, and Linux; native iOS and Android; or just open web.sudochat.app in any modern browser.
  2. Sign in with your wallet. SIWE signature, no email, no password.
  3. Optional but recommended: mint a .sudo subname so people can find you as yourname.sudo instead of 0x12…a4. Costs a few dollars in gas, lasts forever.
  4. DM the wallet of someone you already know. Watch the mining counter tick up in your sidebar as you both engage.
  5. If you build, skim the developer docs. Our SDKs are TypeScript, Swift, and Kotlin first-party.

We'll be honest: it will feel slightly weird the first 24 hours. Wallet-native messaging is new enough that your muscle memory will keep reaching for the "find by phone number" pattern that doesn't exist here. Give it a week. The wallet-as-handle pattern stops feeling alien very quickly, and once it clicks, going back to a Web2 messenger feels like using an inbox that doesn't remember who you are.

One last thing

Six years ago, the idea that anyone would carry a wallet on their phone with five-figure balances in it would have sounded reckless. Today, hundreds of millions of people do. The infrastructure caught up with the ambition.

The messaging layer is the last big surface that hasn't. Sudo is our attempt to fix that — not by tacking crypto onto a messenger, but by starting from the wallet and building outward.

Thanks for reading. If anything in here resonated — or if you think we're wrong about something — we read every message on /feedback. The features SUDO holders upvote are the ones we ship. That's a promise we've held to since v0.

See you in the chat.

Aman Verma, on behalf of the Sudo Labs team

Mainnet beta · April 2026

Keep reading

More from the Sudo blog

Product

Buy any domain on Sudo in 3 steps: search, select, pay with any crypto — no KYC

A complete walkthrough of buying any TLD — .com, .io, .xyz, .ai, .eth, .sudo and more — inside Sudo Messenger. Three steps, any ERC-20, no KYC, no card, the domain lands in your wallet on-chain.

May 28, 2026 · 10 min read

Security

Sudo's threat model: what we actually defend against

Every secure messenger has a threat model. Most do not share theirs. This is ours — what we defend against, what we do not, and where we draw the line.

May 18, 2026 · 16 min read

Security

The reputation graph that keeps farmer rings out of Sudo mining

Pair-to-earn mining is profitable. That makes it a target. We built a wallet reputation graph that scores conversations for authenticity — here is how it stays one step ahead of sybil farmers without snooping on real users.

May 18, 2026 · 14 min read

Keep exploring Sudo

Where this post fits on the Sudo map

Hand-picked next reads from across the Sudo stack — pick whichever surface you want to learn about next.

Subscribe

Get the next post in your wallet.

Download SudoNewsroom