Private keys are often held unencrypted on-disk via "wallet.dat", environment variables, or browser storage. This is secure as long as a user's hard drive cannot be read by a bad actor. However, we assume bad actors can read the hard drive. Silk doesn't stop at that assumption. It also assumes malware can install keyloggers, read users' RAM, and change transaction confirmation displays. The measures it takes to defend against these attacks makes it among the most secure wallets.

Silk splits the private key between the user and a noncustodial server which can't see the private key but rather has a random value needed to sign. An attacker must compromise both devices to learn the private key.