All Projects

Frak Labs

In Production

On-chain reward infrastructure and a seedless smart wallet for e-commerce and content

Role: Co-founder & CTO Period: 2022 - present
Daily wallet loads
100k+
Infra cost
-85%
Wallet CI (cached)
9min → 2min
Onboarding
Seedless, biometric
ERC-4337 WebAuthn Kubernetes Bun Elysia TanStack Foundry Tauri frak.id Wallet

What Frak is

Frak is an on-chain reward and referral platform: brands run campaigns where users get paid in tokens for actions like sharing a product or referring a friend, settled automatically through smart contracts on Arbitrum. The catch with any “pay users in crypto” product is the onboarding wall: nobody installing a Shopify plugin wants to explain seed phrases to their customers. Frak’s whole technical bet is removing that wall, then embedding the result cheaply enough that merchants don’t notice the cost.

I’m co-founder and CTO. I own everything technical: architecture, the wallet, the chain layer, the backend, the infra, and the team building all of it.

The wallet

The core product is a self-custodial smart wallet built on ERC-4337 account abstraction with WebAuthn (passkey) signing instead of a seed phrase. Users authenticate with their device’s biometrics; a P256 signature validates the user operation on-chain through a Kernel-based smart account, so there’s no private key for anyone to lose, write down, or phish. We built on and contributed back to the ZeroDev Kernel and Pimlico’s permissionless.js to get there.

Once the wallet holds value, it needs to leave the crypto bubble. We integrated Monerium, a licensed e-money institution, to give the smart account a real SEPA-reachable IBAN: a backend-free OAuth2 + PKCE connect flow, ERC-1271 wallet linking, delegated KYC, and a signed EURe redeem off-ramp. Users can move from on-chain rewards to euros in their bank account without us touching a compliance license.

The blockchain layer

Reward logic, referral tracking, and campaign accounting live in Solidity contracts across 8 master contracts and multiple factories. We moved our contract tooling from Hardhat to Foundry early on for faster, more reliable testing, and gas optimization has stayed a constant discipline (I’ve placed #2 globally in a gas-golfing competition, which is more than a flex: it’s the same skill that keeps user operations cheap to sponsor).

Backend, SDK, and the embeddable wallet

The backend runs on Bun and Elysia. The part merchants actually integrate is the SDK plus a listener iframe that mounts the wallet UI on their storefront. That iframe is a guest on someone else’s page, loading on hundreds of thousands of partner pageviews a day where the vast majority never trigger any wallet UI, so its cost had to round down to nearly zero. We rebuilt it around a “ring architecture”: a 3-chunk eager bundle for the RPC bridge, with everything else (Preact, the modal, the sharing flow) split into lazy chunks the SDK preloads speculatively. Combined with an earlier pass that cut the wallet bundle by 30%, this is what keeps the embed invisible on partner sites’ load times.

The wallet itself also ships as a native mobile app via Tauri (React + Rust), including a from-scratch native WebAuthn plugin for iOS and Android so passkeys work outside the browser.

E-commerce integrations

Frak plugs into the platforms merchants already run: a Shopify app (storefront banner, product-page share button, and a post-purchase checkout extension, unified under one merchant-owned translation source across four different runtimes), and a WordPress/WooCommerce plugin built to add near-zero overhead to every page load, with webhook delivery delegated to WooCommerce’s native pipeline rather than a hand-rolled dispatcher.

Infrastructure

Infrastructure went through a real evolution: AWS Lambda serverless, to SST-managed infrastructure, to a self-hosted Kubernetes platform on Hetzner, cutting infrastructure costs by 85%. On top of that we run our own CI: in-cluster GitHub Actions runners, BuildKit over mTLS, and a shared registry cache, which took the wallet’s deploy pipeline from a 9-minute build down to a 4-minute cold run and 2-minute cached run.

My role

I’ve been technical lead since day one: architecture decisions across the wallet, contracts, backend, and infra; hiring and leading the engineering team; and staying hands-on in the codebase, from WebAuthn validator internals to the Kubernetes platform underneath everything.

Articles About This Project

A Bank Account for a Smart Contract: Wiring Monerium Into a Self-Custodial Wallet

Why we plugged the wallet straight into a regulated e-money issuer instead of building our own rails, and how the integration actually works: browser-side OAuth2 with PKCE, an nginx proxy that defeats a broken CORS preflight, ERC-1271 address linking, delegated KYC, and a signed SEPA off-ramp

How we gave Frak's self-custodial smart-account wallet a real IBAN by integrating Monerium, a licensed e-money institution: a backend-free OAuth2 + PKCE connect flow, token refresh coalescing, an nginx CORS workaround for Tauri, ERC-1271 wallet linking with deploy-before-sign, fully delegated KYC, and a signed EURe redeem off-ramp.

Monerium Stablecoins OAuth2 PKCE Account Abstraction EURe Fintech
18 min read

One Translation Source for a Shopify App That Renders in Four Different Runtimes

Why we moved merchant-editable text out of metafields and into a merchant-owned metaobject, how a three-tier Liquid cascade resolves it, and the self-healing sync that never overwrites a merchant's edits

How we localized Frak's Shopify app across a storefront banner, a product-page share button, and a post-purchase checkout card (three runtimes reading two different Shopify APIs) by making a single merchant-owned frak_i18n metaobject the source of truth, wired into Shopify's native Translate & Adapt.

Shopify Internationalization Metaobjects Liquid GraphQL React Router Checkout Extensions
11 min read

From 9 Minutes to 2: Rebuilding the Wallet's CI on Our Own Platform

Killing Dockerfile.base, sharing cache mounts across six images, and what really moves the needle in Docker build pipelines

How the wallet's deploy pipeline went from a 9-minute build to a 4-minute cold run and 2-minute cached run by killing a monolithic Dockerfile.base, moving BuildKit in-cluster, wiring a Zot registry cache, and sharing apt + bun caches across six images.

CI GitHub Actions Docker BuildKit Kubernetes Performance Monorepo
17 min read

Bringing CI Back Home: A Hetzner Platform for the Frak Stack

In-cluster GitHub runners, mTLS BuildKit, an OCI cache nobody pays egress for, and the pulumi-Bun saga

How we stood up a Hetzner-based platform (ARC runners, remote BuildKit over mTLS, an in-cluster Zot OCI registry, a Verdaccio NPM mirror, and a Kyverno policy that rewrites every pod's NPM_REGISTRY), and what we'd do differently after fighting Pulumi for two days.

Kubernetes Hetzner GitHub Actions ARC BuildKit Pulumi SST Self-hosting DevOps
20 min read

The Ring Architecture: Shipping a Wallet That Costs Almost Nothing to Embed

Preact, vanilla-TS bootstraps, headless RPC, and the discipline of a 3-chunk eager bundle

How we redesigned the listener iframe's boot so partner websites pay a 3-chunk price for our wallet on first paint, then preload the rest lazily: by migrating from React to Preact, splitting the app into eager and lazy rings, and teaching the SDK to predict which lazy chunks to fetch.

Frontend Performance Preact React Vite Rolldown Code Splitting SDK
20 min read

Rich Share Sheets in a Tauri Mobile App (Without the Usual Compromises)

Typed activity items on iOS, FileProvider thumbnails on Android, and a 2-second race against the share sheet

How we built a native Tauri share plugin for iOS and Android that surfaces proper URL cards, LPLinkMetadata preview tiles, and FileProvider-backed thumbnails, with a bounded image race so the share sheet never stalls.

Tauri Mobile iOS Android FileProvider LPLinkMetadata UIActivityViewController Rust Kotlin Swift
14 min read

A Tauri Plugin That Survives an App Uninstall: Passkey Continuity on iOS and Android

iCloud KV + Keychain on iOS, Google Block Store + SharedPreferences on Android, and never storing anything sensitive

How we shipped a cross-platform Tauri plugin that persists a tiny recovery hint through app uninstalls and new-device setups, without ever touching a private key. A tour through NSUbiquitousKeyValueStore, iCloud Keychain, Google Block Store, and Android Auto Backup.

Tauri Mobile iOS Android WebAuthn Passkey Keychain BlockStore Rust Kotlin Swift
14 min read

A WordPress Plugin That Doesn't Tank Your Store's Performance

Context-aware bootstrapping, manifest-based block registration, delegating webhooks to WooCommerce's native pipeline, and deleting every line of code we didn't need

How we shipped a production WordPress + WooCommerce plugin that loads almost nothing per request, registers three Gutenberg blocks without scanning the disk, and offloads webhook delivery to WooCommerce's native engine with fingerprint-based orphan adoption.

WordPress WooCommerce PHP Performance Gutenberg Webhooks CI/CD
15 min read

Working on Something Similar?

Curious about the technical details, or have a similar challenge? Reach out.

Book a call