Buying Crypto Inside SSP: The Aggregator Engine Explained

·6 min read·By SSP Editorial Team
SSP Academy cover: buying crypto inside SSP and how the aggregator engine works

Buying Crypto Inside SSP: The Aggregator Engine Explained

When you tap Buy / Sell in SSP, you are not buying crypto from SSP. SSP does not sell you anything, does not take your card details, and does not hold your money for a moment. What actually happens is more interesting, and understanding it tells you exactly where your trust is going.

This guide walks the on-ramp end to end: what the button does, who the counterparty really is, and the one cryptographic trick SSP uses to make sure the coins you buy can only ever land in your wallet.

The button, step by step

From the main wallet screen, Buy / Sell opens a modal. Before anything loads, you get a consent screen asking you to acknowledge the risks of using a third-party service. That gate is deliberate: everything past it is somebody else's regulated checkout, not SSP's.

Accept, and the wallet loads a provider widget directly inside the extension. You do not get bounced out to a website. The purchase flow — choosing a fiat currency, a payment method, entering your details — happens in that embedded panel, and when it completes the crypto is delivered on-chain to your SSP address.

Who you are actually buying from

The widget is Onramper, and Onramper is itself an aggregator. It does not sell you crypto either. It aggregates a roster of regulated fiat on-ramp providers, compares them for the currency, asset, and payment method you picked, and routes your purchase to one of them.

So the chain of counterparties looks like this:

You → Onramper (aggregator) → a regulated fiat provider → the blockchain → your SSP address.

That layering matters for three practical reasons:

  • KYC belongs to the provider, not to SSP. When the widget asks for your identity documents, that request comes from the regulated business processing the payment. SSP never receives, stores, or sees any of it.
  • Availability is the provider's, not SSP's. Which countries, which fiat currencies, which payment methods, and which assets are on offer is decided by the provider roster and their licences. Two people opening the same screen in different countries can see different options. (There is a whole article in this series on that — see the coverage guide.)
  • Price is the provider's. The rate you're quoted includes their spread and their fees on top of the market rate. SSP does not set it and does not take a cut of it.

What SSP does provide is the plumbing — and one very specific piece of security.

The part that protects you: a signed destination address

Here is the failure mode any embedded payment widget should worry about. The widget is told where to deliver the coins. If an attacker could tamper with that destination — rewrite it in the URL, inject it into the frame — you would pay real money and the crypto would land in their wallet. You'd have bought someone else a coin.

SSP closes that hole cryptographically. Before the widget loads, the wallet sends your network and receiving address to SSP Relay, which signs them with an HMAC-SHA256 signature using a secret shared with Onramper. The signed payload — effectively networkWallets=<network>:<your address> — is handed to the widget along with the signature.

The result: the destination address is authenticated. The widget will only pay out to the address that was signed. A tampered address doesn't carry a valid signature, and the purchase won't settle to it. SSP Relay never sees your keys — it signs a public receiving address, which is not a secret and grants no spending power to anyone.

This is worth internalising because it inverts the usual advice. With most "buy crypto" flows, you paste a destination address and triple-check it yourself. Here, the wallet asserts the address for you and proves it wasn't altered in transit.

What SSP never touches

It's a short list, and it's the important one:

  • Your keys and seed. Never leave your devices. The on-ramp does not need them and cannot ask for them. Any "buy" flow that asks for your seed phrase is a phishing attempt, full stop.
  • Your card and bank details. Collected by the regulated provider inside their own checkout.
  • Your identity documents. Same.
  • Custody of the coins after delivery. Once the provider broadcasts, the asset is in your address, under your 2-of-2 multisig. Nobody — not SSP, not Onramper, not the provider — can move it without both of your devices signing.

Notice what's absent from that list: at no point do you sign a transaction to buy. Buying is an inbound transfer. Your signatures aren't required, because nothing is leaving your wallet. That changes on the sell side, and it's the first thing the next article in this series covers.

Before you buy: the short checklist

  • Check the network, not just the ticker. You are buying an asset on a chain. Buying USDC on one network and expecting it on another is the classic way to end up staring at an empty balance. The widget is scoped to the chain you had selected in the wallet — make sure that's the chain you actually want.
  • Read the quoted total. Provider spread and fees are baked into the rate. The number to compare is how much crypto actually lands, not the headline rate.
  • Expect KYC, and expect it to vary. A card purchase in one country may be instant; a bank transfer in another may take days and more documents. That's the provider's process.
  • Start small on a new payment method. The first purchase through any new rail is the one that surfaces surprises. A small test buy costs you a little spread and buys you certainty.
  • Confirm the coins arrived in the wallet, not just in the widget. The widget saying "success" means the payment cleared. The asset is yours when it's confirmed on-chain in your address.

Where this fits

Buying is the easy direction: money in, coins out, no signatures, no custody hand-off after delivery. The other two flows in this series are meaningfully different — selling means signing crypto out to a provider and waiting for fiat, and the in-wallet swap hands your funds to a centralized exchanger in flight. Both put something of yours in someone else's hands for a while. The on-ramp, uniquely, does not.

For the wider picture of how buy, sell, and swap relate to each other, start with the overview in Swapping Crypto from SSP. For the mechanics of what happens once the coins are in your wallet, see Sending Bitcoin with SSP.

Share this article

Related articles