diff --git a/Dockerfile b/Dockerfile
index 85c85d9..1301ca3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,11 @@ RUN pnpm build
 # syntax=docker/dockerfile:1
 
 FROM --platform=$BUILDPLATFORM golang:1.26-alpine AS builder
-RUN apk add --no-cache git ca-certificates
+# CGO toolchain — required by go-sqlite3 (mattn) so the wallet HTTP API
+# can open SQLite. Previously CGO=0 left the driver unregistered and
+# /v1/mpc/wallets returned 503; the workaround was seeding wallets into
+# TA's user_wallets table out-of-band.
+RUN apk add --no-cache git ca-certificates gcc musl-dev sqlite-dev linux-headers
 ENV GONOSUMDB=github.com/luxfi/*,github.com/hanzoai/*
 
 WORKDIR /app
@@ -22,10 +26,12 @@ COPY . .
 COPY --from=ui /ui/dist ./ui/dist/
 
 ENV GOEXPERIMENT=runtimesecret
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o mpcd ./cmd/mpcd
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o mpc  ./cmd/mpc
+RUN CGO_ENABLED=1 GOOS=linux go build -ldflags="-s -w -linkmode external -extldflags '-static'" -tags 'sqlite_omit_load_extension' -o mpcd ./cmd/mpcd
+RUN CGO_ENABLED=1 GOOS=linux go build -ldflags="-s -w -linkmode external -extldflags '-static'" -tags 'sqlite_omit_load_extension' -o mpc  ./cmd/mpc
 
 FROM alpine:3.21
+# Runtime — statically linked binaries above don't need shared libs, but
+# keep ca-certificates + tzdata for HTTPS + log timestamps.
 RUN apk add --no-cache ca-certificates tzdata
 COPY --from=builder /app/mpcd /usr/local/bin/mpcd
 COPY --from=builder /app/mpc  /usr/local/bin/mpc
diff --git a/go.sum b/go.sum
index 8b74708..d27a4f2 100644
--- a/go.sum
+++ b/go.sum
@@ -897,8 +897,8 @@ github.com/luxfi/crypto v1.17.45 h1:uGK0y4+aLipE/M0YIQ5hcsWv0ZG0E4cPv03a94K/eLE=
 github.com/luxfi/crypto v1.17.45/go.mod h1:GnAkhQ7HNs3X0Tzx5nOONS3kl0yRmWHbDcRO5ffILsg=
 github.com/luxfi/database v1.17.44 h1:hfiTls7sqbweW+o4iaZqB8P997paC+vpgWmhN6v5MJ0=
 github.com/luxfi/database v1.17.44/go.mod h1:6Ey5y3I0WNLHbxIlIdFqUuKfBg+b0fAgTA8FgRgQ8zg=
-github.com/luxfi/edwards25519 v0.1.0 h1:zuSrBtgV4NUiJ8dzzJiLU4o+A0AHGnztRLUvZ24mAYk=
-github.com/luxfi/edwards25519 v0.1.0/go.mod h1:tFuuyXvI+xqUoHz9pwC+kqsALCGHSO1SymL1NjCOmFM=
+github.com/luxfi/edwards25519 v0.1.0 h1:YPoT831TZMslvNyy/KuTtpHi4BGZWgpwak06RCaYLzo=
+github.com/luxfi/edwards25519 v0.1.0/go.mod h1:MBoV+bPEz1tSMADPMSUaYdZ+agY3syG8B6z7RmJBH0A=
 github.com/luxfi/fhe v1.7.7 h1:RP26i3CxvNy2y/3LKiJPgd9uR5MrlG/MvQnv5rkQFhk=
 github.com/luxfi/fhe v1.7.7/go.mod h1:FHfGNgKL5ZLcnKVKFVNLDJOBbQyQm5DGpVrMnY8ASJo=
 github.com/luxfi/geth v1.16.79 h1:MtP8ZUuSVZDjmZDa1kTJCl0PpG8+wGbQft652GO6a3A=