diff --git a/.gitmodules b/.gitmodules
index 32dd66c7d..2e18185b0 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -188,3 +188,8 @@
 	url = https://github.com/status-im/nimbus-security-resources.git
 	ignore = dirty
 	branch = master
+[submodule "vendor/nim-normalize"]
+	path = vendor/nim-normalize
+	url = https://github.com/nitely/nim-normalize.git
+	ignore = dirty
+	branch = master
diff --git a/beacon_chain.nimble b/beacon_chain.nimble
index bc900376f..b2990cbaf 100644
--- a/beacon_chain.nimble
+++ b/beacon_chain.nimble
@@ -29,10 +29,12 @@ requires "nim >= 0.19.0",
   "libp2p",
   "metrics",
   "nimcrypto",
+  "normalize",
   "serialization",
   "stew",
   "testutils",
   "prompt",
+  "unicodedb",
   "web3",
   "yaml"
 
diff --git a/beacon_chain/conf.nim b/beacon_chain/conf.nim
index 78528c979..2ed9258b8 100644
--- a/beacon_chain/conf.nim
+++ b/beacon_chain/conf.nim
@@ -1,9 +1,10 @@
 {.push raises: [Defect].}
 
 import
-  os, options,
+  os, options, unicode,
   chronicles, chronicles/options as chroniclesOptions,
   confutils, confutils/defs, confutils/std/net, stew/shims/net as stewNet,
+  unicodedb/properties, normalize,
   json_serialization, web3/[ethtypes, confutils_defs],
   spec/[crypto, keystore, digest, datatypes, network], network_metadata,
   stew/io2
@@ -458,13 +459,27 @@ func parseCmdArg*(T: type GraffitiBytes, input: TaintedString): T
 func completeCmdArg*(T: type GraffitiBytes, input: TaintedString): seq[string] =
   return @[]
 
+proc isPrintable(rune: Rune): bool =
+  # This can be eventually replaced by the `unicodeplus` package, but a single
+  # proc does not justify the extra dependencies at the moment:
+  # https://github.com/nitely/nim-unicodeplus
+  # https://github.com/nitely/nim-segmentation
+  rune == Rune(0x20) or unicodeCategory(rune) notin ctgC+ctgZ
+
 func parseCmdArg*(T: type WalletName, input: TaintedString): T
                  {.raises: [ValueError, Defect].} =
   if input.len == 0:
     raise newException(ValueError, "The wallet name should not be empty")
   if input[0] == '_':
     raise newException(ValueError, "The wallet name should not start with an underscore")
-  return T(input)
+  for rune in runes(input.string):
+    if not rune.isPrintable:
+      raise newException(ValueError, "The wallet name should consist only of printable characters")
+
+  # From the Unicode Normalization FAQ (https://unicode.org/faq/normalization.html):
+  # NFKC is the preferred form for identifiers, especially where there are security concerns
+  # (see UTR #36 http://www.unicode.org/reports/tr36/)
+  return T(toNFKC(input))
 
 func completeCmdArg*(T: type WalletName, input: TaintedString): seq[string] =
   return @[]
diff --git a/vendor/nim-normalize b/vendor/nim-normalize
new file mode 160000
index 000000000..db9a74ad6
--- /dev/null
+++ b/vendor/nim-normalize
@@ -0,0 +1 @@
+Subproject commit db9a74ad6a301f991c477fc2d90894957f640654