Building a Secure Self-Custody Ecosystem, With and for Our Community
Note: the results of the latest security audits are available below. Please see the “Security audits” section.
Security is the foundation of what we do at Trust Wallet. With the trust of over 60 million users worldwide, we take a proactive approach to security that keeps your assets safe and in your control.
Our mission is to build a seamless Web3 gateway and open ecosystem that enables a secure and decentralized world. From state-of-the-art encryption and security to an entire team centered on helping people worldwide navigate Web3 safely, your security in this space is our top priority.
In this article, we’ll highlight different ways we help keep your crypto assets and Web3 experience safe.
- Why does Trust Wallet focus so heavily on security?
- Security audits
- State-of-the-art encryption & security
- In-app security notifications
- Built-in protection against unauthorised access
- Vulnerability disclosure policies that keep you safe
- A securely integrated app experience
- Easy access to our support team
- Trust Wallet Security Scanner
- Secure private key management & backup
- Hardware Wallet Support
- Additional security guides
Your security when it comes to Web3 is our top priority. And while Web3 promises to bring increased financial freedom and complete ownership of your data and assets, it’s also subject to many external threats. We understand that people need as much support as possible to keep their assets safe and to feel comfortable exploring the decentralized web.
That’s why security is at the core of everything we do here at Trust Wallet. Not only do we want you to enjoy seamless access to everything crypto and Web3 have to offer, we also want you to participate in this space safely. Our approach to security is proactive, multi-faceted, and includes everything from industry-leading encryption in all our products all the way to one-to-one communication with our users when required.
Below we’ll describe multiple ways we approach security so you get a better understanding of why your assets and experience on Trust Wallet are secure.
At Trust Wallet, we put a strong emphasis on security and keeping our community informed. We collaborate with top security specialists, including our internal security teams as well as reputable third-party auditing firms, to perform frequent audits on our application and infrastructure. This ensures that everyone who uses Trust Wallet can have confidence in the safety and dependability of our products.
We make significant investments in our protocols and our team of security experts who carry out over 30 audits annually, encompassing both the application and infrastructure aspects. Through these regular security audits, we’re able to quickly identify and remediate any potential vulnerabilities before they can be exploited.
Be sure to check back regularly as we share periodic security audits:
- Browser Extension Security Audit Report conducted by Cure53 – April 2023 – View Report
- Browser Extension Security Audit Report conducted by Certik – February 2023 – View Report
The technology that powers Trust Wallet was developed with industry-leading encryption and security at its core. We’re constantly upgrading Trust Wallet to stay ahead of any threats and to keep your Web3 experience as safe as possible.
Your private keys are strongly encrypted with an AES algorithm and they are also securely stored on your device. The passcode you set for Trust Wallet on your mobile device is strongly hashed before being saved to your device and is stored in a tamper-proof key store. Additionally, while using any of our wallet products, your wallet password and private keys never leave your device and are never sent over the internet or exposed to third parties.
We constantly monitor threats in the crypto ecosystem that potentially may impact our users. When required, we send push notifications to the Trust Wallet mobile app and to the Trust Wallet Browser Extension. Depending on the issue’s urgency, we’ll also include specific instructions, links to guides, and our contact information so you know exactly what to do.
For example, a notification within the Trust Wallet Browser Extension may look something like this:
Similarly, we periodically send security notifications, alerts and warnings to Trust Wallet Mobile App users. These notifications take various forms including direct in-app warnings, banner noficitaions on your mobile device, and others as needed. You might see a notication such as this one:
And you may also see banner nofications on your mobile device, browser banner nofications, and others as required.
We encourage you to allow notifications on your mobile device for Trust Wallet, as well as notifications on your desktop browser so you never miss an important Trust Wallet update or a critical security warning.
Security notifications we send are critical to follow right away in order to keep your assets safe. If you’re ever in doubt when you see a notification, we recommend that you do not to share it publicly on the internet (on Twitter or Discord for example) as this could lead to potentially harmful activity from bad actors, so in order to keep other users safe and to immediately reach out to our support team here.
Your security is our top priority. As part of our effort to keep your crypto and Web3 experience safe, Trust Wallet includes built-in features that help protect you against external threats and unauthorised access to your assets.
When you create a new wallet address using Trust Wallet you also generate a 12-word secret phrase that grants you, as the wallet owner, full access and control over the funds. This secret phrase secures the private key for each blockchain address associated with each wallet you create, and your private keys are strongly encrypted with an AES algorithm.
The Trust Wallet password or passcode you set is strongly hashed before being saved to your device, and is stored in a tamper-proof key store. Trust Wallet further takes advantage of your mobile device’s biometric security and we also strongly recommend you always turn on the Applock function and choose the Ask Authentication option for signing transactions.
Guides to enable Trust Wallet passcode protection on your mobile device:
Trust Wallet is an active contributor in the Web3 open-source community, for instance, through our work with Wallet Core, which you can read more about here. Our policy on disclosing vulnerabilities is one that puts the safety of users first. Reports on any vulnerabilities will be made available, as long as the vulnerability in question is remediated and any impacted users are secure.
With support for over 8+ million assets, 70+ blockchains, and various ways to explore Web3 directly in the app, we strive to make Trust Wallet your secure home for crypto. Not only can you safely store, send and receive millions of assets with Trust Wallet, you can also:
- Safely explore thousands of Web3 decentralized applications (dApps) using our integrated dApp browser
- Buy crypto directly within the app using a fiat payment method
- Stake crypto directly in the app
- Management all your digital assets including NFTs
All this is part of our larger effort to provide you a secure way to access everything Web3 has to offer.
At Trust Wallet we have an easy-to-access support team of real people who are always willing to help. We understand that the world of crypto can be confusing at times, so our support team is here to help with any questions you have.
The Trust Wallet Security Scanner operates in a proactive manner by assigning a risk level to each transaction and alerting users of any potential threats. These threats can include things like sending tokens to a malicious address, connecting to unsafe dApp and more.
The feature helps to protect from scams, and other risks that could result in a loss of funds. Through warning messages, users are given the freedom to make informed decisions about their transactions. The aim is to make the Web3 experience safer and more enjoyable for everyone.
The Security Scanner leverages multiple data points and trusted security partners to assess the risk associated with a transaction. Ultimately, it helps to protect from phishing scams, contributes to DeFi wallet security, and keeps your tokens secure. What’s more, this handy feature is integrated right into the Trust Wallet mobile app and doesn’t require any manual activation.
An example of the Trust Wallet Security Scanner warning you of a malicious dApp.
We are always looking for opportunities to make Web3 safer and more user-friendly. With our upcoming private key management solution, you’ll have additional options to back up your private key securely. This feature will help more users avoid any loss of funds due to mismanaged private key storage. We believe that security isn’t just about external threats, it’s also about improving the user experience.
The launch of our browser extension helped us bring a secure Web3 experience to more people than ever before. The introduction of hardware wallet support allows people to take advantage of Trust Wallet’s industry-leading security while being able to transfer assets to cold storage. Learn more here.
We encourage you to learn more about how you can keep your experience in Web3 secure using the below guides.
If you have any questions about Trust Wallet security, our platform, or anything else, please contact our support team and we’ll be happy to help.