Skip to main content
Security is a fundamental aspect of the WalletConnect architecture. The infrastructure has undergone multiple rounds of third-party security reviews, audits, penetration testing, and threat modeling to ensure the highest standards of protection. Security is viewed as a continuously evolving discipline, with regular system audits to identify and address potential vulnerabilities.

Wallet SDK

Architecture

The Wallet SDK provides an end-to-end encrypted solution for wallets to connect to applications and sign messages/transactions. As an open-source SDK, it supports multiple transport methods, from WebSockets to Universal Links.

Handshake & End-to-End Encryption

For a detailed overview of the handshake and end-to-end encryption protocol, refer to the technical specification.

Audits

The Wallet SDK, including its encryption stack, was audited by Trail of Bits. The audit report is available here. This comprehensive security review covered the source code and included a lightweight Threat Model covering upstream and downstream dependencies. The broader WalletConnect system underwent Threat Modeling by Spearbit. The threat model is available here.

Dependencies

The Wallet SDK’s design philosophy prioritizes minimizing third-party dependencies to reduce the attack surface area.

Third-Party Reviews

The security infrastructure of WalletConnect has undergone multiple rounds of audits by independent security auditing firms, including Trail of Bits, Halborn, and Spearbit.
Audit ScopeAuditorReport
WalletConnect Comprehensive Threat ModelSpearbitView Report
Wallet SDK Security Review & Lightweight Threat ModelTrail of BitsView Report

Bug Bounty Program

WalletConnect maintains an active bug bounty program to encourage security researchers to responsibly disclose vulnerabilities and help strengthen the systems. For more information, visit the security page.

Get in Touch

For security-related inquiries, please visit the security contact page.