WalletConnect

2 min read

Pronunciation

[wol-it kuh-nekt]

Analogy

Think of WalletConnect as a secure digital valet service between your phone and computer. Imagine you're shopping online (using a dApp on your computer), but your credit card (private keys) is safely in your at home (mobile app). WalletConnect is like calling home and having someone check your purchase details on a secure line, show you exactly what you're buying, and getting your approval before the payment goes through—all without your credit card ever leaving the safety of your home.

Definition

An open-source that enables secure communication between decentralized applications (dApps) and wallets through QR code scanning or deep linking. WalletConnect allows users to interact with applications on one device (like a computer) while signing transactions using their on another device (like a mobile phone) without exposing private keys.

Key Points Intro

WalletConnect facilitates cross-device communication with several security-enhancing features.

Key Points

Device separation: Keeps private keys on your mobile device (typically more secure) while interacting with dApps on desktop or other platforms.

End-to-end encryption: All communication between the application and wallet is encrypted, preventing man-in-the-middle attacks.

Session-based: Creates temporary, secure connections that can be terminated at any time from the wallet side.

Cross-platform compatibility: Works across different operating systems, browsers, and wallet applications that implement the protocol.

Example

Michael wants to swap tokens on a decentralized exchange using his laptop. Instead of importing his to the browser, he clicks the "Connect " button and selects WalletConnect. A QR code appears on his screen, which he scans with his app. His phone now shows "Connected to DEX" and his appears on the website. When Michael initiates the swap on his laptop, a approval request appears on his phone, showing the exact details. After reviewing, he approves it with his fingerprint, and the is signed and broadcast to the .

Technical Deep Dive

WalletConnect establishes a secure communication channel through a relay server using a WebSocket connection. The uses a symmetrical key for each session, generated during the initial pairing. When a dApp initiates a connection, it creates a unique session ID and key, encoded in a QR code or deep link URI. When the scans or opens this link, it retrieves the pairing data and establishes the encrypted connection. is used as the message format for requests and responses over this encrypted channel. The supports methods defined in EIP-1193 (Ethereum Provider API) and other -specific methods. More recent versions (WalletConnect v2.0) added multi-chain support, improved session management, and enhanced the pairing process with features like sign-typed data and enhanced mobile linking.

Security Warning

Always verify details on your device before signing, as malicious dApps could misrepresent transactions. Be conscious of which dApps you connect to, as connected applications can request signatures until you manually disconnect them. Regularly review and disconnect unused WalletConnect sessions in your 's settings. Avoid scanning WalletConnect QR codes from untrusted sources or websites, as they could connect your to malicious applications.

Caveat

While WalletConnect improves security by keeping private keys off the browser environment, it doesn't protect against all threats. If your mobile device is compromised, transactions can still be at risk. The also creates a dependency on relay servers for communication, which could potentially introduce availability issues. Additionally, the user experience of switching between devices for approval can be cumbersome for frequent transactions, potentially encouraging users to revert to less secure but more convenient methods.

Related Terms

Blockchain & Cryptocurrency Glossary

WalletConnect - Related Articles