Is it secure to use WalletConnect in LOBSTR?

Modified on Thu, 24 Nov 2022 at 12:18 PM

Is WalletConnect safe to use?


WalletConnect is an open-source protocol used to establish a secure connection between phone applications, like LOBSTR wallet, and web services of your choosing, like StellarX and StellarTerm.


The protocol establishes an encrypted connection between two applications, wallets, or devices. This connection is symmetrically encrypted through a shared key of the two peers.

And you have to approve the connection manually, so no service has access to our account data or funds without your authorization. 



When using WalletConnect wallet you can expect the same top-notch level of security you usually expect with LOBSTR:


- Your manual approval is required every time you want to make a transaction or connect to a web service. Simply reject when you receive a request if you do not trust the service.


- Your private key is fully encrypted, and securely stored inside of LOBSTR wallet on your device. It can only be used to sign incoming transactions inside of LOBSTR app. 


- Your private key is never sent or exposed to the connected services in any way, similar to how hardware wallets don't expose your private key when connecting and signing.


- Your LOBSTR account and app are protected with our built-in security features including Face ID verification and IP confirmation, so no one can access and authorize transactions on your behalf. 



In other words, when you connect to a service via WalletConnect through LOBSTR, it's impossible for the funds in your wallet to be spent without your approval. 


 


How to use WalletConnect securely


When using WalletConnect your connection to applications (Dapps) is encrypted and your private key is never shared. Security considerations remain, though.


Below are our tips to improving our security when using WalletConnect:



1. Don't connect to unknown or suspicious third-party services


Connecting your wallet to third-party sites is risky and makes you vulnerable to phishing.

Do not attempt connecting with them before informing yourself of the right instructions. These websites can be filled with harmful malware and links.


2. Verify that you're using the real service or application - check the URL.


Check you're using the real service by inspecting the URL. Attackers have been known to create fake versions of the website with the aim of stealing your tokens. Only sign transactions from services you know and trust.


A further way to reduce this risk is to avoid clicking the first link in your search results (especially if it's a paid advertisement).


3. Verify transaction details before confirming the request


LOBSTR app allows you to view the transaction details for most transactions submitted to WalletConnect by connected services. It is recommended to make sure the transaction is not being changed from what you've entered in the service.


Even if you trust the service you are using, It is always a good idea to view make sure you are sending the funds to the right recipient, buying the correct amount of token, or correctly casting your votes. 


4. Don't share your private information with the connected service


Access to your Recovery Phrase, private key, or password is not required for the connected service to initiate transactions with WalletConnect. The signing happens exclusively in LOBSTR wallet on your device, without sharing any private information with the connected service. 


Fraudulent apps may ask you to share your private or other data in an attempt to steal your funds. 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article