Security and Recovery
Your WAX account is only as safe as your wallet setup and recovery practices.
Core Rules
- Use one wallet setup you understand well instead of mixing too many access methods.
- Back up recovery material before you move value onto an account.
- Never share private keys, seed phrases, recovery phrases, or wallet passwords.
- Treat screenshots of recovery material as unsafe.
- Verify you are signing in to the correct site or app before approving actions.
Recovery Material
Depending on the wallet, recovery may rely on one or more of these:
- a passkey tied to your device or account ecosystem
- a seed or mnemonic phrase
- an imported private key
- a separate backup wallet file or password
Know which model your wallet uses before you depend on it.
Device Loss and Access Loss
Plan for these cases in advance:
- lost phone or laptop
- browser reset
- password-manager failure
- passkey sync failure
- loss of access to an email or social sign-in provider
If you use My Cloud Wallet, make sure you understand the difference between device-based access and phrase-based recovery. If you use Anchor, make sure your keys and any wallet backups are stored securely offline.
Signing Safety
Before approving a transaction:
- confirm the app or site is the one you intended to use
- check which account is signing
- review the action when the wallet exposes transaction detail
- be cautious with repeated signature prompts or unexpected permission requests
Permissions Matter
On WAX, permissions are a core part of account safety. Advanced users and developers should avoid using their highest-authority permission for everyday workflows where a lower-risk custom permission would do.
Read more: