WalletConnect Security.

The security properties and known weak points of the WalletConnect open protocol, which lets dApps pair with mobile and hardware wallets over a relay network using QR codes or deep links to exchange signed messages. It belongs to the Web3 & Blockchain category of cybersecurity.

The security properties and known weak points of the WalletConnect open protocol, which lets dApps pair with mobile and hardware wallets over a relay network using QR codes or deep links to exchange signed messages.

WalletConnect is the dominant open protocol (v2 is the current generation, by Reown) for pairing decentralized applications with mobile and hardware wallets. The dApp displays a QR code or deep link encoding a pairing URI; the wallet scans or opens it, derives a shared session key, and from then on the two parties exchange JSON-RPC messages over a public relay network. The wallet remains in custody of all keys; the dApp can only request signatures, which the wallet displays for explicit user approval. Security properties depend on three things working: end-to-end encryption between dApp and wallet through the relay (so the relay sees only opaque payloads), strict scoping of the session's methods and chains (a session approved for `eth_sendTransaction` shouldn't be able to sneak in `personal_sign`), and the wallet's UI clearly rendering what is being signed. Known weak points include fake pairing pages that capture the QR-code URI and replay it against the user's wallet, session-hijack research, and phishing dApps that exploit weak signing-display in older wallets. Defenses: always pair from inside the wallet (not by typing a URI), verify the dApp's displayed domain, and prefer wallets with strong EIP-712 display.

Defences for WalletConnect Security typically combine technical controls and operational practices, as detailed in the full definition above.

Common alternative names include: WalletConnect v2, Reown protocol.