Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
日本語
Entry № 1349

WalletConnect Security

WalletConnect Security とは何ですか?

WalletConnect SecurityThe security properties and known weak points of the WalletConnect open protocol, which lets dApps pair with mobile and hardware wallets over a relay network using QR codes or deep links to exchange signed messages.

WalletConnect is the dominant open protocol (v2 is the current generation, by Reown) for pairing decentralized applications with mobile and hardware wallets. The dApp displays a QR code or deep link encoding a pairing URI; the wallet scans or opens it, derives a shared session key, and from then on the two parties exchange JSON-RPC messages over a public relay network. The wallet remains in custody of all keys; the dApp can only request signatures, which the wallet displays for explicit user approval. Security properties depend on three things working: end-to-end encryption between dApp and wallet through the relay (so the relay sees only opaque payloads), strict scoping of the session's methods and chains (a session approved for `eth_sendTransaction` shouldn't be able to sneak in `personal_sign`), and the wallet's UI clearly rendering what is being signed. Known weak points include fake pairing pages that capture the QR-code URI and replay it against the user's wallet, session-hijack research, and phishing dApps that exploit weak signing-display in older wallets. Defenses: always pair from inside the wallet (not by typing a URI), verify the dApp's displayed domain, and prefer wallets with strong EIP-712 display.

  1. 01

    A user pairs MetaMask with a Uniswap dApp via WalletConnect; subsequent EIP-712 signature requests display the dApp domain and the typed-data structure before the user approves.

  2. 02

    A security researcher publishes a proof-of-concept where a phishing site replays a captured WalletConnect URI against the user's wallet, recommending wallets warn on QR codes scanned from non-pairing pages.

よくある質問

WalletConnect Security とは何ですか?

The security properties and known weak points of the WalletConnect open protocol, which lets dApps pair with mobile and hardware wallets over a relay network using QR codes or deep links to exchange signed messages. サイバーセキュリティの Web3 とブロックチェーン カテゴリに属します。

WalletConnect Security とはどういう意味ですか?

The security properties and known weak points of the WalletConnect open protocol, which lets dApps pair with mobile and hardware wallets over a relay network using QR codes or deep links to exchange signed messages.

WalletConnect Security はどのように機能しますか?

WalletConnect is the dominant open protocol (v2 is the current generation, by Reown) for pairing decentralized applications with mobile and hardware wallets. The dApp displays a QR code or deep link encoding a pairing URI; the wallet scans or opens it, derives a shared session key, and from then on the two parties exchange JSON-RPC messages over a public relay network. The wallet remains in custody of all keys; the dApp can only request signatures, which the wallet displays for explicit user approval. Security properties depend on three things working: end-to-end encryption between dApp and wallet through the relay (so the relay sees only opaque payloads), strict scoping of the session's methods and chains (a session approved for `eth_sendTransaction` shouldn't be able to sneak in `personal_sign`), and the wallet's UI clearly rendering what is being signed. Known weak points include fake pairing pages that capture the QR-code URI and replay it against the user's wallet, session-hijack research, and phishing dApps that exploit weak signing-display in older wallets. Defenses: always pair from inside the wallet (not by typing a URI), verify the dApp's displayed domain, and prefer wallets with strong EIP-712 display.

WalletConnect Security からどのように防御しますか?

WalletConnect Security に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

WalletConnect Security の別名は何ですか?

一般的な別名: WalletConnect v2, Reown protocol。

関連用語