Security
A wallet is only as safe as your device and your habits. Eoonia adds technical layers; you add operational discipline.
What Eoonia does
| Layer | Description |
|---|---|
| Self-custody | Keys generated on your device — not on Eoonia servers |
| Encryption | AES-256, PBKDF2, encrypted Hive storage |
| Biometrics | Fingerprint / Face ID gate via local_auth |
| Hardware | Optional Ledger signing |
| WalletConnect | Session-based signing — keys never exported to dApps |
Research modules (QuantumSecuritySystem) explore post-quantum key handling — see docs/QUANTUM_SECURITY_IMPLEMENTATION.md in the repository for technical depth.
What you must do
- Write down your 12-word phrase offline. Never store it in email, iCloud, or screenshots.
- Verify addresses before sending large amounts — phishing sites copy UI.
- Reject anyone asking for your seed phrase — including fake “support”.
- Update the app when security releases ship.
- Use hardware wallet for high balances when possible.
Fail-safe behavior
- Unknown or failed biometric → no automatic unlock
- dApp permission prompts → explicit approve per session
- Revoked WalletConnect sessions stop signing immediately
Reporting issues
Security bugs: GitHub Issues on empoorio/Eoonia_Wallet or the contact form on Contact — never include private keys in reports.
Related
- Getting started
- Privacy policy
- KryptoOS — identity credentials (separate from wallet keys)