How should I think about embedded wallets?
Embedded wallets are self-custodial EOA wallets for your users. They can do anything a traditional wallet can do, but can be set up within your app itself and can be customized to match your branding, so there is no break in your product experience. For many of your users, they will be their starter wallet in web3; for others, they will help create smoother UX alongside their existing wallet.
Are embedded wallets available today?
Yes! If you're interested in getting access, please reach out.
What if my user prefers to use an external wallet?
That is completely fine. It's up to you to enable your users to use embedded wallets, external wallets, or both. We make it easy to switch between wallets. Privy supports multiple wallets out of the box and switching between them is easy.
Will embedded wallets work on L2s?
Can users recover their wallet if they lose their device?
Yes, these self-custodial wallets can be easily restored or recovered on new devices.
What if my user doesn't have any crypto?
The embedded wallet roll-out will include default support for fiat on-ramps using a third-party provider. You can integrate your own fiat on-ramp (for instance with a third party NFT checkout service) if you prefer.
Can I customize wallet UI?
Yes, embedded wallet UIs can be customized to match your brand and feel. You can either customize Privy's default UIs to ensure your user has app-specific context around the actions they are taking, or you can use your own UIs entirely! See our configuration guide for more.
How do embedded wallets work, at a high level?
The system has been audited by independent cryptographers and third-party security firms. We will be releasing more on that. At a high-level, it works as follows:
- The wallet's public and private keys are generated in your user's client
- The wallet's private key is split using Shamir Secret Sharing. Key shares are split across the user device, Privy (gated by a valid auth token) and a recovery device (Privy provides a default, but the user can choose another).
- When an authenticated user attempts to sign a message, keys are reconstituted momentarily in an iframe on your site to generate the signature. This iframe's origin is isolated from your site, meaning your application never has access to private keys.
- If a user logs in to a new device, or loses an existing device, they can utilize their recovery share to regain access to their wallet.
You can read more about the embedded wallet's architecture here.
Can I access user keys or perform transactions on behalf of users?
No, the cryptosystem is fully self-custodial. This means neither you nor Privy can access user keys. Likewise, users must be signed in to perform transactions, although we are actively looking into permissions delegation schemes to enable smoother UX here.
Can my user access their assets if Privy is inaccessible?
Yes, your users will have the option of storing their recovery share with a third-party (iCloud, Drive, Dropbox). While the share on its own cannot reconstitute a key, paired with an activated device, the user can reconstitue their key and recover their assets even if Privy is offline.
What comes next?
We are actively working to improve embedded wallets, looking at particular at improvements in the space to power better UX and more powerful functionality, including advances in account abstraction systems, delegated permission standards and social recovery mechanisms.
- support for relayers and gasless transactions,
- support for UI-less interfaces for the wallet (enabling use of the crypstosystem outside of the Privy SDK, and React more generally),
- support for React Native and native mobile SDKs.
Have a question that isn't answered here? Send us a message at