Is Conflux Wallet safe?

Conflux Wallet is non-custodial and open-source. Your private keys never leave your device. For maximum security, pair the wallet with a Ledger or Trezor hardware wallet. Always store your 12-word seed phrase offline. The wallet itself cannot lose your funds — only loss of your seed phrase can.

Can Conflux Wallet steal my CFX?

The wallet's source code is public. Independent reviewers verify what it does. The only way for Conflux Wallet to steal funds would be a malicious release — which is why downloading from the official source (confluxwallet.org) matters. Hardware-wallet pairing eliminates even this risk because the keys are on the hardware device.

What if confluxwallet.org gets hacked?

A compromised website could distribute a malicious binary. Mitigations: hardware-wallet usage and downloading the wallet only from the official confluxwallet.org domain. If the site is compromised, the keys on existing wallets remain safe — they're not stored on the server.

Is it safer than Fluent Wallet?

Both are non-custodial, both open-source, both BIP-44 standard. The security primitives are equivalent. Conflux Wallet runs as a desktop application instead of a browser extension, which avoids browser-extension-specific risks (extension supply-chain attacks, popup focus-loss attacks). Hardware-wallet support is more polished. But "safer" is a sliding scale — for any wallet, the user's seed-phrase storage practices matter more than the wallet implementation.

What's the safest way to use Conflux Wallet?

Download from confluxwallet.org. Generate a fresh wallet (don't import a phrase you've used elsewhere unless you're consolidating). Write the seed phrase on paper, store offline. Pair a Ledger or Trezor for any non-trivial balance. Use the wallet on a device you trust (no public computers, no shared accounts).

Conflux Wallet Security — Self-Custody, Open Source, Hardware-Backed

Open-source, hardware-wallet support, self-custody. No servers hold your keys.

Download Conflux Wallet

Conflux Wallet Settings and Security panel showing Ledger and Trezor hardware wallets, biometrics, auto-lock timer, and custom RPC configuration — Hardware-wallet pairing, biometrics, and custom RPC live in Settings.

What "secure" actually means for a wallet

Software wallet security has a small number of factual primitives. Marketing language ("bank-grade security," "military-grade encryption," "the safest wallet") is meaningless because every wallet claims it. What matters is which primitives the wallet implements and how.

Conflux Wallet's security primitives:

Self-custody. The wallet has no server that holds your private keys. Keys are stored encrypted on your device only.
Open-source. Source code is published. Anyone can verify what the wallet does.
Standard cryptography. BIP-44 hierarchical deterministic key derivation, the same standard Bitcoin and Ethereum wallets use.
Hardware-wallet support. Pair Ledger or Trezor; keys live on the hardware device, never on your computer.
Local password encryption. Your seed phrase is encrypted at rest using your password. Decrypted only when you actively use the wallet.
No telemetry of sensitive data. The wallet doesn't transmit your seed phrase, private keys, or transaction signatures to any server.

What you should do, regardless of which wallet you use

These practices apply to any cryptocurrency wallet, including Conflux Wallet:

Write your seed phrase on paper. Never store it digitally. No screenshots, no cloud notes, no password managers, no chat messages. The only safe storage for a seed phrase is offline media (paper, metal, hardware seed-phrase backup devices).
Pair a hardware wallet for significant balances. Software wallets are convenient. Hardware wallets are safer for large balances. Conflux Wallet supports both flows in the same UI.
Test with a small amount first. Before sending a large transaction, send a small one. Verify it arrives. Then send the rest.
Be skeptical of unsolicited messages. No legitimate Conflux Wallet support agent will ask for your seed phrase. Anyone who does is attempting to steal your funds. The wallet team cannot recover your phrase even if they wanted to — that's how non-custodial wallets work.

What Conflux Wallet doesn't do

No "we'll recover your phrase if you lose it" promise. Non-custodial wallets cannot recover lost seed phrases. Any wallet claiming to do so isn't actually self-custody.
No "insurance against theft." A few custodial services offer insurance; a self-custody wallet cannot, because the wallet provider doesn't custody the funds.
No mandatory KYC. The wallet works without identity verification. (Exchanges where you buy CFX do require KYC; that's their requirement, not the wallet's.)

Reporting a vulnerability

Security researchers can disclose vulnerabilities responsibly via the contact form on /help, marked "Security." The Conflux Wallet team aims to acknowledge reports within 48 hours and provides reasonable response timelines. Critical vulnerabilities take precedence over feature work.