The wallet backup mechanism protects user assets through multi-layer encryption and multi-factor verification:
1.The backup file is encrypted with the backup password
During the backup process, the user must:
-
Complete security verification (2FA)
-
Set a dedicated backup password
-
The system encrypts and generates the backup file using this password
Even if the backup file leaks, it cannot be decrypted without the backup password.
2.Wallet recovery requires multiple layers of verification
The recovery flow requires all of the following steps — none can be skipped:
Upload and validate the backup file
-
The system checks the file format
-
Invalid formats are blocked and cannot proceed further
Enter the backup password to decrypt
-
The wrong password immediately stops recovery
-
Only when both the file and password are correct can the user continue
Even with the file, an attacker cannot restore without the password.
Pass two-factor authentication (2FA)
-
The user must verify via one of the bound methods (Email verification code or Google Authenticator)
-
Failing verification prevents address generation and wallet recovery
Even if an attacker obtains both the backup file and backup password, without 2FA, they still cannot recover the wallet.
3.Final address generation still requires password + 2FA
The last step of recovery still requires 2FA to retrieve the SALT, which is necessary to generate the user's unique address, preventing asset theft from any single point of compromise.