Rally Wallet Security Overview
Rally's Wallet was built with safety & security in mind — which is why we’ve included best-in-class, enterprise-level protections that keep your wallet and its contents safe from unauthorized access. These include:
Seedphrase-less wallet: Traditional crypto wallets often rely on a single private key or a seed phrase to access your assets. This can be risky – if those are lost or stolen, your wallet is compromised. MPC (multi-party computation) takes a different approach for more robust security. Want to understand more about MPC wallets and their benefits? Check out this article by Fireblocks.
Token security warnings: We clearly highlight the risks that may be associated with specific tokens in order to help you make more informed decisions.
Malicious contract protection: Our team and partners actively monitor contracts for known attacks, preventing your Rally Wallet from signing messages with malicious services.
Built-in simulations: The Rally wallet allows you to preview every operation onchain before you sign it, showing you the expected outcome of the transaction.
Backups secured by iCloud & Google Accounts: During wallet setup, you'll be guided through a secure backup process using your iCloud or Google Account. Consider this your lifeline if you ever misplace or upgrade devices.
Biometric verification: For enhanced security, your Rally Wallet will require biometric verification (like Face ID and Touch ID on Apple; or Fingerprint Authentication or Face Unlock on Android) for each transaction by default. Additionally, a biometric or passcode lock must be enabled on your device, as this ensures your keychain—and by extension, your wallet—is securely encrypted.
Wallet Security Best Practices
In addition to backing up your wallet through the Rally-guided process to iCloud (for Apple users) or Google Account (if you’re using Android), there are some best practices that you’ll want to enforce:
iCloud/Google Account & email two-factor Authentication: You can always get access to your wallet with a combination of both (1) your iCloud/Google Account backup and (2) the login to your Rally account (e.g. your email). Because of this, adding two-factor protection on those accounts adds additional lines of defense should anyone attempt to compromise your assets.
Here’s Apple’s guide to turning on two-factor authentication for your Apple ID.
Here’s Google’s guide to turning on two-step verification for your Google Account.
Check with your email provider to find instructions on how to set up two-factor authentication for your email account as well.
⚠️Note — we recommend using a hardware (Yubikey) or software (iCloud Keychain or Google Authenticator) option for your second factor, and not SMS. SMS is vulnerable to SIM swapping attacks.
Be cautious with unsolicited crypto in your Wallet: Crypto sent without your knowledge or airdropped to your wallet is often a scam. These scams may ask you to visit a site, connect your wallet, or send crypto to an address, allowing scammers to access your wallet. Scams can be complex and sophisticated, so always research to verify if unsolicited tokens are legitimate and not a scam.
Only transact with trusted sources: Before signing any transaction with your wallet, always review the details thoroughly. Scammers can access your funds if you approve a transaction, so only approve transactions from trusted sources. Only interact with entities and individuals you know and trust, including connecting to dApps, and sending or receiving crypto.
Rally Wallet Privacy Overview
We believe Web3 is better with friends, and the Rally Wallet puts you in the driver’s seat when it comes to deciding what information from your Rally account (if any!) is associated with your wallet. You have full control over:
Your portfolio & wallets: Wallets added to your portfolio are always private by default and not associated with any of your social activity, unless you explicitly configure it.
Wallets & social: You can choose to opt wallets into being socially visible, this means that users can send you tokens at that address and activity from those wallets will appear on your public profile. You can manage which wallets are included in Settings in-app (each wallet has an "Include in Social" toggle).
Account association: Your email, Twitter handle, other wallets, and any other information you use with Rally is not publicly associated with your wallet unless you choose to connect them as links on your public profile.
iCloud & Google Account protection: Although your secure backups are stored in your iCloud or Google Account, Rally does not have access to the associated email address or any contents.