8. Security Model

Wallet Security

Private Key Protection:
├── Generated server-side using crypto.randomBytes
├── Encrypted with AES-256-GCM before storage
├── Encryption key from environment variables
├── Never transmitted via Telegram messages
├── Decrypted only for transaction signing
└── User can export and delete anytime

Safety Measures

Private keys never shown in logs
Auto-delete private key messages after 60s
Warning confirmations before key export
No seed phrase storage - key-only approach

Database Security

Encrypted connections to Supabase
Row-level security policies
API key authentication
Rate limiting on all endpoints

Previous7. Referral Program Next9. Technical Stack

Last updated 42 minutes ago