ZerpSwap
Swap your ZERPS for 0% trading fees
Back to home
Wallet seed safety

Can ZerpSwap steal my seed?

No normal swap flow sends your seed to our server. Your wallet secret is used inside your browser to sign the transaction. The server receives the already-signed transaction, not the seed, not your PIN, and not your decrypted wallet.

Seed stays local PIN encrypted vault Browser signs transactions Server relays signed tx only
PIN encrypted vault
Signed tx_blob relay only
HTTPS required for saving secrets
0seed fields needed by the backend relay
210kPBKDF2-SHA256 iterations for saved wallet PIN encryption
AES-GCMbrowser-native encrypted vault storage
HTTPSrequired before wallet secrets can be saved securely

What happens when you import

Think of this like unlocking a wallet app. The secret is only needed locally so your browser can prove to XRPL that the transaction is yours.

1
You enter/import a walletThe browser receives the seed so it can build your local wallet session.
2
You set a PINThe saved wallet vault is encrypted before it is stored on your device.
3
You approve an actionYour browser signs the swap, send, trustline, or escrow transaction locally.
4
XRPL gets a signed transactionZerpSwap relays the signed blob to the ledger. A seed is not required for relay.

What ZerpSwap can and cannot see

Public blockchain data is public. Wallet secrets are different. The app does not need raw secrets to quote, sign, or submit a swap.

Allowed
  • Public wallet address
  • Public token metadata
  • Quote/AMM data
  • Signed transaction blob
Not needed
  • Raw seed phrase
  • Wallet PIN
  • Decrypted vault
  • Private signing key

What users should still know

Security is strongest when the site and the user both do the right thing.

Always check the real domain, avoid clone links, keep browser extensions clean, and do not keep life-changing funds in a hot wallet. For serious balances, use a separate cold wallet and only trade with a smaller active wallet.

Proof from the wallet code

The wallet module uses browser WebCrypto to derive a PIN key and encrypt the vault locally.

PBKDF2-SHA256 iterations: 210000
Vault encryption: AES-GCM 256
Storage: local browser vault blob
Unlock: PIN required before signing
Reference: /public/inline/token-swap-module-09.js

Proof from the server code

The relay submit endpoint validates a signed hex tx_blob. The endpoint is not designed to receive a seed or PIN.

POST /api/xrpl-relay/submit
body: { "tx_blob": "SIGNED_HEX_TRANSACTION" }

No seed field. No PIN field. No decrypted wallet.
Reference: /swap_serverpub.js XRPL relay routes

Simple checks for skeptical users

Open DevToolsIn the Network tab, search for seed, secret, mnemonic, or PIN. Normal trading should not send them.
Inspect storageThe saved wallet is an encrypted vault blob plus public address list, not readable seed text.
Check submissionsXRPL submission uses signed tx_blob data after local signing.
Check the URLUse the real domain and HTTPS. Do not trust screenshots, DMs, or fake links.