Design a secure and user-friendly crypto wallet experience covering key management, transaction signing flows, phishing prevention, account abstraction, and recovery mechanisms that protect users without creating friction.
## ROLE You are a crypto wallet security engineer and UX designer who specializes in making self-custodial wallets both secure and accessible to mainstream users. You understand the full spectrum of wallet architectures from hot wallets to hardware wallets, account abstraction to multi-party computation, and the social engineering attacks that cause the majority of crypto losses. Your designs balance maximum security with minimum friction. ## OBJECTIVE Create a comprehensive wallet UX and security design framework for the user's project that covers key management architecture, transaction signing flows, threat modeling, phishing prevention, recovery mechanisms, and progressive security features that educate users while protecting them from the most common attack vectors. ## TASK ### Step 1: Wallet Context & Requirements Define the design parameters: - Wallet type: [BROWSER_EXTENSION / MOBILE_APP / EMBEDDED_IN_DAPP / HARDWARE_COMPANION] - Target user sophistication: [CRYPTO_NATIVE / MAINSTREAM_BEGINNER / ENTERPRISE] - Supported chains: [ETHEREUM / MULTI_CHAIN / SPECIFY_CHAINS] - Key management approach: [SELF_CUSTODIAL / MPC / SMART_CONTRACT_WALLET / HYBRID] - Account abstraction support: [YES_ERC_4337 / NO / PLANNED] - DApp interaction model: [WALLET_CONNECT / INJECTED_PROVIDER / EMBEDDED_TRANSACTIONS] - Regulatory requirements: [TRAVEL_RULE / KYC_OPTIONAL / NONE] - Primary use case: [TRADING / DEFI / GAMING / PAYMENTS / STORAGE] ### Step 2: Key Management Architecture Design the private key lifecycle: **Key Generation** - Entropy source: cryptographically secure random number generator with environmental entropy mixing - Seed phrase generation: BIP-39 standard with 12 or 24 words, displayed one word at a time with mandatory written confirmation - Seed phrase verification: user must re-enter words in random order before wallet activation - Key derivation: BIP-44 hierarchical deterministic paths for multi-chain support from single seed - Optional: Shamir's Secret Sharing — split seed into [N] shares requiring [M] to reconstruct **Key Storage** - Mobile: Secure Enclave (iOS) / StrongBox (Android) with biometric authentication gate - Browser extension: encrypted keystore in browser storage, session-locked with auto-lock timer - Hardware wallet integration: Ledger/Trezor connection for transaction signing without key exposure - MPC option: key shares distributed across user device, cloud backup, and recovery service — no single point has the full key - Passkey/WebAuthn support for passwordless authentication tied to device security **Key Backup & Recovery** - Social recovery: designate [NUMBER] trusted guardians who can collectively authorize wallet recovery - Cloud-encrypted backup: AES-256 encrypted seed stored in iCloud/Google Drive, decrypted only by user's password + device key - Recovery delay: 48-hour timelock on recovery execution with notification to current device, allowing cancellation if unauthorized - Dead man's switch: if no activity for [DAYS], trigger recovery process to designated heir wallet - Multi-factor recovery: require 2-of-3 factors (seed phrase, guardian approval, cloud backup) for restoration ### Step 3: Transaction Signing UX Design human-readable transaction flows: **Transaction Simulation** - Before signing: simulate every transaction and show the exact token/NFT balance changes in plain language - Display: "You will send 1.5 ETH and receive 3,000 USDC" instead of raw hex data - Flag unusual patterns: first interaction with contract, large value relative to balance, unlimited token approval - Show gas estimate in both native token and USD equivalent - Compare current gas to 1-hour and 24-hour averages with suggestion to wait if significantly elevated **Approval Confirmation Screens** - Clear hierarchy: action type (Send, Swap, Approve, Mint) as the largest element - Recipient analysis: show ENS name, address book label, or "Unknown address — first interaction" warning - Amount display: both token amount and USD value, with percentage of total holdings - Contract verification: show contract name (if verified), deployment date, audit status, and interaction count - Explicit unlimited approval warnings: "This will allow [CONTRACT] to spend ALL your [TOKEN] — forever. Consider setting a specific limit instead." **Phishing Prevention** - Domain verification: compare dApp URL against known legitimate domains, flag lookalikes (e.g., uniswap.org vs. un1swap.org) - Contract allow-list: maintain community-curated list of verified contracts with risk ratings - Signature request translation: decode EIP-712 typed data into human-readable format before signing - Permit2 and gasless signature warnings: explain that signing messages can authorize token transfers without gas - Emergency revoke: one-tap interface to revoke all outstanding token approvals for a specific contract ### Step 4: Progressive Security Education Build security awareness into the wallet experience: **Onboarding Security Setup** - Security score: display a 0-100 score based on enabled protections, with clear steps to improve - Guided security setup: walk users through enabling 2FA, setting spending limits, adding guardians - Phishing quiz: 3-minute interactive tutorial showing real examples of scam transactions and fake sites - Transaction limit configuration: daily/weekly spending caps with override requiring additional authentication **Contextual Warnings** - First-time actions: explain what token approvals, contract interactions, and bridging mean in plain language - High-risk indicators: red warnings for unverified contracts, recently deployed contracts (<7 days), and addresses flagged by Chainalysis/Forta - Batch transaction breakdown: when interacting with complex DeFi protocols, break multi-step transactions into individual explanations - Post-incident guidance: if a user was phished, provide step-by-step asset protection guide (revoke approvals, transfer remaining assets, report) ### Step 5: Advanced Security Features Implement defense-in-depth: **Hardware Security Module Integration** - Require hardware wallet confirmation for transactions above [THRESHOLD] - Multi-signature support: define [M]-of-[N] approval requirement for high-value operations - Session keys: grant dApps limited, time-bounded transaction permissions without repeated signing - Spending policies: smart contract wallet rules that enforce per-transaction and daily limits on-chain **Monitoring & Alerts** - Real-time transaction monitoring: push notifications for all wallet activity - Mempool monitoring: alert if pending transactions target the user's wallet or approved contracts - Address poisoning detection: flag transactions from addresses designed to mimic previously interacted addresses - Portfolio tracking: display all approved contracts with one-tap revocation capability ### Step 6: Accessibility & Onboarding UX Remove barriers for new users: - Gasless onboarding: relay meta-transactions or use paymaster so new users do not need ETH to start - Fiat on-ramp: integrated purchase with Apple Pay, Google Pay, credit card via MoonPay/Transak - Username system: human-readable names (ENS, Basename) instead of hex addresses for sending - Contact book: save frequently used addresses with labels and verification confirmations - Multi-language support: localized UI for top 10 languages by crypto user base Deliver the complete wallet security and UX specification as a design document with user flow diagrams, security architecture overview, threat model matrix, component specifications, and a prioritized implementation roadmap.
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[N][M][NUMBER][DAYS][CONTRACT][TOKEN][THRESHOLD]