Embedded Wallets Overview

​

Overview

You can think of an embedded wallet like a powerful web-account. An embedded wallet is a programmable web3 crypto wallet that can be issued invisibly to customers on your website or app. Customers with an embedded wallet can immediately receive digital tokens and make on-chain interactions without needing to go through the complexities of understanding the intricacies of typical EOA wallets like Metamask or Phantom, or needing to download anything to start their journey.

Dynamic-powered embedded wallets can be used in a range of scenarios - from ways to ease onboarding on your websites to working as the base for building your own full stack wallet.

​

Non Custodial

Dynamic-powered embedded wallets are non-custodial, meaning they are always end-user owned and controlled. Only the end-user has ownership and access to their wallet private keys.

Dynamic leverages a combination of internal and third party services including trusted execution environments (TEEs, specifically AWS Nitro Enclaves), secure key management, advanced policy engines and iframes to limit potential security threats and ensure end user self-custody. All wallet private keys are encrypted and isolated such that neither Dynamic nor the Developer have access to the end user’s wallet private keys. End-user decryption activities are all performed in trusted execution environments and only run upon end-user activity requests.

In addition, all end users of Dynamic-powered embedded wallets can always export their wallet private key to take their assets into a different wallet provider or alternative storage location. Dynamic is also working to add additional features to limit potential connections between the end-user and Dynamic or Developer services. As an example, these may include:

• Fallback back up support if Dynamic or your site is ever down
• Allowing users to disassociate their embedded wallet data with the service.

Dynamic is SOC2 Type 2 compliant and hires an independent third parties to regularly conduct audits of our code, processes and systems. Dynamic also runs evergreen bug bounty programs.

​

Multi-chain

Dynamic offers embedded wallets on EVM compatible networks and Solana. If you enable both, they will both be created at once and whichever you have marked as “primary” will be shown as the primary address in their profile upon sign in.

​

Seamless signing (session keys)

By default, Dynamic allows the end user to use session keys to authenticate and interact with their wallets. This means that the end user can sign messages and transactions without having to enter an email code or passkey.

Session keys are implemented by creating API keys in the developer website and registering those as valid authentication methods within a secure enclave. Those session keys are retained by the end user on the developer website and are never sent to Dynamic.

Session key registration requires a valid Dynamic JWT, which is obtained via a successful user authentication. Once the session keys expire, they can no longer be used to authenticate into a Dynamic-powered embedded wallet. If you are using our SDK, session keys are automatically refreshed when expired as long as the JWT is valid

Transactions requests are signed by the end user’s wallet authenticator and validated by our KMS. Upon successful validation, the end user’s private keys are used to sign the actual transaction within our KMS’s secure enclave.

Note that for added account level security, you can enforce TOTP using an authenticator app.

​

Smart Wallets

You can turn these embedded wallets into smart contract wallets using our smart wallet feature. By doing so, you can sponsor your end-users’ fees, add complex approval logic, and much more.