Your assets are secure in your Koala Wallet while you safely navigate the Kadena ecosystem. Here are some of the main security features and processes that help you sleep at night knowing your wallet is as safe as it can be.
Koala Wallet is an anonymous non custodial wallet. This means there are no "accounts". It's impossible for us to lend, steal or misuse your funds in any way. You and only you always have full access to your assets. Your Recovery Phrase and wallet is generated offline and locally by your device. Recovery Phrases, passwords and other sensitive data are never transmitted out of your device. Support staff will NEVER DM you or ask for your Recovery Phrase, never share it with anyone!
Latest native OS features and encryption
Koala Wallet was developed from the ground up to use all of the latest security features on modern smartphones. Only Android and iOS versions that still receive security updates are supported (Android 10, iOS 15.7 and newer). Private keys, passwords and other sensitive data are kept secure at all times in your device's secure enclave chip. It is designed specifically so that an attacker cannot get that information. The Browser Extension version has extra precautions due to protected storage differences between extensions and mobile apps.
Screen capture protection
Koala Wallet for mobile implements screenshot and screenrecord protection where sensitive information is visible. Thus, your security isn't compromised in case there is malicious software on the phone snooping on your screen, or even by accident for example while streaming.
Root and Jailbreak detection
A rooted or jailbroken phone may bypass some hardware or software system protections that keep your assets safe. Because of this, Koala Wallet will not run on such devices.
Secure keyboard input
Your Recovery Phrase is meant to be seen by your eyes only. We designed a secure on-screen keyboard that doesn't interact with the rest of the system, and doesn't try to remember words or save them in the cloud like "smart" keyboards do.
Randomized keyboard and PIN keypad
Besides the Recovery Phrase and PIN screens being protected from recordings, digit location on the Recovery Phrase keyboard and PIN keypad can be randomized so that finger or touch position analysis on mobile cannot be used to leak information.
Koala Wallet had its code audited in 2023 by Red4Sec, a leading auditing company in Europe. The audit identified zero critical, high, or even medium security issues. Only a few no-real-risk and/or informative vulnerabilities were found, and already dealt with in the following app update. Read our announcement here.
Bug Bounty program
The worldwide community of security researchers are also helping to keep you safe. Anyone who finds a bug or security hole that could put users' funds at risk is incentivized to responsibly disclose it and possibly get a bounty in return, making everyone safer in the process. Go to our dedicated Bug Bounty program page here.