Skip to main content

General FAQs

What is the difference between Email Wallet (Self-Recovery) & Email Wallet (Managed Recovery)

Email wallet (with managed recovery code) usage is calculated by monthly active wallets (i.e. active as defined by at least 1 user log-in via email or social within the billing period month). For both the Starter and Pro plan, users receive 10,000 free monthly active wallets + charged $0.02 per incremental monthly active wallet after. Note that wallets with self recovery code is completely free to use.

Which blockchains are supported?

Our thirdweb Embedded Wallet is fully EVM compatible and supports all EVM chains.

How does wallet recovery work?

Recovery is built-in. If the user loses their device, they can sign into a new device and provide the recovery code that was emailed to them to recover their wallet. There is no recovery option if the user loses access to their email.

Do I need to build separate flows for embedded wallets and external wallets (e.g. MetaMask)?

No! Since our SDK provides the wallet signer, you can build a unified experience with the same code to handle how all your users' wallets interact with signatures and smart contracts.

However, you will need to provide a separate flow to create embedded wallets as you would with any wallet provider (WalletConnect, Coinbase Wallet, etc.).

How do I troubleshoot unexpected console error messages?

Make sure that you are developing on a secure origin, which includes localhost and any site on https://. thirdweb uses cryptography libraries that are unsupported on http://.

If you continue to run into a console error, please contact us with more details.

How much does EWS cost?

Email Wallet (Self-Recovery) are free for unlimited wallets. Email Wallet (Managed Recovery) charges based on a monthly active user (MAU) model which is defined as any sign-in/sign-up inside your application. The first 10,000 MAUs are free. After that, we charge $0.02/wallet. For more pricing information, refer to our pricing page. Volume discounts are available for enterprise customers. Please contact our business team for more information.

What is thirdweb’s ability to scale?

thirdweb can create up to 100 wallets/second by default, and can support higher limits (up to 3,000 wallets/second) upon request.

How can my user create an embedded wallet?

Buyers who don't have a wallet can create one with their email or social login.

Customization FAQs

Do you support gasless transactions?

Yes. Our Smart Wallet product, used in combination of Embedded Wallet, allows for a fully gasless experience.

Is there a way to display the logged-in email address in the Connect component, similar to the wallet address?

Yes, we show the email by default in the dropdown after you connect. To display the email anywhere else using React or React Native, check out the code snippets for all platforms.

Does the Embedded Wallet product use Smart Wallets?

No, the Embedded Wallet that is created does not use a smart contract wallet. However, Embedded Wallets can work great in combination with smart wallets. This combination allows users to sign in with only their email (Embedded Wallet) and receive a completely gasless user experience (Smart Wallet).

Custom JWT Auth FAQs

Can I use my own Auth service with Embedded Wallets?

Yes, you have the option to use your own Auth provider with the thirdweb Embedded Wallet. For instructions on how to log in using your custom authentication, refer to our Bring your own authentication with Custom JWT guide.

For a user who creates a wallet via the JWT method, can they recover their account via thirdweb?

The user can still recover by authenticating via your application, then using the password that was sent to them to gain access to the wallet on a new device. thirdweb doesn’t have access to the authentication mechanism and would only be able to provide the user access to their wallet if they are already on a device that has the wallet share saved.

Who retains custody over wallets created with custom JWT?

The user has custody of the wallet because (a) thirdweb does not have enough shares to access the wallet because we do not know the password sent to the user to decrypt one of the shares, (b) your app has the auth mechanism, but auth by itself is not enough to access the underlying wallet.

How will my users recover their account in case they lose access to their auth?

Currently, users will rely on the built-in recovery of their auth method. Refer to the How to recover your Google Account or Gmail article as an example.

Soon, developers will be able to toggle on the option for users to add a backup auth method in the case the user loses access to their primary auth method & its recovery.

Security FAQs

How is the private key managed?

The private key is sharded into three pieces. The first piece is stored on the customer’s device, the second piece is stored in Amazon’s KMS and encrypted by the customer’s email/social auth, and the third piece is stored on Paper. At anytime, there needs to be 2/3 pieces for the private key to be reconstructed.

thirdweb is non-custodial because we only have access to the third piece stored on thirdweb’s servers, and we cannot access the other two shards without the user logging into your application.

Our security architecture has been audited by HackerOne and we have an ongoing bounty program to ensure vulnerabilities are being covered.

What happens if thirdweb or my database gets breached?

Using MPC technology, your customers’ assets are safe even in the event that thirdweb or you are compromised. This is because the attacker will only be able to access 1 of the 3 shards, and that is not enough to reconstruct the private key.

Is there MFA/2FA for additional security?

Soon, developers will be able to toggle on the option for users to add additional security to their social wallet by adding a user-set password.