IOTA Wallet Pro

The high-performance engine: Your IOTA wallet.

IOTA Wallet Pro — The high-performance engine for your IOTA assets. IOTA Wallet Pro is a self-custody browser extension wallet purpose-built for the IOTA ecosystem. It natively supports both IOTA L1 (Move smart contracts, Ed25519 signatures) and IOTA EVM (Ethereum-compatible L2, chainId 8822), giving you full control over your digital assets across both networks from a single interface — no third-party custody, no external servers, no compromises. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ WHY INSTALL IOTA WALLET PRO ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ The IOTA ecosystem spans two distinct blockchain layers — the native L1 with Move smart contracts and the EVM-compatible L2 for DeFi and dApps. Managing assets across these layers typically requires separate tools, creating friction and security risks. IOTA Wallet Pro unifies both networks into one secure, intuitive browser extension, purpose-built for IOTA users, developers, and stakers. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ CORE CAPABILITIES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔐 FULL SELF-CUSTODY & MILITARY-GRADE SECURITY • Your keys never leave your device. Seed phrases are encrypted locally with Argon2id (64 MiB memory, 3 iterations) key derivation and AES-256-GCM encryption — the same standards used by enterprise security systems. • Derived keys exist only in volatile memory and are never written to any persistent storage. When the browser extension closes, keys are gone. • Password verification uses domain-separated HMAC-SHA256 with constant-time comparison to prevent timing attacks. • Mnemonic bytes follow a secure pipeline: decrypt as Uint8Array → use for signing → immediately wipe with secureWipeBytes(). String intermediates are avoided to prevent V8 string interning. 💰 DUAL-NETWORK ASSET MANAGEMENT • View and manage IOTA L1 and IOTA EVM balances, custom tokens, and coin metadata from a unified dashboard. • Seamless switching between L1 (0x + 64 hex addresses) and EVM (0x + 40 hex addresses) with automatic balance refresh. • Token discovery with automatic coin metadata enrichment. ERC-20 tokens on EVM with contract-level metadata resolution. • Support for Move objects and NFTs on L1, with visual categorization (Visual / Other / Hidden tabs). 🌉 CROSS-CHAIN BRIDGE (L1 ↔ EVM) • Transfer assets between IOTA L1 and IOTA EVM directly within the wallet — no third-party bridge services. • L1 → EVM: Uses ISC Request protocol with BLAKE2b-hashed contract/function indices and BCS-encoded parameters. • EVM → L1: Uses ISC Magic Precompile (transferToL1) for native cross-chain withdrawals. • Direction is automatically locked based on your active account type (L1 accounts bridge to EVM; EVM accounts bridge to L1), preventing misdirected transfers. • Address book filtering shows only contacts matching the target chain. 📊 NATIVE STAKING (L1 ONLY) • Stake IOTA directly to validators and earn rewards without intermediaries. • View validator APY, commission rate, staking share, and total staked amount — all pulled live from chain data. • Monitor active delegations, accumulated rewards, and unstaking timelines. • Minimum stake: 1 IOTA. Rewards begin accruing after ≥ 1 epoch. • Staking entry is hidden on EVM mode (not supported on L2) — no confusing dead-end UI. 📤 BATCH SENDING & CSV IMPORT • Send assets to multiple recipients in a single atomic Programmable Transaction Block (PTB). • Import recipient lists via CSV (address,amount format) for payroll, airdrops, or batch payments. • Address book quick-fill for single and batch sends. • Gas estimation via dry-run before confirmation. 🔗 DAPP CONNECTIVITY — BOTH L1 AND EVM • IOTA Wallet Standard: Full implementation of connect, disconnect, events, signPersonalMessage, signTransaction, and signAndExecuteTransaction via window.iota. • EVM Provider: Complete EIP-1193 implementation via window.ethereum — compatible with MetaMask-style dApps. Supports eth_requestAccounts, eth_sendTransaction, personal_sign, eth_signTypedData_v4, and read-only methods (eth_call, eth_getBalance, etc.). • Secure approval flow: dApp requests trigger a dedicated popup where you review transaction details, verify the requesting site, and confirm with your password before any signature is produced. • Real-time events: accountsChanged, chainChanged, connect, disconnect. 👥 MULTI-PROFILE & MULTI-ACCOUNT • Create multiple profiles (each with its own mnemonic) and derive multiple accounts per profile using standard BIP-44 paths. • L1 derivation: m/44'/4218'/index'/0'/0' (Ed25519, hardened). • EVM derivation: m/44'/60'/0'/0/index (secp256k1, Ethereum-compatible). • Import existing wallets via 12/24-word BIP-39 recovery phrase or raw private key (hex or Bech32 iotaprivkey... format). • Lock individual accounts for an extra layer of security — locked accounts require password re-entry before any signing operation. 🛡️ SECURITY-FIRST ARCHITECTURE • Auto-Lock: Configurable idle timeout (1 minute to 24 hours) automatically clears sensitive keys from memory. • Clipboard Safety: Sensitive data (addresses, recovery phrases, private keys) is automatically cleared from the clipboard 30 seconds after copying, using Chrome's alarms API for reliable timing even across popup lifecycles. • Content Security Policy: Strict CSP with only 'wasm-unsafe-eval' for Argon2id WASM execution. No inline scripts, no eval, no external connections except https:/wss:. • Custom RPC Validation: Rejects loopback addresses (127.x.x.x, ::1), private IP ranges (RFC1918), link-local addresses, and .local domains to prevent SSRF attacks. • Image URL Sanitization: All external image URLs (validator icons, dApp favicons, NFT images) are enforced to https:// only — no data: URIs or http: that could carry malicious payloads. • dApp Origin Verification: getVerifiedOrigin() requires sender.tab to prevent extension-page message forgery. • Request Flood Protection: Global limit of 50 pending requests, 3 per origin, with 5-minute TTL and 60-second cleanup intervals. • EVM RPC Rate Limiting: Token-bucket algorithm (30 burst / 0.5 per second sustained) per origin to prevent RPC abuse. • Transaction Safety: Transactions with >200 commands trigger a red warning. Chain mismatch between the transaction and current network is flagged. • 10 MB response size limit on RPC responses to prevent memory exhaustion. • Double-click protection: Send buttons disable during transaction processing to prevent duplicate submissions. 🌐 MULTIPLE NETWORKS • L1: Mainnet, Testnet, Devnet (with built-in faucet), and Custom RPC. • EVM: Mainnet (chainId 8822), Testnet (chainId 1076), and custom EVM RPC. • Devnet/Testnet faucet integration for easy testing — one-click token requests directly from the wallet. 🌍 MULTI-LANGUAGE • English, 繁體中文 (Traditional Chinese), 한국어 (Korean). • All error messages, transaction prompts, and UI labels are fully localized — no raw i18n keys visible to users. • Custom lightweight i18n hook with automatic fallback to English for missing keys. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ WHY HOST PERMISSIONS ARE NEEDED ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ This extension injects a content script and dApp interface into HTTPS pages to enable wallet-dApp communication — a standard pattern used by all major browser-extension wallets (MetaMask, Phantom, etc.). The broad https:/// host permission is required because IOTA dApps can be hosted on any domain, and the wallet cannot predict which sites users will visit. http://localhost/* is needed for local dApp development and testing. The extension explicitly excludes injection on banking, payment, and search engine sites via exclude_matches to minimize unnecessary access. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ WHO IS THIS FOR? ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • IOTA token holders who want a secure, browser-native wallet with full self-custody • DeFi participants on IOTA EVM who need EIP-1193 wallet connectivity for dApp interaction • Stakers who want to delegate IOTA to validators and track rewards natively • Developers building on IOTA who need a reliable wallet for testing (devnet/testnet faucet built in) • Enterprise users who need batch payment capabilities via CSV import and PTB transactions • Users who hold assets on both IOTA L1 and EVM and need seamless cross-chain bridging ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ TECHNICAL SPECIFICATIONS ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • Architecture: Chrome Manifest V3 extension with 5 isolated JS contexts (Service Worker, Popup UI, Content Script, dApp Interface, dApp Approval Popups) • UI: React 19 SPA, 360×600 popup or fullscreen, Zustand v5 state management • Signing: All L1 and EVM signing executed exclusively in the background Service Worker — the only context that holds derived keys in memory • Build: Vite with Terser minification, code splitting (EVM client lazy-loaded), console.log stripped in production • Dependencies: @iota/iota-sdk, ethers v6, viem v2, @scure/bip39, @scure/bip32, hash-wasm, zustand v5, zod v4 Links: • Support: https://iotawallet.8787887.xyz/support • Terms of Service: https://iotawallet.8787887.xyz/terms • Privacy Policy: https://iotawallet.8787887.xyz/privacy • Feedback: https://iotawallet.8787887.xyz/feedback Disclaimer: This is a self-custodial wallet. You are entirely responsible for the secure backup of your recovery phrase. No one — including the developers — can recover your funds if you lose your seed phrase. We do not have access to your funds, keys, or passwords.