Security

How can I recover my TON Wallet

You can restore access to TON Wallet via its Recovery Phrase, or with your recovery email, if email recovery was previously enabled.

Important: email recovery is only possible if you access TON Wallet from the same Telegram account you used to enable email recovery. Read more about email recovery.

If you use another Telegram account, then you will only be able to restore TON Wallet with your Recovery Phrase.

What is a Secret Recovery Phrase

A Secret Recovery Phrase is a set of randomly generated words that provides full access to your non-custodial wallet. To restore access, you must enter all 24 words in the correct order.

DeFi Account uses the BIP-39 system, and the recovery phrase consists of 24 words.

⚠️ Important Safety Rules:

  • Never share your phrase with anyone.
  • Do not enter it on third-party websites.
  • Do not share it with friends, support agents or anyone else.
  • Store the phrase securely in a safe place — do not take screenshots or save it in messaging apps.

How can I find my seed phrase in DeFi Account

At any time, you can find your seed phrase within your DeFi Account, by going to Settings > Backup & Recovery Phrase > Tap to view phrase.

Before the seed phrase is displayed, a safety check notification will appear. Review it carefully and confirm your consent to view the phrase.

Where is my seed phrase stored

Your seed phrase is stored only on your device. Neither Crypto Wallet nor Telegram have access to it.

Can I change the Secret Phrase

You cannot change your Secret Phrase — it’s generated once when DeFi Account is created, using encryption and randomization.

If someone has access to your Secret Phrase, it’s strongly recommended to create a new wallet, store the new phrase in a secure (preferably offline) place, and transfer all funds from the old wallet to the new one.

This helps protect your assets.

Secret Phrase / one word doesn't work

If your Secret Phrase doesn’t work, try these steps:

  1. Make sure all 24 words are entered correctly, with no typos, extra characters, or spaces. Even a single incorrect letter can cause an error.
  2. Double-check each word matches exactly with your original phrase. It’s best to compare word-by-word from your backup.
  3. Try re-entering the entire phrase, carefully checking each word.

If the phrase still doesn’t work:

  • Make sure you’re using the correct phrase for DeFi Account, not for a different wallet.
  • Check that the word order is correct — the sequence matters.

If access still can’t be restored, the phrase may have been written down incorrectly or lost. In that case, recovery is unfortunately not possible.

What should I do if I lost my Secret Recovery Phrase

If you have not opted in for DeFi Account email recovery, and you have no access to devices with your DeFi Account enrolled, you will lose access to your assets.

As DeFi Account is a non-custodial wallet, only you have access to your Secret Recovery Phrase. Crypto Wallet cannot recover access if a DeFi Account is lost. Read about the differences between Crypto Wallet and DeFi Account here.

What should I do if I lost my seed phrase and didn't have email recovery turned on

During DeFi Account creation, you can provide your email address for wallet recovery via email and your Telegram account.

If not, you can recover using your Secret Recovery Phrase. Keep your Secret Recovery Phrase safe for potential DeFi Account recovery.

⚠️ Note: If you do not have your Secret Recovery Phrase saved offline and have not setup Recovery over email, you may lose your funds.

How can I restrict access to my DeFi Account

Only you can access your DeFi Account because to be able to use it, one needs to log in to your Telegram account on your specific device. To ensure your wallet’s security, avoid sharing your unlocked device with anyone else.

How does the backup process work in DeFi Account

There are two backup options. The first is an email backup, with a unique decryption key generated on your device. This key encrypts your seed phrase and splits the newly encrypted piece into two parts, known as shards, which are then sent to the corporate servers. Crypto Wallet stores the decryption key, DeFi Account keeps the first shard separate from Crypto Wallet, and Telegram secures the second shard. Both shards are securely encrypted, making it impossible for any party, other than yourself, to access your DeFi Account account.

The second option is a manual backup, where your seed phrase is only stored on your device.

⚠️ Note: If you lose access to your Telegram account or your email, you will need your Secret Recovery Phrase to recover your DeFi Account funds.

How to restore access to DeFi Account via Recovery Phrase

To access an existing DeFi Account with a Recovery Phrase, tap “Create or import another wallet”, then select “Add Existing Wallet” and enter your seed phrase.

Can I recover my TON Wallet via email

If you previously enabled email recovery during TON Wallet setup or in your TON Wallet Settings, you can restore access to your TON Wallet via email. On the main page, choose the desired address and tap ‘Restore TON Wallet’.

After that, you will receive a recovery code to your registered email in order to log in.

Important: email recovery is available only from the specific Telegram account that you used to previously enable this feature. If you use multiple Telegram accounts but have one wallet address in TON Wallet, you will need to use your Recovery Phrase to access TON Wallet — as email recovery is only available from one account.

How can I turn on email recovery

By tapping ‘Back Up via Email’ during the creation process you can add your email address as an extra recovery method, in addition to your TON Wallet’s Recovery Phrase.

If you have already created a TON Wallet, you can add a recovery email at any time via Settings. Tap the 3 dots in the TON Wallet app’s upper-right corner, then tap Settings > ‘Enable Email Recovery’. After that, you will receive a verification code to your specified recovery email. Once verified, your email address can be used to recover your TON Wallet in the future.

Important:

  • Email recovery works only if you can access both your Telegram account and the registered email. We strongly recommend that you still write down and safely store your Recovery Phrase, so that you never lose access to your TON Wallet.
  • If you already have TON Wallet with email recovery enabled, when you create a new TON Wallet and enable email recovery on it, the previously linked email will be used automatically.

How can I change my recovery email

Currently, you can only change your linked email if you still have access to the existing email address.

If you no longer have access to the current email, it cannot be changed. In this case:

  1. Contact your email provider to recover access to the inbox.
  2. Use your Secret Phrase to log in to TON Wallet, if you backed it up earlier.

🔒 Only the user who has access to the current email can change it in TON Wallet settings.


If access is still available, you can update your linked email address via your TON Wallet settings.

Before starting, make sure you have access to your current email, as a verification code will be sent to it during the update process.

Instructions to change the email:

  1. Tap the three dots in the top right corner of your TON Wallet.
  2. Go to Settings > Backup & Recovery Phrase > Change Recovery Email.
  3. Enter the code sent to your currently linked email address.
  4. Enter the new email address you wish to use for future recovery.

Important:

TON Wallet is a non-custodial service.

Only the wallet owner can update the email address.

The support team cannot access your Secret Recovery Phrase, your email or any personal data. They cannot update your email.

Does the Support team know the email I added for recovery or my seed phrase

Support team does not have access to the email address you provided for DeFi Account recovery. Also, no one, except you, can access your Seed phrase, even the DeFi Account support team.

Thus, it is important that you write down the Seed phrase and store it in a safe place, even if you already made an email backup. 

Will Crypto Wallet be able to access my seed phrase, if I turn on email recovery

No, your seed phrase is stored only on your device. Your email serves as an additional identification method, used together with your Telegram account, to help you regain access to your DeFi Account. The recovery code sent via email only works when you are logged into your Telegram account. This code enables the decryption of the seed phrase from the two shards created during the backup process.

What should I do if I do not receive a recovery code via email

If the recovery code doesn't come to the mentioned email, please check first:

  1. if you received messages with an email subject: Recover your DeFi Account account.
  2. if you have the email letter with an authorization code in other folders: Spam, Promotions or Deleted messages.
  3. If there is enough free space in your mailbox. If your storage is full, free up some space and request the code again.

If the email letter still hasn't come, while the code was successfully sent, please write to the support team. We will check the status of the message sent.

What to do if you received a recovery code by email that you didn't request

The email-based recovery feature in DeFi Account is linked to the Telegram account from which it was originally activated.

If you did not request a recovery code, it's recommended that you check active Telegram sessions on other devices — especially any that you no longer have access to. For added security, enable automatic termination of unused sessions.

Telegram settings: Settings > Privacy and Security > Devices

Important: If a third party does not have access to your Telegram account, they cannot access your DeFi Account through email — even if they know your email address.

Can I restore access via email

Yes, you can restore access to DeFi Account via email, if you linked it in advance in the settings — either when creating your DeFi Account or at some point after the fact.

However, email recovery works only if you still have access to the Telegram account that was linked to DeFi Account.

What it means to have access to your Telegram account:

  • You did not create a new Telegram account
  • You did not recover your account by phone number after deletion or loss
  • You have full access to the original Telegram account used to set up DeFi Account.

If you deleted your Telegram account or created a new account with the same number, you will not be able to access the previously created wallet address in DeFi Account.

❗ If your Telegram account is not accessible, recovery is only possible using your Secret Phrase.

❗ If your email was not linked, recovery is also only possible with your Secret Phrase.

Email recovery is a secondary login option, not a replacement for your Secret Phrase.

The Secret Phrase remains the main and most reliable way to recover access.

In rare cases where email recovery does not work, we recommend using the Secret Phrase to access your non-custodial wallet on the TON blockchain.


How to restore access via email?

  1. Open DeFi Account.
  2. Select your wallet from the list.
  3. Tap ‘Restore DeFi Account’.
  4. Enter the code sent to your linked email.

Email recovery is provided for convenience.

It’s especially helpful for beginners who may find it difficult to store and use a Secret Phrase. That said, the Secret Phrase remains the primary key to your wallet.

What to do if I lost access to an email address linked to my DeFi Account

We recommend that you contact your email service provider’s support. Typically, they can help to restore access using a backup email, phone number, or answers to security questions.

Once you restore access to your email, you will be able to use it again to log in to your DeFi Account.

If the email cannot be restored, you can only access your DeFi Account by using your Secret Phrase.

If someone logs into my Telegram account on another device, will they be able to see DeFi Account

No, your DeFi Account will not automatically appear on other devices. To access it on a new device, you must manually log in again, either via your seed phrase or your email recovery, provided you have previously created an email backup.

Can I restore DeFi Account via email if I lost access to my Telegram account

Unfortunately, if you’ve already lost access to your Telegram account, it is not possible to recover access to DeFi Account. Each Telegram account is assigned a unique numeric identifier called a Telegram ID.

If a Telegram account is deleted, all data linked to it is permanently removed. Re-registering with the same phone number creates a new Telegram ID and previous data is not restored automatically.


  1. If you simply reinstalled Telegram:

Deleting and reinstalling the Telegram app does not change your Telegram ID, as long as you log back into the same account.

In this case, you can recover access to DeFi Account via email, if you had previously linked your email.

To recover DeFi Account using your email:

  • On the recovery screen, select the associated email address.
  • Tap “Recover DeFi Account”.
  • Enter the code sent to your email.

Note: If your email is not shown in the list, it means that email-based recovery was never enabled for that account.

  1. If Telegram restored without Chat History:

If, after restoring Telegram, you don’t see your chat history and Telegram behaves like a new account — you likely created a new Telegram account with a new Telegram ID.

In this case, email recovery will not work, as it is tied to your previous Telegram ID.

The only way to restore access to your DeFi Account is by using your Secret Recovery Phrase.

Here’s how:

  • On the DeFi Account home screen, tap “Create or Import Another Wallet”.
  • Choose “Add My Wallet”.

  • Enter your Secret Recovery Phrase (24 words in the correct order).


3) If you have neither the Secret Recovery Phrase nor access to the old Telegram account:

In this case, it is not possible to restore access to your DeFi Account.

DeFi Account is a non-custodial wallet, meaning only you control the Secret Recovery Phrase and access to your funds.

The security of your Secret Phrase is critical. No one — not even support — can recover access without it.

Can I disable email recovery

No, if the DeFi Account email recovery feature has already been enabled, it cannot be disabled. You can change the linked email address in the DeFi Account settings by following the instructions here.

Is it possible for an attacker to get access to my seed phrase

No, unless you provide both your device and its passcode to an attacker. If someone has your phone but does not know the passcode, they cannot access any data. This is because smartphone flash storage is encrypted by default, making it impossible for an attacker to retrieve your files without unlocking the device.

If someone knows my wallet address, can they access my DeFi Account

No, simply knowing your wallet address does not grant access to your DeFi Account or control over your funds.

To gain access to the wallet, someone would need to know your Secret Recovery Phrase (seed phrase), which is generated when the wallet is created.

This phrase is the true key to your wallet — it is the only way to obtain full control over your assets.

Important: Never share your Secret Recovery Phrase — not even with friends, family or support staff.

Store it in a secure, private location. If someone gains access to your phrase, they can take full control of your funds.

If someone hacks my email, can they access my DeFi Account

No, having access to your email alone is not enough to access your DeFi Account.

Even if a third party gains access to your email, it won’t be sufficient.

The confirmation code sent to your email must be entered from the Telegram account that originally enabled the recovery feature.

Without access to your Telegram account, the recovery process cannot be completed.

This provides an additional layer of security, even if your email has been compromised.

Do Crypto Wallet / Telegram employees have access to DeFi Account seed phrase

Neither company can access your seed phrase. DeFi Account only holds part of the encrypted seed phrase, specifically 14 encrypted words, along with the decryption key. Meanwhile, Telegram holds another part, containing 10 encrypted words, but without the decryption key. Possessing either of these parts, even if fully decrypted, does not allow anyone to brute-force the other part. Here you can see some explanatory texts and a video demonstrating why brute-forcing is not possible.

I received a request from Support asking for my Secret Recovery Phrase — can I share it

Under no circumstances should you share your Secret Recovery Phrase with anyone — not even with DeFi Account support. Our support team will never message you first in private and will never ask for your Secret Recovery Phrase.

When contacting support, we may request your DeFi Account address in order to help troubleshoot your issue.

All DeFi Account addresses are anonymous. Sharing your wallet address means you are linking it to your Telegram account.

If you prefer not to share this information, support agents can guide you on how to check the data yourself using a blockchain explorer.

What should I do if I accidentally shared my Secret Recovery Phrase with support or a third party

If you accidentally shared your Secret Recovery Phrase with a third-party website, person or in a chat — immediately withdraw all funds from that wallet to a new, secure wallet created with a new secret phrase.

Why this is critical:

  • Anyone with access to your secret phrase can gain full control of your funds at any time.
  • Creating a new wallet is just the first step — the most important action is to transfer your assets from the compromised wallet and stop using it altogether.

How can I further secure my DeFi Account

To boost your DeFi Account’s security, follow the same precautions you would with any confidential information stored on your device. First off, never give your unlocked phone to someone you do not fully trust. Also, keep your email passwords to yourself, especially if the email is linked to your DeFi Account. If you opt for a manual backup, be mindful about where you keep your seed phrase — store it securely and make sure not to lose it.

To remove data about your seed phrase from DeFi Account, you should log out of your Telegram account and then uninstall the Telegram application from your device. Doing so will completely delete the seed phrase from your device.

Is there a plan for DeFi Account to release its source code on Github

We are exploring the possibility of making our code available on Github in the future. For now, our primary focus is on refining and developing the product. 

Are there plans to improve the security features of DeFi Account

Absolutely, we plan to implement a passcode for on-device encryption of the seed phrase. Additionally, we plan to further divide and distribute the decryption key and seed phrase shards across three separate storage locations for increased security.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.