Security


What is a Secret Recovery Phrase

A Secret Recovery Phrase is a set of randomly generated words that provides full access to your non-custodial wallet. To restore access, you must enter all 24 words in the correct order.

TON Wallet uses the BIP-39 system, and the recovery phrase consists of 24 words.

⚠️ Important Safety Rules:

  • Never share your phrase with anyone.
  • Do not enter it on third-party websites.
  • Do not share it with friends, support agents or anyone else.
  • Store the phrase securely in a safe place — do not take screenshots or save it in messaging apps.

How can I find my seed phrase in TON Wallet

At any time, you can find your seed phrase within your TON Wallet, by going to Settings > TON Wallet > Backup & Recovery Phrase > Tap to view phrase.


Where is my seed phrase stored

Your seed phrase is stored only on your device. Neither Crypto Wallet nor Telegram have access to it.


Can I change the Secret Phrase

You cannot change your Secret Phrase — it’s generated once when TON Wallet is created, using encryption and randomization.

If someone has access to your Secret Phrase, it’s strongly recommended to create a new wallet, store the new phrase in a secure (preferably offline) place, and transfer all funds from the old wallet to the new one.

This helps protect your assets.


Secret Phrase / one word doesn't work

If your Secret Phrase doesn’t work, try these steps:

  1. Make sure all 24 words are entered correctly, with no typos, extra characters, or spaces. Even a single incorrect letter can cause an error.
  2. Double-check each word matches exactly with your original phrase. It’s best to compare word-by-word from your backup.
  3. Try re-entering the entire phrase, carefully checking each word.

If the phrase still doesn’t work:

  • Make sure you’re using the correct phrase for TON Wallet, not for a different wallet.
  • Check that the word order is correct — the sequence matters.

If access still can’t be restored, the phrase may have been written down incorrectly or lost. In that case, recovery is unfortunately not possible.


What should I do if I lost my Secret Recovery Phrase

If you have not opted in for TON Wallet email recovery, and you have no access to devices with your TON Wallet enrolled, you will lose access to your assets.

As TON Wallet is a non-custodial wallet, only you have access to your Secret Recovery Phrase. Crypto Wallet cannot recover access if a TON Wallet account is lost. Read about the differences between Crypto Wallet and TON Wallet here.


What should I do if I lost my seed phrase and didn't have email recovery turned on

During TON Wallet creation, you can provide your email address for wallet recovery via email and your Telegram account.

If not, you can recover using your Secret Recovery Phrase. Keep your Secret Recovery Phrase safe for potential TON Wallet recovery.

⚠️ Note: If you do not have your Secret Recovery Phrase saved offline and have not setup Recovery over email, you may lose your funds.


How can I restrict access to my TON Wallet

Only you can access your TON Wallet because to be able to use it, one needs to log in to your Telegram account on your specific device. To ensure your wallet’s security, avoid sharing your unlocked device with anyone else.


How does the backup process work in TON Wallet

There are two backup options. The first is an email backup, with a unique decryption key generated on your device. This key encrypts your seed phrase and splits the newly encrypted piece into two parts, known as shards, which are then sent to the corporate servers. Crypto Wallet stores the decryption key, TON Wallet keeps the first shard separate from Crypto Wallet, and Telegram secures the second shard. Both shards are securely encrypted, making it impossible for any party, other than yourself, to access your TON Wallet account.

The second option is a manual backup, where your seed phrase is only stored on your device.

⚠️ Note: If you lose access to your Telegram account or your email, you will need your Secret Recovery Phrase to recover your TON Wallet funds.


Does the Support team know the email I added for recovery or my seed phrase

Support team does not have access to the email address you provided for TON Wallet recovery. Also, no one, except you, can access your Seed phrase, even the TON Wallet support team.

Thus, it is important that you write down the Seed phrase and store it in a safe place, even if you already made an email backup. 


Will Crypto Wallet be able to access my seed phrase, if I turn on email recovery

No, your seed phrase is stored only on your device. Your email serves as an additional identification method, used together with your Telegram account, to help you regain access to your TON Wallet. The recovery code sent via email only works when you are logged into your Telegram account. This code enables the decryption of the seed phrase from the two shards created during the backup process.


What should I do if I do not receive a recovery code via email

If the recovery code doesn't come to the mentioned email, please check first:

  1. if you received messages with an email subject: Recover your TON Wallet account.
  2. if you have the email letter with an authorization code in other folders: Spam, Promotions or Deleted messages.

If the email letter still hasn't come, while the code was successfully sent, please write to the support team. We will check the status of the message sent.


What to do if you received a recovery code by email that you didn't request

The email-based recovery feature in TON Wallet is linked to the Telegram account from which it was originally activated.

If you did not request a recovery code, it's recommended that you check active Telegram sessions on other devices — especially any that you no longer have access to. For added security, enable automatic termination of unused sessions.

Telegram settings: Settings > Privacy and Security > Devices

Important: If a third party does not have access to your Telegram account, they cannot access your TON Wallet through email — even if they know your email address.


Can I restore access via email

Yes, you can restore access to TON Wallet via email, if you linked it in advance in the settings — either when creating your TON Wallet or at some point after the fact.

However, email recovery works only if you still have access to the Telegram account that was linked to TON Wallet.

What it means to have access to your Telegram account:

  • You did not create a new Telegram account
  • You did not recover your account by phone number after deletion or loss
  • You have full access to the original Telegram account used to set up TON Wallet.

If you deleted your Telegram account or created a new account with the same number, you will not be able to access the previously created wallet address in TON Wallet.

❗ If your Telegram account is not accessible, recovery is only possible using your Secret Phrase.

❗ If your email was not linked, recovery is also only possible with your Secret Phrase.

Email recovery is a secondary login option, not a replacement for your Secret Phrase.

The Secret Phrase remains the main and most reliable way to recover access.

In rare cases where email recovery does not work, we recommend using the Secret Phrase to access your non-custodial wallet on the TON blockchain.


How to restore access via email?

  1. Open TON Wallet.
  2. Select your wallet from the list.
  3. Tap ‘Restore TON Wallet’.
  4. Enter the code sent to your linked email.

Email recovery is provided for convenience.

It’s especially helpful for beginners who may find it difficult to store and use a Secret Phrase. That said, the Secret Phrase remains the primary key to your wallet.


If someone logs into my Telegram account on another device, will they be able to see TON Wallet

No, your TON Wallet will not automatically appear on other devices. To access it on a new device, you must manually log in again, either via your seed phrase or your email recovery, provided you have previously created an email backup.


Can I restore TON Wallet via email if I lost access to my Telegram account

Unfortunately, if you’ve already lost access to your Telegram account, it is not possible to recover access to TON Wallet. Each Telegram account is assigned a unique numeric identifier called a Telegram ID.

If a Telegram account is deleted, all data linked to it is permanently removed. Re-registering with the same phone number creates a new Telegram ID and previous data is not restored automatically.


  1. If you simply reinstalled Telegram:

Deleting and reinstalling the Telegram app does not change your Telegram ID, as long as you log back into the same account.

In this case, you can recover access to TON Wallet via email, if you had previously linked your email.

To recover TON Wallet using your email:

  • On the recovery screen, select the associated email address.
  • Tap “Recover TON Wallet”.
  • Enter the code sent to your email.

Note: If your email is not shown in the list, it means that email-based recovery was never enabled for that account.

  1. If Telegram restored without Chat History:

If, after restoring Telegram, you don’t see your chat history and Telegram behaves like a new account — you likely created a new Telegram account with a new Telegram ID.

In this case, email recovery will not work, as it is tied to your previous Telegram ID.

The only way to restore access to your TON Wallet is by using your Secret Recovery Phrase.

Here’s how:

  • On the TON Wallet home screen, tap “Create or Import Another Wallet”.
  • Choose “Add My Wallet”.
  • Enter your Secret Recovery Phrase (24 words in the correct order).


3) If you have neither the Secret Recovery Phrase nor access to the old Telegram account:

In this case, it is not possible to restore access to your TON Wallet.

TON Wallet is a non-custodial wallet, meaning only you control the Secret Recovery Phrase and access to your funds.

The security of your Secret Phrase is critical. No one — not even support — can recover access without it.


Is it possible for an attacker to get access to my seed phrase

No, unless you provide both your device and its passcode to an attacker. If someone has your phone but does not know the passcode, they cannot access any data. This is because smartphone flash storage is encrypted by default, making it impossible for an attacker to retrieve your files without unlocking the device.


If someone knows my wallet address, can they access my TON Wallet

No, simply knowing your wallet address does not grant access to your TON Wallet or control over your funds.

To gain access to the wallet, someone would need to know your Secret Recovery Phrase (seed phrase), which is generated when the wallet is created.

This phrase is the true key to your wallet — it is the only way to obtain full control over your assets.

Important: Never share your Secret Recovery Phrase — not even with friends, family or support staff.

Store it in a secure, private location. If someone gains access to your phrase, they can take full control of your funds.


If someone hacks my email, can they access my TON Wallet

No, having access to your email alone is not enough to access your TON Wallet.

Even if a third party gains access to your email, it won’t be sufficient.

The confirmation code sent to your email must be entered from the Telegram account that originally enabled the recovery feature.

Without access to your Telegram account, the recovery process cannot be completed.

This provides an additional layer of security, even if your email has been compromised.


Do Crypto Wallet / Telegram employees have access to TON Wallet seed phrase

Neither company can access your seed phrase. TON Wallet only holds part of the encrypted seed phrase, specifically 14 encrypted words, along with the decryption key. Meanwhile, Telegram holds another part, containing 10 encrypted words, but without the decryption key. Possessing either of these parts, even if fully decrypted, does not allow anyone to brute-force the other part. Here you can see some explanatory texts and a video demonstrating why brute-forcing is not possible.


I received a request from Support asking for my Secret Recovery Phrase — can I share it

Under no circumstances should you share your Secret Recovery Phrase with anyone — not even with TON Wallet support. Our support team will never message you first in private and will never ask for your Secret Recovery Phrase.

When contacting support, we may request your TON Wallet address in order to help troubleshoot your issue.

All TON Wallet addresses are anonymous. Sharing your wallet address means you are linking it to your Telegram account.

If you prefer not to share this information, support agents can guide you on how to check the data yourself using a blockchain explorer.


What should I do if I accidentally shared my Secret Recovery Phrase with support or a third party

If you accidentally shared your Secret Recovery Phrase with a third-party website, person or in a chat — immediately withdraw all funds from that wallet to a new, secure wallet created with a new secret phrase.

Why this is critical:

  • Anyone with access to your secret phrase can gain full control of your funds at any time.
  • Creating a new wallet is just the first step — the most important action is to transfer your assets from the compromised wallet and stop using it altogether.

How can I further secure my TON Wallet

To boost your TON Wallet’s security, follow the same precautions you would with any confidential information stored on your device. First off, never give your unlocked phone to someone you do not fully trust. Also, keep your email passwords to yourself, especially if the email is linked to your TON Wallet. If you opt for a manual backup, be mindful about where you keep your seed phrase — store it securely and make sure not to lose it.


To remove data about your seed phrase from TON Wallet, you should log out of your Telegram account and then uninstall the Telegram application from your device. Doing so will completely delete the seed phrase from your device.


Is there a plan for TON Wallet to release its source code on Github

We are exploring the possibility of making our code available on Github in the future. For now, our primary focus is on refining and developing the product. 


Are there plans to improve the security features of TON Wallet

Absolutely, we plan to implement a passcode for on-device encryption of the seed phrase. Additionally, we plan to further divide and distribute the decryption key and seed phrase shards across three separate storage locations for increased security.