Skip to content
All guides How Arca keeps your wallet safe

How Arca keeps your wallet safe

The security model behind Arca. Why there is no 12-word recovery phrase, how sign-in recovery works, and what happens before every transaction goes through.

Your wallet security depends on a few things working together: how the wallet is created, how you get back in if you lose access, and what checks run before each transaction. Arca handles each of these a little differently from a typical wallet, and the result is simpler to use and harder to lose.

This page explains the three pieces. You do not need to understand them in detail to use Arca safely. Knowing the shape of the system is enough.

No 12-word recovery phrase

Most wallet apps ask you to write down 12 secret words when you sign up. Those words are the only way back into the wallet if you lose your phone or your app. Lose the 12 words, lose the wallet.

Arca does not work that way. When you sign up, Arca creates a signer tied to your login (your email, Google, or Apple account) and uses it to secure your Smart Account. There are no 12 words to write down. There is no piece of paper to hide.

What this means in practice:

  • Nothing to lose. You will not forget a phrase that was never yours to remember.
  • No backup ritual. You do not have to test whether you can recover before moving real money in.
  • Your login is the key to getting back in. Treat it the same way you would treat your primary bank login.

Built-in recovery

If something happens to your phone, you do not need a piece of paper to get back in. You sign in again with the same email, Google, or Apple account on any device running Arca, and your wallet opens with your balance and history intact.

This is what the app calls Built-in Recovery. It shows up in the Keys & Recovery screen in Settings. The short version: something goes wrong, you recover through your login.

No single point of failure means you do not depend on one password, one device, or one piece of paper. Your login provider (Google, Apple, or email) is what proves you are you, and you have their usual account recovery as a safety net.

Smart Account Protection

Every transaction in Arca passes through a safety check before it goes through. The check looks for suspicious activity and blocks things that look off. This is called Smart Account Protection in the app.

Standard wallets approve transactions blindly. You sign, it executes. Arca adds a step: it checks the transaction first, so you do not accidentally sign away tokens to a bad actor.

You see this most clearly when you connect to other apps through QR codes. Before any token movement, Arca reviews the request. If it looks dangerous, Arca flags it or blocks it.

What you still need to do

Arca handles the hard parts. Your remaining responsibilities are simpler:

  • Keep your login secure. Turn on two-factor authentication on your Google, Apple, or email account. That is the primary lock on your wallet.
  • Lock your phone. A passcode or biometric on the phone itself is a second layer.
  • Review before you confirm. Every Send screen shows you the destination and amount. Take the second it takes to read them.
  • Think before connecting apps. Only connect to apps you trust, and disconnect them when you are done. See Connect to other apps.

What about advanced users?

If you want the option to export your signer private key as an advanced backup, you can. The Export Wallet Key flow is in Settings under Keys & Recovery. It is optional and is not required for everyday use. See Export your wallet key for what it is and when to use it.

Most people never need to export. The recovery path through your login works for the large majority of situations.

The short version

  • Sign in with email, Google, or Apple.
  • Keep that login safe.
  • Lock your phone.
  • Read the screen before you confirm a send.

Do those four things and your wallet is in good shape.

Want to learn more?