Never Share Your Private Key
Your private key (or seed phrase) is the master password to your wallet. Anyone who has it has full and irreversible control over your funds. XamanProtocol will NEVER ask for your private key or seed phrase. Any request for these — even if it appears to come from XamanProtocol support — is a scam.
How XamanProtocol Signs Transactions Safely
When you use Xaman with XamanProtocol:
- XamanProtocol creates a transaction request and sends it to the Xaman API.
- The Xaman app on your phone receives the request and displays it.
- You review the transaction details and approve or reject it.
- Your private key signs the transaction locally on your phone — it never leaves your device.
- XamanProtocol receives only the signed transaction, not your key.
Verify Before You Sign
Always check transaction details in Xaman before approving:
- Destination: Should be XamanProtocol's XRPL address
- Amount: Should match what you selected in the XamanProtocol modal
- Destination Tag: Should match your user-specific tag
- Memo: Should contain 'xamanprotocol' reference
If anything looks wrong, reject the transaction and contact support.
Keep Your Xaman App Updated
Always use the latest version of the Xaman app. Updates include security patches and compatibility improvements. Enable automatic app updates on your device.