Security & Token Safety
How do I export and use my private key?
Before exporting your private key, it’s important to understand what it is and how it works.
A private key is an alphanumeric code used to authorize transactions and prove ownership of a blockchain asset, mainly blockchain wallets. In simpler terms, a private key is like the master password to your cryptocurrency account —it’s what gives you control over your funds.
Your cryptocurrency itself is always stored on the blockchain, not within a wallet app. Instead, the wallet on your phone securely holds your private key, which allows you to manage your funds.
- 🔑 Think of it as the key to a safe: whoever has the private key can access the assets inside.
- 🔐 The private key represents the ownership of the wallet and should always be kept private. Sharing the private key means allowing anyone else to control your wallet.
- 💡 It’s different from a public key – your wallet address is also called a public key (you can share it to receive blockchain assets, like cryptocurrency), while the private key is your PIN (only you should have it).
- ⚠️ If you lose your private key, you lose access to your funds forever! There’s no "forgot password" option with self-custodial crypto wallets. Just like if you lose the key to your safe, you won’t be able to access the assets inside. As crypto wallets are secured by the latest cryptography, there won’t be a keysmith to help you out.
You can export your private key to your World Wallet. We recommend only exporting your private key if you fully understand what you are doing.
-
What are the uses of a private key?
1. Access Your Public Wallet
If you lose access to your World App account, your private key can help you regain access to the funds in your public wallet address, but not to your World App account. What you can do: Access your public wallet address and manage your funds. What you won’t be able to do: Access a World App account or World App features like Mini Apps. Some wallets allow you to import a wallet using the private key.
Example:
In MetaMask or Trust Wallet, you can go to Import Wallet, enter your private key, and gain access to a wallet. However, after importing the private key, you will see an EOA (Externally Owned Account) address—this is not your World App address. This additional step was taken for extra security.The EOA address is generated by your World App, but it is not where your funds are stored. To access and manage your funds, you must link your MetaMask wallet to a Safe UI wallet. For step-by-step instructions, see the Frequently Asked Questions section at the end of this article.
2. Sign Transactions
When you send crypto, your private key is used to digitally sign the transaction. This proves that you own the funds and authorizes the transfer.
You don’t manually enter your private key—your wallet application does this in the background.
3. Connect to Decentralized Apps (DApps)
Some platforms allow you to sign in using your wallet address and require signing by your private key. Please make sure that the DApp in question uses a public-private key pair to authenticate you without exposing your private key.
Use your private key only when necessary (like wallet recovery), and keep it offline to protect your assets.
Follow the instructions described below to find and export your private key.
-
Where do I find my private key in World App?
- Tap the Gear icon (⚙️) at the top of the screen to access the Settings menu
- Select Privacy & Legal (iOS) or Privacy (Android).
- Open Private Key
-
How can I unlock and export my private key?
Once you perform the steps listed above to find its location, proceed as follows:
- To initiate the unlocking process, tap Unlock private key
- Once you read and acknowledge the risk warnings, select the Understood button
- Follow the prompts to confirm your request to unlock the key
- Once confirmed, an unlocking period will begin
- A countdown timer will show you the time left to unlock the key
- This period is set to prevent potential attackers from stealing your private key
- When the private key is unlocked, it will be available for display for 72 hours
- You’ll see the options to either copy or reveal the key. Select your desired action
After 72 hours have passed, the key will be locked again. If needed, a new unlocking process must be performed.
REMEMBER: Any action involving your private key is risky. Never share it with anyone, or you could lose your wallet funds to theft. World App Support will never ask you for your private key.
-
Frequently Asked Questions
1. Can I access my private key even if some features are blocked in my World App?
Yes, you can tap the Export Private Key option as shown in this example:
2. How can I keep my private key safe?
The best way to keep your private key safe is to never export it.
Since there is only one private key linked to your account, it is essential to store it securely. Losing it may mean losing access to your funds permanently.
To prevent this, we recommend:
Never sharing your private key with anyone. Storing it in a safe place, such as a secure password manager or offline storage. Using a trusted and secure cryptowallet that protects your private key.
By keeping your private key safe, you ensure that only you have control over your cryptocurrency.
3. Can I generate a new private key?
No. only one private key exists per account.
4. How do I import my private key into a wallet?
Below is an example using MetaMask, but any non-custodial wallet that supports the Ethereum protocol can be used.
Step 1: Import the private key into MetaMask
Copy the private key from World App Go to MetaMask (App or browser extension) Tap on “Account” on the upper part of the screen Choose “Add Account or Hardware Wallet” Press on “Import Account” Paste the World App private key Tap on “Import”
Note: The address shown in MetaMask as imported is the EOA address of your World App, not the World wallet address (where the funds are).
Example:
To gain access to your World wallet address, you’ll need to link MetaMask (or other non-custodial wallet) to Safe. See Step 2 below for more details.
Step 2: Navigate to Safe and link your MetaMaskGo to Safe Tap on “Connect” Select the “WalletConnect” wallet icon Select “MetaMask” Safe will redirect you to MetaMask (or your wallet) to confirm Tap on “Connect” Navigate back to Safe The World wallet address will be shown under Accounts Tap on “World Chain” The World wallet address will show up in Safe
Example:
If you’re having trouble navigating MetaMask or any other external platform, please reach out to their support team here: https://support.metamask.io/
Step 3: Network Fees - Deposit and bridge native ETH to the EOA address
When performing crypto transactions with a non-custodial wallet, users need to hold sufficient native tokens of the blockchain network to cover the network fees needed to perform transactions.
World App sponsors network fees for its users when performing crypto transactions on World Chain. However, once a user imports the private key into another non-custodial wallet, the user will sign transactions through that wallet and World App will no longer sponsor these fees.
To cover the network fees and perform transactions like sending or swapping tokens, users will need to deposit ETH to their EOA address (the one imported into the non-custodial wallet).
To bridge native ETH to World Chain, you can use:
World Chain Superbridge provided by Superbridge, a website-hosted user interface (the "Interface") provided by Blob Engineering Pte. Ltd.: Withdraw ETH to the EOA address on any of the networks presented on Superbridge ( ETH network would be the preferred option).
To bridge native ETH to the EOA address, please follow these actions:
Using the Ethereum network, deposit ETH to the EOA address imported into MetaMask (or other non-custodial wallet) When your ETH reaches your wallet on the ETH network, navigate to https://world-chain.superbridge.app/ Connect your non-custodial wallet (MetaMask) to the World Chain Superbridge World Chain Superbridge will send an authorisation request to your MetaMask wallet; navigate back to MetaMask and approve the wallet connection to Safe Return to World Chain Superbridge and select the networks: From ETH To World Chain Fill in the amount Check the bridge order preview and ensure it corresponds to the amount you’ve chosen Tap on “Review Bridge” Review the bridging details one more time before tapping on “Continue” Acknowledge that the receiving wallet address (your imported EOA) supports World Chain Start the bridge
Example:
IMPORTANT: World App does not have access to your private key, and does not maintain control over your wallet, digital tokens, or private keys. Users are responsible for the risk of loss of their private keys and neither TFH nor World App is able to recover such keys.
Translations may differ slightly from the original English content. For the most accurate information, please refer to the article's English version if any discrepancies occur.
How can I stay safe with my World wallet?
Keeping your World Wallet secure is essential. As a self-custodial wallet, you are responsible for protecting your device, your backups, and your credentials.
Follow these best practices to stay safe:
1. Protect your phone
Your phone is the key to your wallet.
NEVER allow strangers to handle your phone.
Orb Operators should never ask to handle your phone. If anyone does, stop interacting with them and report the encounter through World App.
Always keep your phone locked when not in use.
Keep your operating system updated to the latest version.
Do not jailbreak (iOS) or root (Android) your device.
Only download apps from official stores such as the Apple App Store or Google Play Store.
2. Enable biometric authentication
Adding biometric protection helps prevent unauthorized access.
-
On iOS (Face ID)
Tap the gear icon at the top of your wallet screen to open Settings.
Select Privacy & Legal.
Enable Face ID.
-
On Android (Fingerprint or device biometrics)
Tap the gear icon at the top of your wallet screen to open Settings.
Select Privacy.
-
Enable biometric authentication (such as fingerprint), depending on your device settings.
Note: Biometric options may vary depending on your device model.
3. Backup and recovery
- It is recommended that you add an available login method to your World App as soon as possible. This allows you to recover your account if your phone is lost, stolen, or replaced. You can find more details about login methods in this article: How do I sign in to my account?
- NEVER share your login credentials with anyone, including customer support. This may result in loss of access to your account and revocation of many World App features.
4. How can I safely make deposits or withdrawals using World App
- You should always default to depositing and withdrawing via the options provided within World App.
- You should NEVER send local currency or cryptocurrency to an individual who offers deposit or withdrawal services unless they are promoted as a service provider within World App in select countries.
- If you feel an individual is trying to scam or deceive you, you should stop interacting with them and submit a report to us via World App support.
Translations may differ slightly from the original English content. For the most accurate information, please refer to the article's English version if any discrepancies occur.
What are phishing scams and how can I avoid them?
What is phishing?
-
- Phishing is a method for scammers to gain fraudulent access to your account or personal information.
- Avoid sharing personal information on Discord, Twitter, or any social network, not even with what appear to be official World or Tools for Humanity social media accounts. Only interact with World through support in World App.
- If you have been the victim of a phishing attack, please contact support. Also, please report suspicious messages via World App so that we may assist you and conduct an investigation.
Translations may differ slightly from the original English content. For the most accurate information, please refer to the article's English version if any discrepancies occur.
What are best practices to avoid airdrop scams?
An airdrop is when a project distributes free tokens directly to users’ crypto wallets. While legitimate projects use airdrops for promotions, they are also commonly exploited in scams.
Scammers create fake airdrops to trick users into connecting their wallets and approving transactions. If the smart contract behind the airdrop is malicious, this can put your funds at risk or allow unauthorized access to your wallet.
Best practices to avoid airdrop scams
Only interact with verified projects: Before claiming an airdrop, confirm the project is legitimate by checking its official website and multiple verified social media channels.
Be cautious when connecting your wallet: Avoid connecting your wallet to unfamiliar or unverified smart contracts. If something doesn’t feel right, do not proceed.
Double-check links and URLs: Always review the URL carefully before clicking or tapping on it. Make sure it leads to the official website and has been shared through an official announcements channel.
Do your own research: Look for feedback from other users and community discussions to help determine whether the airdrop is legitimate.
Important: Only accept airdrops from verified profiles and sources you absolutely trust. If you are unsure, do not interact with the airdrop.
Translations may differ slightly from the original English content. For the most accurate information, please refer to the article's English version if any discrepancies occur.