# Wallet Security Guidelines ### 🔐 **Web3 Wallet Private Keys Are Crucial** Once a private key falls into the wrong hands, your assets can be completely drained. However, executing batch operations often requires using the private key, as it is impossible to sign multiple wallets simultaneously without it. ### To address such needs, there are two widely used types of tool in the market: 1. **Telegram Bots (TG BOT):** TG BOTs inherently require access to private keys to sign transactions, making them a common choice for batch operations. 2. Another approach involves using certain web-based tools that execute transactions on the backend after obtaining the user’s private key, but this method carries extremely high risk. * **Trust:** The platform must be highly trustworthy. * **Security:** The platform must have robust measures to protect private keys (e.g., the dexx server hack is a typical risk example). ### ✅ **How Does CiaoTool Keep Your Private Keys Safe?** CiaoTool uses a **client-side signing mechanism**, meaning your private key is **never uploaded or stored on any server**. All transactions are signed locally within your browser, ensuring that the platform is **technically incapable of accessing or stealing your private key**. For users who perform frequent operations, we also offer an **optional local encrypted storage** feature — balancing convenience with maximum security. ### 🛡️ **How to Ensure Private Keys Are Only Used for Local Signing** Any frontend tool that wants to access a private key must make an HTTPS request to send the key to a backend server. To verify this, you can inspect the tool's network activity: 1. Open **Chrome Browser**. 2. Right-click and select **Inspect**. 3. Navigate to **Network** -> **Fetch/XHR**. 4. Check if any requests send your private key to the backend (excluding third-party RPC interfaces like Helius for on-chain data). ### 🔐 **How to Operate Private Keys Safely and Conveniently** #### CiaoTool offers **three methods** for managing private keys: #### **1. Manual Input** ![](https://docs.dogtools.meme/~gitbook/image?url=https%3A%2F%2F1231829018-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FbI9FOXIMOA6RLmAW6lRu%252Fuploads%252FuGb1vOoQwpMQlOfNFwRq%252Fimage.png%3Falt%3Dmedia%26token%3D3f6f4fb8-d67a-4ebd-be10-a8a3aeb79ee1\&width=768\&dpr=4\&quality=100\&sign=d6315174\&sv=2) This method requires you to manage your private keys yourself and paste them into an input field. CiaoTool will use your private key for local signing. **⚠️ Security Precautions** : * Prevent malicious clipboard plugins on your computer from stealing your private key. * Ensure your private key isn’t stored in plain text on your device. Secure your device to prevent theft. #### **2. Import Private Key File** ![](https://docs.dogtools.meme/~gitbook/image?url=https%3A%2F%2F1231829018-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FbI9FOXIMOA6RLmAW6lRu%252Fuploads%252FkCjGk5RGWKgnxLSIl2um%252Fimage.png%3Falt%3Dmedia%26token%3D71edfaad-5c27-4bc2-ac76-8b340b2b9c6b\&width=768\&dpr=4\&quality=100\&sign=e1898dc6\&sv=2) CiaoTool supports importing private keys in **Excel**, **CSV**, **JSON**, or **TXT** formats. Compared to manual input, this method improves efficiency. * **Instructions**: * **For existing wallets:** download the \[template file] from the top left, paste your private keys into it, and import. * **For new wallets:** use the **Multi Sender** feature to create new wallets, perform batch transfers, and export them in one go. Then, import the exported file. * **⚠️ Security Precautions** : * Prevent malicious clipboard plugins from stealing your private key. * Ensure your private key isn’t stored in plain text on your device. Secure your device to prevent theft. #### **3. Local Encrypted Storage (Recommended 👍)** CiaoTool offers a **local encrypted storage** feature that uses AES encryption. Your private key is encrypted with a password you set (known only to you) and stored locally. * **Storage Location**: Chrome Browser -> Right-click -> Inspect -> Application. ![](https://docs.dogtools.meme/~gitbook/image?url=https%3A%2F%2F1231829018-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FbI9FOXIMOA6RLmAW6lRu%252Fuploads%252FYTrC8jXxUIDjBChDBs8Q%252Fimage.png%3Falt%3Dmedia%26token%3D213269a2-b35b-425b-822c-b15be6895d1d\&width=768\&dpr=4\&quality=100\&sign=26bfa93d\&sv=2) * **Advantages**: * Compared to manual input or file upload, private keys are not stored in plain text on your device. * It allows for easy wallet balance viewing and streamlined batch operations. * **Important Note**: * Remember your encryption password. If lost, CiaoTool cannot recover your data. You’ll need to delete local data and start over. **Instructions**: * **For existing wallets:** After enabling wallet management, click **\[Import Bulk Wallets]** in the top left and import your private keys. You can then select them directly for batch operations. * **For new wallets:** After creating new wallets, import them into local wallet management with one click. ![](https://docs.dogtools.meme/~gitbook/image?url=https%3A%2F%2F1231829018-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FbI9FOXIMOA6RLmAW6lRu%252Fuploads%252FwtVNr9ny6e3FQwdlS4D0%252Fimage.png%3Falt%3Dmedia%26token%3D1a669b22-e2fd-4587-be15-cf8e924fc987\&width=768\&dpr=4\&quality=100\&sign=713892d\&sv=2) **⚠️Security Precautions** : * Be cautious of malicious clipboard plugins when importing private keys into local management. * Ensure the security of your local device and encryption password. *** ### ❓ Frequently Asked Questions(FAQ) #### 1. How can I keep my seed phrase secure? * [x] **Answer:** Write it down with pen and paper and store it offline. Never save it as a screenshot, in cloud notes, or chat history. #### 2. Why shouldn't I save my wallet using screenshots? * [x] **Answer:** Screenshots can be accessed by malware or synced to the cloud, posing serious security risks. #### 3. Will clearing my browser cache affect my wallet? * [x] **Answer:** No. Non-custodial wallet private keys are not stored in browser cache, but make sure you have backed up your seed phrase beforehand. #### 4. What are the risks of using browser extension wallets? * [x] **Answer:** Extension wallets can be exploited by fake websites or malicious approvals — always double-check every interaction and signature. #### 5. How do I know if an airdrop or link is safe? * [x] **Answer:** Avoid clicking on unknown links or approving suspicious transactions — especially those claiming “free airdrops.” ### 💬 Need Help? Contact Us Anytime * **Telegram**: * **Email**: * Website: [https://ciaotool.io](https://ciaotool.io/) * X (Twitter): * Medium: * Blog: * YouTube: * WhatsApp: {% hint style="danger" %} **Note:** CiaoTool is committed to providing convenient tooling services but does not offer any form of investment advice. Platform content may change with product iterations. Users are advised to exercise judgment and stay informed about updates. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ciaotool.gitbook.io/docs/wallet-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.