What Is WalletConnect: The Crypto Wallet Connectivity Protocol
You want to swap tokens on Uniswap using the wallet on your phone. The problem: Uniswap is open in your desktop browser, and your crypto wallet is on a completely different device. WalletConnect solves this. You scan a QR code, your wallet links to the dApp, and you can sign transactions without ever typing a private key into a website.
That is the short version. The longer version involves encrypted relay servers, a native WCT token, and a protocol that processed 392 million connections in 2025 alone (up 119% from the year before, according to Nansen Research). Over $400 billion in total network volume flowed through WalletConnect that year, a figure that already exceeds Square's entire payment volume ($231 billion). If you have ever connected a wallet to a decentralized application, you have probably used WalletConnect without thinking much about how it works.
This guide covers the full picture: what the protocol does, how the encryption and relay infrastructure actually work, what the WCT token is for, and how to use WalletConnect securely with any wallet on any blockchain.
How WalletConnect Works: The Web3 App Gateway
Pedro Gomes shipped the first version in 2018. Today: 700 wallets, 85,500 apps, 170 chains. In 2025 alone, 55.5 million unique users connected through the protocol. The busiest month, December 2024, hit 23.4 million connections. Not bad for something most people do not even realize they are using.
What happens when you point your phone camera at that QR code on screen?
Short answer: your wallet and the dApp swap encryption keys. The QR code contains a URI with a relay server address and the raw material for a Diffie-Hellman key exchange. Both sides do the math (Ed25519/X25519 in the current version), arrive at a shared secret, and from that moment every message between them is locked with ChaCha20-Poly1305 encryption. The relay server sitting in between? Blind. It shuttles encrypted blobs around without understanding a word of it.
Your private key does not go anywhere. Not to the relay. Not to the dApp. Not to WalletConnect. When a dApp wants your signature on a transaction, it sends an encrypted request to your wallet through the relay. You see the details on your phone screen. You decide. Approve or reject. That is it. If you approve, the signed result goes back through the same encrypted tunnel, and the dApp broadcasts it to the chain.
Desktop: scan QR with phone. Mobile: deep link opens your wallet directly. Either way, five to ten seconds from start to connected.
| Component | What it does |
|---|---|
| QR code / Deep link | Transfers the connection URI from dApp to wallet |
| Symmetric key | Encrypts all messages between wallet and dApp |
| Relay server | Passes encrypted messages; cannot decrypt them |
| Wallet | Holds your private key; signs transactions locally |
| dApp | Sends transaction requests; broadcasts signed results |
WalletConnect V2 and the Shift to Decentralized Infrastructure
V1 died on June 28, 2023. Good riddance. It needed a centralized bridge server for every single session, only talked to one chain at a time, and if that server hiccupped your connection dropped. People put up with it because there was nothing better.
V2 is nothing like it. One connection now spans Ethereum, Polygon, Solana, Cosmos, all at once. The centralized bridge? Replaced by a distributed relay network where 20-plus independent operators route traffic. Sessions stick around even if you refresh the page. Permission controls got granular so dApps can only request what they actually need.
| Feature | V1 (gone) | V2 (now) |
|---|---|---|
| Chains per session | One | As many as you want |
| Relay | Single server | Distributed network |
| Encryption | AES-256-CBC | X25519 + ChaCha20-Poly1305 |
| Sessions | Die on refresh | Persistent |
| Auth | None | Project ID required |
The company shipped SDKs in JavaScript, Swift, and Kotlin. One Wallet Connect integration and you reach 700 wallets. They rebranded from WalletConnect Inc. to Reown in September 2024, $38 million raised total. Network 2.0 landed late 2025 with regional clusters that slashed latency 85% and a modular coordination layer running on-chain. That is the infrastructure the WCT token is built to incentivize.
The WCT Token: Governance, Staking, and Network Incentives
WCT listed April 15, 2025. Binance, OKX, KuCoin. One billion max supply. No inflation. Right now 186.2 million tokens circulate, about 18.6% of the cap. Price: $0.065 or so. Down 95% from the $1.34 ATH in May 2025.
Let that sink in. A protocol handling $400 billion in annual volume has a token trading at a $12 million market cap. That is one of the stranger numbers in all of crypto.
WCT does three things. Governance: holders vote on upgrades and fee structures. Staking: lock tokens from 1 week to 2 years, collect rewards every Thursday proportional to your weight. At peak, 122 million WCT were locked by 55,000 stakers. Fees: WCT pays for relay services. The split is 30% wallets, 25% node operators, 20% stakers, 15% grants, 10% R&D.
Allocation: 20% Foundation Treasury, 18.5% team, 17.5% rewards, 13.5% airdrops (Season 1 dropped 50 million WCT between November 2024 and January 2025). Rest goes to warrants, dev, public sale, market makers.
WalletConnect Pay launched March 2026 with Ingenico. If it works, that is stablecoin checkout at 40 million POS terminals across 120 countries. The DAO put 50 million WCT behind it, offering 2% cashback. Whether this turns WCT from a thin-utility governance token into something real depends entirely on whether merchants actually adopt it.
The WCT price trajectory is worth understanding if you are considering buying the token. After the Binance Launchpool farming period in April 2025, the token hit $1.34 within six weeks. Then reality set in. With 81% of supply still locked and a circulating market cap of just $12 million, the token is thinly traded. Volume spikes on days when unlock schedules release new batches. The fully diluted valuation ($64.6 million) gives a better sense of what the market thinks the network is actually worth. That number is surprisingly low for a protocol that carries more annual volume than most fintech companies. Whether the token ever reflects that volume is the open question. Governance power, staking yield, and the WalletConnect Pay cashback are the three reasons anyone holds WCT right now. If Pay takes off, that changes the calculus. If it does not, the token remains a governance instrument for a protocol that works fine without one.
For context: the WCT airdrop was one of the larger ones in 2024-2025. Season 1 distributed 50 million tokens (5% of total supply) to builders, early adopters, and active wallet users. More seasons are planned, with 13.5% of total supply earmarked for future drops. The staking rewards launched in December 2024. Lock for a week and you earn the minimum. Lock for two years and the rewards multiplier is substantially higher. Staking peaked at 122 million WCT, meaning at one point roughly 65% of circulating supply was locked.
WalletConnect Ecosystem: Wallets, dApps, and Blockchains
Everyone uses this. 700 wallets: MetaMask, Trust Wallet, Rainbow, Ledger Live, Argent, Crypto.com, Coinbase Wallet, Gnosis Safe. Institutional custody too: Fireblocks, BitGo, Anchorage.
The dApp count is 85,500. Uniswap, Aave, Compound, Curve on the DeFi side. OpenSea, Rarible for NFTs. Axie Infinity and The Sandbox for gaming. Snapshot for DAO governance. Commerce: Stripe, Shopify, Coinbase Commerce. This is not a niche tool. It is the plumbing of Web3.
Chain-agnostic by design. Ethereum, Polygon, Solana, Cosmos, Near, Avalanche, BNB Chain, Bitcoin (limited), and dozens of EVM chains. If a wallet and a dApp both speak WalletConnect, they talk, regardless of which blockchain they sit on. That is what powers onchain trading and various blockchain-based DeFi interactions for millions of people daily.
Compare that to MetaMask's browser extension. MetaMask's built-in connection works with MetaMask only. WalletConnect works with everything. Coinbase has its own Wallet SDK with passkey support and smart wallet features. Web3Auth and Magic Link let users sign in with email or social accounts, skipping seed phrases entirely. Privy takes a progressive onboarding approach, starting simple and adding crypto features as users get comfortable.
Each competitor solves a different problem. MetaMask SDK is wallet-specific. Coinbase SDK ties you to their particular wallet. Web3Auth and Magic are about removing crypto's learning curve entirely, which is great for onboarding but means users do not control their own keys in the traditional sense. WalletConnect is the only one that works as a universal layer connecting any wallet to any dApp without compromising security or self-custody. That is why it dominates: it is the default because nothing else covers the same ground.
Where does the volume go? Ethereum dominates at 77.4% of total network value. Then BNB Chain at 6.8%, Arbitrum 3.7%, Avalanche and Base both at 2.9%, Solana at 2.0%. DeFi accounts for about 65% of all volume flowing through WalletConnect, roughly $260 billion in 2025.
| Chain | Share of WalletConnect volume |
|---|---|
| Ethereum | 77.4% |
| BNB Chain | 6.8% |
| Arbitrum | 3.7% |
| Avalanche | 2.9% |
| Base | 2.9% |
| Solana | 2.0% |
| Others | ~4.3% |
Beyond DeFi, WalletConnect now handles infrastructure and data applications (10% of volume), cross-chain interoperability protocols (3%), and a growing segment of AI agent interactions (0.75%, about $3 billion). The payments category is small today at 0.27% but WalletConnect Pay and the Ingenico partnership could change that fast.
Is WalletConnect Secure and What Are the Risks
The encryption is not the problem. End-to-end. Relay sees nothing. Private key stays on your device. No intermediary can sign anything on your behalf. From a protocol standpoint, WalletConnect has zero known exploits since launch.
People are the problem.
Phishing is the number one risk. It works like this. Someone clones Uniswap at umiswap.com. You scan the QR code. Approve the transaction. Your wallet gets drained. WalletConnect connected you exactly as asked. It cannot tell that the dApp behind the QR code is a scam. That is on you. In May 2024, a fake "WalletConnect" app on Google Play racked up 10,000 downloads and stole roughly $70,000 before anyone noticed. Fake reviews made it look legitimate.
Blind signing is the second risk. Some dApps show you a wall of hex data and a "Sign" button with no readable explanation of what you are approving. That could be a $5 swap or an unlimited token approval that lets a smart contract empty your wallet. If you cannot read it, do not sign it.
Stale sessions. Old connections stay active unless you disconnect them. A dApp you connected to three months ago can still send you transaction requests. Clean up. Weekly.
Token approvals survive disconnection. When you interact with a DeFi protocol, you approve a smart contract to spend tokens. That approval stays on-chain even after you disconnect from WalletConnect. Use Revoke.cash to audit and revoke old permissions.
Drainer-as-a-Service kits are a growing business in 2025-2026. Attackers clone frontends, buy Google ads for fake dApp URLs, and use WalletConnect as the connection layer because it is the standard. Not theoretical. Real money gets taken this way.
WalletConnect has responded with two tools: the Verify API (checks domain legitimacy when you connect) and the WalletConnect Certified program (tiered vetting for apps and institutions). Neither eliminates the risk, but they make phishing harder.
There is also the question of what WalletConnect sees. The relay servers cannot decrypt your messages. But the company knows which project IDs are connecting to which relay nodes, which gives them aggregate data about ecosystem usage. Since the rebrand to Reown and the push toward decentralized infrastructure, the stated goal is to reduce this central visibility. Whether that fully happens depends on how quickly the node operator network grows and whether permissionless relay participation becomes the norm.
For developers, the security upside is clear: your dApp never touches private keys. The wallet handles signing. You get back a signed result with zero custody liability. No key management headaches, no risk of leaking user credentials.
How to Use WalletConnect Step by Step
Works the same on Trust Wallet, MetaMask, Rainbow, Ledger Live, whatever. The protocol does not care which wallet you prefer.
Desktop to phone. You open the dApp on your laptop. Hit "Connect Wallet." Pick WalletConnect. QR code appears. Grab your phone, open your wallet, scan it. Your wallet shows the dApp name and the chain it wants to use. You tap connect. Maybe six seconds total. You are in.
Phone to phone. Open the dApp in your mobile browser. Tap "Connect Wallet," tap WalletConnect, tap your wallet from the list that pops up. Your wallet opens via deep link. Approve. Flip back to the browser. Done.
Once connected, every transaction request shows up in your wallet as a notification. Swap on Uniswap? Your phone buzzes with the details: how much you are spending, what you are getting, estimated gas fee, the network. You read it, decide, tap approve or reject. Nothing executes without your explicit signature.
When finished: settings, active sessions, disconnect. I know nobody does this. But stale sessions mean a dApp can still ping your wallet with transaction requests. One careless tap at 3am and you have a problem. Disconnect when you are done. Review open sessions once a week. Trust Wallet and MetaMask both show active WalletConnect sessions in their settings panels. Other wallets do too. Use that feature.
