TechFlow reports on January 31, slowmist's Yu Xian posted on X pointing out that wallet solutions based on Privy carry potential security risks. Although Privy uses the SSS scheme to generate and manage users' shard private keys, it ultimately reconstructs the plaintext private key within an isolated iframe context of the target frontend. If users have not enabled 2FA, there exists a risk of having all assets in their wallets instantly stolen.
Privy is a Web3 identity and authentication infrastructure platform aiming to promote mass adoption of Web3 applications by simplifying user experience. It combines traditional Web2 login methods with modern cryptographic techniques to make crypto wallets more accessible to users.





