To secure your wallet, you need to set up either biometrics or a custom PIN, which you’ll use to authenticate every time you open the Robinhood Wallet app. If you want to switch between biometrics or a PIN, you can change your security settings any time in Backups & security.

Set up biometrics

When prompted during setup, select OK to allow Robinhood Wallet to use biometric authentication.

Custom PIN

When prompted during setup, enter a 6-digit PIN and then confirm the PIN a second time. Remember to never share this number with anyone.

Secret recovery phrase

A secret recovery phrase, also known as a seed phrase, is a series of words generated by your wallet that allows you access to your wallet and crypto.

It’s important to keep your secret recovery phrase stored in a safe place and never share it with anyone. We don’t have access to this phrase, so we can’t help you recover it if you forget it. And we’ll never ask you to input your recovery phrase anywhere except if you’re trying to recover your wallet in the Robinhood Wallet app.

For more security best practices, see protecting your self-custody wallet’s secret recovery phrase.

It’s incredibly important to back up your wallet because it's the only way you can recover your wallet and assets if you lose or reset your device.

You can back up your wallet manually by writing down its secret recovery phrase and storing it in a safe place offline or by saving it in a secure password manager. Storing your recovery phrase offline (by writing it down, for example) has its benefits, since there’s less risk of compromising your data. Remember to never share this phrase with anyone.

As another layer of protection, you can also back up your wallet to iCloud or Google Drive:

iOS

1. Home → Menu → Backups & security
2. Under Backups, select the wallet you want to back up
3. Select Back it up to iCloud
4. Enter a password
5. Confirm your password
6. Select Save and back up → Done

Android

1. Home → Backups & security
2. Under Backups, select the wallet you want to back up
3. Select Back it up to Google Drive
4. Enter a password
5. Confirm your password
6. Select Save and back up → Done

Cross-chain swaps have some risks you should be aware of.

When you do a cross-chain swap, DEXs like LI.FI typically use third-party bridges to complete your order. Many bridges rely on trusted setups, like multisignature arrangements, to validate transactions and prevent fraud. Hackers can compromise validator private keys, enabling unauthorized transaction approvals.

Some bridges have been exploited in the past by bad actors that have led to the hack of assets stored in the bridge. If you grant approval to a bridge smart contract that is compromised, the assets in your wallet could be at risk. It's best practice to monitor your wallet activity for unauthorized transactions regularly, review token approvals and the smart contract approvals of your wallet. Revoking token approvals can be a secondary measure in the case you’re a victim of specific types of bridge vulnerabilities.

Spam crypto are often designed with malicious intent to get access to your wallet. Robinhood Wallet flags unsolicited crypto sent or airdropped to your wallet and automatically moves it to spam. You can remove crypto from spam to view it in your wallet.

To manage crypto visibility in the app:

1. In Holdings, select Menu (...)
2. Select Manage crypto visibility
3. Select Spam crypto
4. Select Yes if you want to remove the crypto from spam

You can also go to Settings → Manage crypto visibility → Select Spam crypto.

Your security and privacy are incredibly important to us. Despite the generally secure nature of the blockchain, there are plenty of scammers trying to steal your assets and data. To keep your wallet, assets, and data secure, we suggest taking the following precautions:

• Never share your secret recovery phrase with anyone. We'll never ask you for your secret recovery phrase outside of the Robinhood Wallet app.
• Be wary of suspicious phishing, social engineering, and scam attempts. This includes airdrops, emails, text messages, social media messages, and fraudulent websites that ask for your personal information, contain unexpected crypto assets or attachments, offer financial advice, etc. When in doubt, verify the authenticity of any request before taking action.
• Before signing a transaction with your wallet, make sure to check the transaction details. It’s possible for scammers to access your funds if you sign a transaction, so only approve transactions if you trust the sender.
• Only transact with entities and individuals that you know and trust. This includes connecting to dapps, sending and receiving crypto, and so on.
• Be cautious when interacting with unsolicited crypto. Crypto that is sent without your knowledge or airdropped to your wallet are often scams. The scam may ask you to visit a site, connect your wallet, or send crypto to an address where the scammers can then gain access to your wallet. Scams can be highly complex and sophisticated, so it’s extremely important to do your research to verify if tokens that were sent you unsolicited are valid tokens and not a scam.

For more information on phishing and crypto scams, see how to identify and report scams.

Self-custody crypto wallet and related services are offered through Robinhood Non-Custodial, Ltd., a limited company organized in the Cayman Islands, and other third-party providers. Crypto held through the Robinhood Self-Custody Wallet is not FDIC insured or SIPC protected. Availability may be subject to regulatory approval in certain jurisdictions.

Crypto rewards terms & conditions.

Robinhood Non-Custodial Privacy Policy .