Once a user creates an account using Metafi Login or your custom signup flow, a wallet (BIP39 seed phrase) is generated on the user device for each of the chains supported by your game. We then generate a 128-bit random ID (encKey) which is used to encrypt each wallet. We use the AES-256-CTR standard for all of our encryption.

This encKey is then split into 3 shares using Shamir's Secret Sharing algorithm. We implement a 2/3 threshold scheme, where we need any 2 out of 3 shares to successfully recover the encKey. Two shares are then sent to the backend (ms and cs), and the third share is saved in the user's device (us).

The ms and cs shares are encrypted and secured via AWS hardware security modules. You have the option of storing one of the shares (cs) on your own backend, which can be done by setting URLs to store and fetch the cs share as outlined here.

Once a user verifies their identity by logging in, we return the ms share to the user, which is combined with the us share on the users device to recover the encKey. This encKey is then used to decrypt the wallets, and the user can then continue with making transactions.

We are working on adding additional modes of recovery in the future such as security questions and downloading a recovery key. Please reach out to us via our Discord if you have any questions.