Skip to content
BTC 69,240 ETH 3,580 HYPE 20.90 SOL 168
Illustrative figures · verify live prices on official sources
hyperliquid.guide — independent guide
English 中文 Deutsch Español Français 日本語 한국어 Indonesia Tiếng Việt
Start Trading
Storage · Security-first

The Hyperliquid wallet: self-custody, backup and security done properly

There is no single "Hyperliquid wallet" you download from an app store. Because Hyperliquid is non-custodial, you reach it through a self-custody wallet that you own and control. That makes this the most safety-critical page on the whole site — get the wallet part right and almost everything else becomes recoverable; get it wrong and there is no undo button. We have audited wallets and exchanges since 2017, and this guide is the checklist we wish every newcomer read before moving a single dollar.

Open a secure wallet Explore the guides

⚠ Disclaimer This is not the official website. hyperliquid.guide is an independent educational project and is not affiliated with, endorsed by, or operated by Hyperliquid. Always confirm details on the official app before acting.

What "the Hyperliquid wallet" really means

Let us clear up the single most common point of confusion before anything else. Newcomers often search for "Hyperliquid wallet download" expecting an official app with a logo, a login screen and a password reset link. That app does not exist, and its absence is the whole point. Hyperliquid is a non-custodial protocol. You do not create an account on it; you connect to it using a wallet that already belongs to you and that you alone control.

So "the Hyperliquid wallet" is really shorthand for "whatever self-custody wallet you use to interact with Hyperliquid." That might be a browser extension like MetaMask or Rabby, a mobile wallet, or a hardware device. What every one of these has in common is that the private keys live with you, not with Hyperliquid. When you place a trade, deposit collateral or withdraw, your wallet signs a cryptographic message proving you authorised it. Hyperliquid simply reads that signature. At no point does it hold your keys or your funds in the way a traditional exchange would.

This is the custodial-versus-non-custodial distinction again, and it is worth repeating because it governs everything that follows. A custodial exchange — Binance, Coinbase, CEX.IO — is like a bank. The institution holds your assets and keys on your behalf. Forget your password and a support desk can verify your identity and let you back in. The trade-off is that you are trusting their solvency and security, and they can freeze, restrict or close your account.

A non-custodial wallet is like a personal safe bolted into your own home. Nobody can freeze it, seize it or close it. But there is no locksmith on call. If you lose the combination — the seed phrase — the contents are gone for good. The freedom and the responsibility are inseparable: you cannot have one without the other. Internalising this is not optional. It is the foundation that the rest of this page builds on.

Illustration of a self-custody crypto wallet app showing an account balance, send and receive buttons and a connected dApp
Illustrative only. A self-custody wallet connects to Hyperliquid; it is not an official Hyperliquid product. Verify any wallet on its own official site before downloading.

Hot vs cold wallets

All self-custody wallets fall into two broad families, and choosing between them is the first real security decision you will make. The difference comes down to one question: are your private keys ever exposed to an internet-connected device?

A hot wallet is software that runs on a device that is online — a browser extension (MetaMask, Rabby), a desktop app, or a mobile wallet. Its keys are stored, encrypted, on that device. Hot wallets are convenient: they are free, fast to set up, and connect to Hyperliquid in a couple of clicks. That convenience is also their weakness. If your computer or phone is compromised by malware, the keys can in principle be reached.

A cold wallet — usually a hardware wallet such as a Ledger or Trezor — keeps the private keys on a dedicated offline device. When you sign a transaction, the unsigned data is sent to the device, you confirm it on the device's own screen and buttons, and only the signature comes back out. The keys themselves never leave the hardware and never touch your internet-connected computer. That single property defeats the large majority of remote attacks.

AspectHot wallet (software)Hardware / cold wallet
Where keys liveOn an internet-connected device (encrypted)On an isolated offline device
ExamplesMetaMask, Rabby, mobile walletsLedger, Trezor, similar signers
CostFreeTypically a one-off hardware purchase
ConvenienceVery high — connect in secondsSlightly slower — confirm on the device
Resistance to malwareLower — keys can be reached if the device is compromisedHigh — keys never leave the device
Best suited toSmall, active balances you trade oftenLarger holdings and long-term storage
 A practical, not exhaustive, comparison. Many traders use both: a hot wallet for day-to-day amounts and a hardware wallet for the bulk of their funds.

The pragmatic answer for most people is not "pick one" — it is "use the right tool for the amount." Keep a modest trading float in a hot wallet, and protect anything larger with a hardware device. We expand on exactly when to make that switch further down.

The seed phrase: your single point of failure

When you create a self-custody wallet, it generates a seed phrase (also called a recovery phrase or mnemonic): a list of typically 12 or 24 ordinary words, in a specific order. Those words are a human-readable representation of the master key from which every address and private key in your wallet is derived. Whoever holds the seed phrase controls the wallet — completely, irreversibly, and from anywhere on earth.

This is the concept that, more than any other, separates people who keep their crypto from people who post heartbroken threads about losing it. The seed phrase is not a password. It is the key. There is no "forgot password," no account recovery, no fraud department. Treat it accordingly.

Foolproof seed-phrase rules — read twice

NEVER type your seed phrase into any website, pop-up or form. A wallet only ever asks for it once, on the device itself, when you first restore. A "Hyperliquid" page asking you to "verify," "validate" or "re-sync" your phrase is always a phishing scam.

NEVER photograph it, screenshot it, email it, or type it into a notes app, password manager or cloud drive. The moment a seed phrase touches an internet-connected service, treat it as compromised.

Nobody can recover it for you. Not Hyperliquid, not your wallet provider, not "support." Anyone who claims they can — especially anyone who messages you first — is running a theft.

One more nuance worth understanding: anyone who can see your phrase can drain your wallet, but you do not need to keep it on hand to use the wallet day to day. After the initial setup you only need it again if you are restoring the wallet on a new device. So the correct lifecycle is: write it down once, store it offline, and then never expose it again unless you are deliberately recovering.

Backing up and recovering a wallet (step-by-step)

A backup is only worth anything if it survives the disaster you are insuring against — a lost phone, a dead laptop, a house fire, a flood. Here is the routine we recommend, written so a complete beginner can follow it without guessing.

  1. Write the phrase on paper, by hand. When the wallet shows your 12 or 24 words during setup, copy them carefully onto paper, in order, double-checking spelling. Do this in a private place with no cameras (including laptop webcams and smart speakers) nearby.
  2. Upgrade to metal for anything serious. Paper burns and dissolves. For meaningful balances, transcribe the words onto a steel backup plate designed for the purpose. Fire and water stop being a threat.
  3. Store two copies in two separate physical locations. One at home in a safe, one somewhere geographically separate you trust — a bank deposit box, a relative's safe. Two locations protect against a single fire or theft wiping out everything at once.
  4. Never create a digital copy. No photos, no cloud, no encrypted note "just in case." Every digital convenience is also an attack surface. The discipline of keeping it strictly offline is what keeps it safe.
  5. Test the recovery before you trust it. On a spare or freshly reset device, use your written phrase to restore the wallet and confirm the same addresses appear. A backup you have never tested is a guess. Once verified, wipe the test device if it is not your daily one.

If a device is lost, stolen or destroyed, recovery is reassuringly mechanical because you did the above:

  1. Get a clean device. Install the official wallet app or extension — only from the provider's verified website or app store listing, never a link someone sent you.
  2. Choose "restore" or "import," not "create new." Creating a new wallet generates a brand-new phrase and will not show your funds.
  3. Enter your seed phrase on that device only. Type the words in order on the device's own screen. Your addresses and balances reappear because they were always derived from the phrase, not stored on the old hardware.
  4. Reconnect to Hyperliquid and verify. Visit the official app, connect the restored wallet, and confirm your balances look correct before doing anything else.
  5. If the old device may be in the wrong hands, move funds. If you suspect the seed itself was exposed (not just the device lost), generate a fresh wallet with a new phrase and transfer everything to it immediately.

Securing larger balances with a hardware wallet

There is a threshold — different for everyone — at which the value in your wallet becomes large enough that losing it would genuinely hurt. The moment you cross it, a hardware wallet stops being optional. The logic is simple: a hot wallet's keys live on a machine that browses the web, opens email and installs software, any of which can introduce malware. A hardware wallet removes the keys from that battlefield entirely.

It pairs cleanly with DEX use. You connect the hardware wallet to MetaMask or Rabby, which acts purely as the "front end" that talks to Hyperliquid. When you place a trade or sign an approval, the request is routed to the hardware device, where you read the details on its trusted screen and physically press to confirm. The private key signs inside the device and never appears on your computer. Even on a fully compromised PC, an attacker cannot extract the key — and crucially, you get to see what you are actually approving before you press the button, which is the best defence against malicious transactions.

A few habits make hardware wallets far more effective: buy the device new, directly from the manufacturer (never second-hand, never from a marketplace reseller); set it up yourself so you generate the seed phrase; verify the device's firmware through the official companion app; and confirm every receive address and transaction detail on the device's own screen rather than trusting what the computer displays.

Want managed, insured-style custody as well as self-custody?

Self-custody is the right call for sovereignty, but not everyone wants the full responsibility for every dollar. A regulated custodial wallet handles key management for you, with recovery options and platform-level protections — a sensible complement to a hardware wallet for the balances you would rather not babysit. Compare the managed approach before you decide your split.

Affiliate link · opens in a new tab · we may earn a commission at no cost to you.

Open a secure wallet

Common wallet attacks & how to dodge them

Almost nobody loses self-custody funds to someone "cracking" cryptography — the maths is sound. They lose funds to social engineering and software tricks that get you to hand over access or sign something you should not. Knowing the playbook is most of the defence.

AttackHow it worksDefence
Phishing sitesA fake Hyperliquid or wallet page (often promoted via ads or look-alike domains) tricks you into connecting and signing, or into "verifying" your seed phrase.Bookmark the real app URL and only use the bookmark. Never enter a seed phrase on any website. Distrust search ads.
Fake support DMsA "support agent" or "moderator" messages you first on Discord, Telegram or X, offering to fix an issue and asking for your phrase or a "wallet sync."Real support never DMs first and never needs your seed. Treat any unsolicited helper as an attacker, full stop.
Malicious token approvals / drainersA scam dApp asks you to sign an approval that grants unlimited spending of your tokens, then empties the wallet later.Read what you are signing. Approve only specific amounts. Periodically review and revoke old approvals. A hardware wallet shows the real request.
Clipboard malwareMalware silently swaps a copied wallet address for the attacker's, so funds you send go to them.Always verify the first and last several characters of a pasted address, and confirm the address on a hardware screen.
Fake apps & extensionsCounterfeit "MetaMask" or "Ledger" apps in stores or via links capture your phrase on setup.Install only from the provider's official website or verified store listing. Check developer name, reviews and download counts.
 The common patterns we see repeatedly. New variants appear constantly, but they almost always rely on one of these mechanics.
The one rule that stops most of these

If you did not initiate it, do not trust it. Unsolicited messages, unexpected pop-ups, links from "support," urgent "verify now" prompts — these are the connective tissue of nearly every wallet theft. Slow down, close the tab, and reach official channels yourself. Urgency is the scammer's favourite tool; refusing to hurry is yours.

Wallet hygiene checklist

Security is not a one-time setup; it is a set of small habits. Run through this list now, and revisit it whenever your balance grows.

  • Download wallets only from official sources — the provider's own site or verified store listing, never a link.
  • Keep your seed phrase strictly offline — written on paper or metal, in two separate locations, never digital.
  • Use a hardware wallet for any balance you would be upset to lose.
  • Separate wallets by purpose — a "hot" wallet for active trading, a "vault" for savings you rarely touch.
  • Verify addresses character by character before sending, and confirm on a hardware screen where possible.
  • Read every signature request — understand what an approval grants before you confirm it.
  • Revoke stale token approvals periodically so old permissions cannot be abused.
  • Bookmark the official app and reach it only via the bookmark — never search results or ads.
  • Keep devices and wallet software updated, and run a reputable security scan on the machine you sign from.
  • Assume every unsolicited message is hostile — support never DMs first and never needs your phrase.
Pro tip

Do a "fire drill" once a year: restore your seed phrase onto a spare device to confirm the backup still works and that you can read your own handwriting. A backup you have never tested is a hope, not a plan.

Wallet facts at a glance

Custody
Non-custodial — you hold the private keys, not Hyperliquid
Key types
Hot (software) wallets and cold (hardware) wallets
Backup
Seed phrase written offline, two locations, never digital
Best for large sums
Hardware wallet keeping keys offline
Golden rule
Never type your seed phrase into a website — ever

Wallet FAQ

Does Hyperliquid have its own wallet?

There is no single official "Hyperliquid wallet" you must download. Because Hyperliquid is non-custodial, you connect a standard self-custody wallet such as MetaMask or Rabby, or a hardware wallet like Ledger. The wallet holds your keys; Hyperliquid never does. Always download any wallet from its own official source.

What if I lose my seed phrase?

If you lose your seed phrase and also lose access to the device, the funds are gone permanently — there is no recovery path and no one can restore it for you. This is precisely why an offline backup in two separate locations, tested at least once, is non-negotiable.

Is MetaMask safe for Hyperliquid?

MetaMask and Rabby are widely used and reasonable for everyday balances, provided you install them only from official sources and guard your seed phrase. For larger sums, pair the software wallet with a hardware device so your private keys never touch an internet-connected computer.

Do I need a hardware wallet?

You do not strictly need one to use Hyperliquid, but it is strongly recommended once the value you hold would genuinely hurt to lose. A hardware wallet keeps keys offline and makes you confirm transactions on a screen you control, which defeats most remote attacks.

HyperGuide Research Desk

An independent team that has audited crypto exchanges and wallets since 2017. We write security-first, hype-free guides and always point you back to official sources for live data. We are not affiliated with Hyperliquid.

Seed-phrase safety reminder: your recovery phrase is the only key to your funds, and no legitimate person or site will ever ask you to type it in.
Write it on paper or metal, keep it offline in two places, and never photograph, upload or share it with anyone — ever.