Is Xumm the best XRP wallet?

XUMM (Best Mobile XRP Wallet): Exclusively designed for Ripple Ledger, XUMM takes the crown as the best mobile XRP wallet . Beyond its secure storage capabilities, XUMM supports fiat payments and seamlessly connects with xAPPS, providing users with a comprehensive mobile experience for managing their XRP assets.

What happened to Xumm?

Xumm Wallet rebranded to Xaman in December 2023 in a landmark move for the popular XRP wallet. The change represented more than just a rebrand, as the latest update was focused on integrating the Xahau Network chain built on the XRP ledger, which has smart contract capability.

Does Xumm work offline?

This offers the best combination of user experience and security. Using your smartphone with decent screen size, and the Xumm + XRPL ecosystem to compose and review transactions, while using a separate (dedicated, low level, offline) piece of hardware (the Xumm (Tangem) card) to sign transactions .

What is the safest XRP wallet?

Best Ripple XRP Wallets Ledger. Ledger is a well-known brand in the realm of hardware wallets, offering compatibility with Ripple (XRP) and various other assets. ... Trust Wallet. Trust Wallet provides a comprehensive suite of security features to safeguard your Ripple (XRP) assets. ... Atomic Wallet. ... Exodus Wallet. ... Trezor. May 7, 2024

What is the most secure crypto wallet?

The best software wallets Guarda. ... Crypto.com DeFi Wallet. ... Trust Wallet. Best for Binance and Binance.US users. ... Exodus. Best for customer support. ... ZenGo. Best for easy account recovery. ... Ledger. Best hardware wallet for hot wallet integration. ... Trezor. Best hardware wallet for security. ... KeepKey. Best hardware wallet for price. More items...

What is the new name for Xumm?

Our Rebranding Journey to Xaman The shift from Xumm to Xaman isn't just about a new name or logo; it's a huge step in our evolution. Xaman, inspired by the Maya god of merchants and trade, perfectly embodies our mission of merging the worlds of retail and blockchain.

Is Xumm decentralized?

As decentralized finance (DeFi) as a whole moves towards a more secure and user-empowered future, Xaman is ready with the right tools and the right approach to help users navigate this new era of digital finance. We recently started rebranding from Xumm to Xaman, marking a significant milestone in our journey.

Can I sell XRP from Xumm?

we offer an On/Off-Ramp service to our Xumm Pro users. This means that you can buy and sell XRP from our On/Off-Ramp xApp and send funds back and forth from your bank account using the xApp.

Does Xumm require KYC?

Do I have to go through the KYC process to use Xumm? No. It is entirely optional . Xumm is a self-custodial wallet and our services are not yet regulated.

Does Xumm support XRP?

Xaman (formerly known as Xumm) supports both the XRP Ledger and the Xahau blockchain . Any token issued on either network is supported by Xaman.

Can Xumm hold bitcoin?

Xumm is exclusively an XRP Ledger wallet. We support XRP and the 8000-plus tokens issued on the XRPL .

Is XRP really a security?

When looking at XRP, Judge Torres was unequivocal in holding that XRP, the digital asset by itself, is not “a 'contract, transaction, or scheme' that embodies the Howey requirements of an investment contract,” and thus it is not a security .

How secure is Xumm? (2024)

It is a crazy time in the crypto world, how secure is Xumm?

There are several ways to view security when it comes to your XRP Ledger account.

Your first line of security starts with your phone.

Here are the top 9 security threats to your phone.

Social Engineering
Data Leakage via Malicious Apps
Unsecured Public WiFi
End-to-End Encryption Gaps
Internet of Things (IoT) Devices
Spyware
Poor Password Habits
Lost or Stolen Mobile Devices

Source: https://auth0.com/blog/the-9-most-common-security-threats-to-mobile-devices-in-2021/

So, here are some things to consider:

Is your mobile device up to date with all security and OS updates?
Do you use a VPN?
Do you have an anti virus program that is up to date?
How often do you use public wifi?
Do you have a firewall on your phone?
Do you have strong passwords?
How often do you change your passwords?

If your phone is not secure, the best software wallet in the world (aka Xumm) will not be able to protect your assets. Starting out with a modern, up to date, secure mobile device is essential when it comes to securing your assets.

No problem. My phone is secure.

So your phone has no spyware or malware installed. It is up to date. You use a top of the line VPN, anti-virus software and firewall. You have installed Xumm and you used Xumm to create your XRP Ledger account. Well done!

Xumm can generate three hundred and forty undecillion, two hundred and eighty-two decillion, three hundred and sixty-six nonillion, nine hundred and twenty octillion, nine hundred and thirty-eight septillion, four hundred and sixty-three sextillion, four hundred and sixty-three quintillion, three hundred and seventy-four quadrillion, six hundred and seven trillion, four hundred and thirty-one billion, seven hundred and sixty-eight million, two hundred and eleven thousand, four hundred and fifty-six different accounts using the secret number standard. Xumm will provide you with one of those possible accounts.

It is hard to imagine how many accounts that actually is, so maybe this will help.

If you had a job that paid you 390 trillion euros per hour, you would have to work 24 hours per day, 7 days per week, 365 days per year for about 99 quadrillion years to earn 340 undecillion euros.

It is unimaginably difficult for someone to guess your account number out of 340 undecillion possible accounts. you would need to make 390 trillion guess per hour for 99 quadrillion years to guess them all.

How is that different from a cold/hard wallet?

It is no different. Whether an account is generated off line or online, there is no difference in the total number of possible accounts. The chances of guessing your account secret is the same.

There must be some difference...

It comes down to entropy. How well does the software generate randomness? How does it pick from the 340 undecillion possibilities?

Is that why you are always telling people to protect their Secret Numbers?

Exactly! The only way someone can access your account is if they know your Secret Numbers. The chances of someone figuring them out are 1 in 340 undecillion.

What about the 6 digit passcode to access Xumm. That is only 1 million possibilities. Anyone could guess that.

You are absolutely right. Let's say that someone has acquired your phone and somehow circumvented your password and now has full access to it.

An attacker launches Xumm and tries to hack your 6 digit passcode. Six digits is only 999,999 possible combinations, (000000, 000001, 000002 -> 999997, 999998, 999999), so they start entering various passcodes at a rate of 1 one passcode per second and about 11 days later they have tried all of the possible combinations. So now they have access to Xumm.

Except for one small countermeasure we implemented in Xumm. We have configured Xumm to only allow 5 attempts before Xumm starts to add time to the next attempt. After the ninth wrong entry, Xumm requires a delay of 2 hours to input again. That means 12 attempts per day. Now instead of 11 days to try all of the possible combinations, it would take about 83,332 days to try them all... Or about 228 years.

Ha! So now its down from 99 quadrillion years to 228 years!

However, let's say someone manages to guess your 6 digit passcode in under 228 years, now they have to figure out your signing password. Honestly, how hard can that really be right? Well, we set the limit for the number of characters you can make your password to a mere 2,091,752 terabytes. In other words, you could make your password so long, it would take up all of the storage space on your 512GB phone and about 4 million other 512GB phones before you ran out of space to store it. Provided that you selected a strong signing password, this could take awhile to guess.

Basically you're saying it is impossible. Why would I need the Xumm Tangem cards then?

It is basically impossible to guess the Secret Numbers in your lifetime and if your phone is lost or stolen, you have plenty to time to move your assets to another account. The Xumm Tangem cards are the perfect way of mitigating the risk of a compromised phone, especially if you follow our recommend guidelines here:

Tangem cards - Best Practices

Although we believe that your phone is secure and that it will never get lost/damaged or stolen, having a pair of cards will ensure that even if your phone was compromised, your XRPL account is safe. Here's how...

A Xumm Tangem card will generate a set of private keys on the card. They never leave the card. No one will ever see them, (including you) and there is no way to access them. You can never be tricked into giving your account secret away and the only way to access your account is by having the card with you.

What about spam transactions? Are they dangerous?

Unfortunately there is nothing that can be done to stop prevent spam on the XRP Ledger. There are no "spam filters" yet, so when we identify a spam transaction or a transaction that is coming from a fraudulent address, XUMM will alert you with a warning message about the sender of the transaction.

Although annoying, most people are choosing to ignore the messages.

If you are interested in learning more about spam on the XRPL, check out this article:

https://support.xumm.app/hc/en-us/articles/6156825861394-Spam-on-the-XRP-Ledger

Can the government freeze my funds via Xumm? What happens if the government seized XRPL Labs?

The XRP Ledger is a decentralized blockchain. A governmental agency might be able to shut down some of the XRPL validators and nodes in a particular region, but a single government could not shut down all of them all over the world. The XRPL servers are distributed around the planet to form a global network. In other words, the XRP Ledger will still run and validate transactions regardless if a bunch of servers were shut down. That is part of the idea behind decentralization.

Another feature of the XRPL is that no one, not a government or an exchange or even us can access your non custodial XRPL account. You are the only one with the account secret, so without that, there is no way to confiscate or freeze your XRP.

Finally, Xumm will run regardless if XRPL Labs exists or not. Xumm does not need our backend servers to function. All of the XRPL communication and signing happens locally on your mobile device, from within Xumm. It does not need our backend servers for that.

...plus, if worse came to worse, you could always take your account secret and just use another wallet if you wanted to.

Ok. Summarize it for me.

Keep your phone safe, up to date and free of spyware and malware
Never give your account secret (Secret Numbers/Family Seed/Mnemonic) to anyone, for any reason
Xumm is designed with security in mind. Security is number one priority (but Xumm can't be safer than your device and your own practices are)
Xumm Tangem cards are the best solution for maximum security

Additional reading

Notes

We understand that you might have additional questions regarding this topic so you are welcome to contact us any time via the Xumm Support xApp in Xumm or you can simply scan this QR code with Xumm and be directed there automatically.

How secure is Xumm? (2024)

What about spam transactions? Are they dangerous?

FAQs

How secure is Xumm? ›

Does Xumm support XRP? ›