Amy uses thirdweb infrastructure to provide wallet connection and sign-in. Your connected wallet address is the main identity Amy uses for your account. This page explains how wallets work with Amy and what to check to stay safe.
1. How wallets work with Amy
Amy does not issue, hold or control your wallet. When you connect a wallet or sign in through Amy, the wallet remains under your control through the relevant authentication provider or wallet provider. thirdweb provides the underlying wallet connection, in-app wallet and authentication infrastructure. Amy provides the product interface and associates Amy records with the connected wallet address.
Supported connection and sign-in methods are shown in the live thirdweb-powered connection window. Users may currently be able to access an in-app wallet using supported sign-in methods or connect an existing compatible external wallet.
Simple rule
Amy provides the interface. Wallet access and control remain with you and the relevant wallet or authentication provider.
2. Amy and thirdweb
Live sign-in and connection options come through the thirdweb-powered window. Amy does not independently operate third-party wallet or authentication systems. thirdweb infrastructure does not own the Amy account or Amy's wallet-linked product records.
3. Your wallet address and Amy account
Amy uses your connected wallet address as the main account identity. Amy associates Points, referrals, badges, raffle activity and other account records with that wallet address.
Using a different wallet creates or opens a different wallet-linked Amy identity. Disconnecting the wallet logs you out but does not delete Amy records associated with the address. Reconnecting the same wallet address restores access to those records.
See Account Settings for full details about email and social connections.
4. In-app wallets
If you use a supported email, phone, passkey or social sign-in method, thirdweb may create or provide access to an in-app wallet associated with that authentication method. To regain access, use the authentication method associated with that in-app wallet.
The Amy verified email layer may be separate from the authentication method used to access the wallet. Amy cannot manually change or override the wallet's authentication method. Access recovery depends on the authentication method and provider associated with the wallet.
5. External wallets
You may connect an existing compatible external wallet through the thirdweb-powered connection interface. The external wallet remains controlled by you. Access, backups and recovery remain your responsibility through the relevant wallet provider.
Connecting an external wallet normally allows Amy to recognise the public wallet address; it does not by itself grant Amy permission to move assets. Connecting the wallet does not give Amy or thirdweb custody or control of it. Amy cannot restore an external wallet's seed phrase or private key. Use the live connection window to see the external wallets currently supported.
6. Choosing and protecting wallet access
When choosing how to access Amy, consider:
- whether you understand how access and recovery work
- whether you can securely protect the authentication method or recovery information
- whether you have securely prepared the recovery method before using the wallet for meaningful value
- whether the wallet supports the networks and assets you intend to use
- whether the wallet is downloaded or accessed through an official provider source
- whether you are comfortable reviewing transaction requests and approvals
7. Seed phrases and private keys
A seed phrase, private key or recovery phrase may allow complete control of a wallet and its assets.
You should:
- never share them with anyone, including anyone claiming to represent Amy, thirdweb, a wallet provider or community support
- never enter them into a link received through an unsolicited message
- avoid storing them in public cloud notes, ordinary screenshots, chats or email drafts
- follow the official backup guidance of the relevant wallet provider
- check that nobody can view or copy them during backup
Amy support will never need your seed phrase or private key. You should never disclose a seed phrase or private key as part of a support, verification or recovery process.
8. Sign-in and authentication safety
For in-app wallet authentication, protect the login method connected to the wallet.
- Use strong and unique passwords where passwords are used.
- Use multi-factor authentication where the provider offers it.
- Secure the email, phone or social account used for sign-in.
- Protect passkey-enabled devices.
- Review account-recovery options with the authentication provider.
- Log out of shared or public devices.
- Avoid saving sensitive login details in insecure locations.
If the authentication method associated with an in-app wallet is compromised, another person may be able to access that wallet.
9. Fake sites and fake support
Open Amy through a trusted bookmark or a link you have independently confirmed. Verify you are using Amy's official support channels before entering account information.
Official support routes:
- theteam@amyonbera. com
- a support ticket in the Amy Discord
Treat unsolicited direct messages claiming to offer Amy support as suspicious. Be cautious of:
- copied websites or lookalike domain names
- fake support accounts
- urgent claims that an account is compromised
- messages offering wallet recovery
- requests to move assets to a "safe wallet"
- requests to pay a fee to unlock an account or prize
Simple rule
Amy will not send an unsolicited private message asking for wallet recovery information, payment or the transfer of assets.
10. Before connecting a wallet
Before connecting a wallet to Amy, check:
- that you intended to open Amy
- that the website and connection window appear genuine
- that the wallet displayed is the wallet you intend to use
- that you understand which wallet address will become the Amy account identity
- that you are not sharing your screen with an unknown person
- that no one is pressuring you to connect quickly
Connecting a wallet allows Amy to recognise the selected public wallet address and begin the wallet-linked session. It does not by itself mean every later transaction, signature or smart-contract request should be approved.
11. Before approving a transaction
Review the wallet confirmation carefully before approving. Check:
- the network
- the asset
- the amount
- the destination or contract
- whether the action matches what you intended
- estimated gas or fees
- whether the request is a transaction, message signature or token approval
- whether the request provides broader spending permission than expected
Do not approve a wallet request simply because it appeared while Amy was open. Some supported Amy flows may lead to a third-party provider or smart-contract interaction, but you should still review each request.
12. Message signatures
Some wallet actions ask you to sign a message rather than send an onchain transaction. A message signature may be used for login, authentication or authorisation. Read the request and confirm that it matches the intended action. Unexpected or unclear signature requests should be rejected.
Wallet requests generally fall into different categories:
- Transaction
- An onchain action that may move assets, interact with a contract and require network gas.
- Message signature
An offchain signature that may be used for login, verification or authorisation. It can still carry risk even where no gas fee is shown.
Token approval
An onchain permission allowing a smart contract to spend a token within the approved scope.
13. Token approvals and permissions
Some smart-contract interactions require permission to use a token. An approval may permit a contract to spend a specified amount or, in some cases, a wider amount. Review the contract and permission before approving.
Wallet disconnection does not revoke an existing onchain approval. You must manage or revoke approvals separately through a trusted approval-management service or the controls provided by the relevant wallet. Revoking an approval normally requires an onchain transaction and may require gas.
Simple rule
Logging out ends the Amy session. It does not cancel permissions already granted onchain.
14. Networks, assets and addresses
Before sending an asset, check:
- that the selected network matches the intended action
- that the asset is supported by the destination
- that copied addresses have not changed
- check several characters at both the beginning and end of the destination address
- whether the address is a wallet or smart contract
- whether a bridge, payment or provider flow has its own network requirements
Do not rely only on the contact name or shortened address shown by an interface. Blockchain transfers are normally irreversible. Sending an asset to the wrong address or contract, or using a network unsupported by the destination, may result in permanent loss.
For unfamiliar addresses, networks or workflows, you may consider testing with a small amount first where practical. A successful test does not prove that the destination, contract or later transaction is risk-free.
15. Gas, fees and failed transactions
Blockchain transactions may require network gas. Network gas is paid for processing the blockchain transaction. It is separate from any provider, protocol or clearly disclosed Amy-related charge. Third-party providers or protocols may apply separate fees. A failed onchain transaction may still consume gas. Applicable Amy-related charges, where applicable, should be shown in the relevant product flow.
Quoted fees and final costs can change with network conditions. Review the final wallet confirmation before completing each transaction.
16. Smart contracts and third-party providers
Some Amy flows display information or route you to third-party products, protocols or providers. Depending on the feature, the underlying transaction, smart contract, payment processing, KYC, settlement, custody or other service may be handled by the relevant provider.
Using Amy's interface does not remove smart-contract, provider, liquidity, market or operational risk. Review the provider information and terms presented for the relevant flow. Displaying or supporting a route through Amy does not guarantee that the underlying provider, protocol or smart contract will be free from technical failure, price movement or loss.
17. Device and browser safety
Keep your browser, operating system and wallet software updated. Use device locks. Avoid unknown browser extensions and remove extensions that are no longer used.
Do not connect wallets on public or untrusted computers. Avoid carrying out sensitive wallet activity on public or untrusted networks where practical. Check that downloads come from official sources. Use malware protection and device-security features where available.
18. If something looks wrong
If you see an unexpected wallet request:
- Reject or cancel it.
- Do not enter recovery information.
- Disconnect from the suspicious page.
- Check the official Amy site and support routes independently.
- Review recent wallet activity and approvals.
- Contact the relevant wallet or authentication provider where access may be compromised.
- Contact Amy support where the issue relates to the Amy interface or account records.
If you have already shared a seed phrase or private key, treat that wallet as compromised and follow urgent guidance from the relevant wallet provider. Do not rely on unsolicited users or direct messages offering to move or recover the assets. If assets appear to have moved without authorisation, Amy can review Amy-side account records and visible product activity, but it cannot reverse blockchain transactions or recover private wallet credentials.
19. Getting help
Contact Amy about an unexpected Amy screen, connection problem, incorrect wallet address shown in Amy, unfamiliar Amy account record, a suspicious message claiming to be Amy support or a transaction that does not match the displayed information.
Provide non-sensitive details such as:
- wallet address
- transaction hash
- visible error message
- approximate time
- browser or device type
- a screenshot of the visible issue after removing or obscuring private information
- description of the expected and actual result
Do not provide:
- seed phrase, private key or recovery phrase
- wallet password or authentication code
- full login credentials
Contact Amy by emailing theteam@amyonbera.com or opening a support ticket in the Amy Discord.
20. Amy's role
Amy provides:
- the wallet-connection interface
- integration with thirdweb infrastructure
- wallet-address-based Amy account records
- product information and supported workflow interfaces
- account and product support
- visible transaction or status information where available
- safety guidance
Amy does not:
- hold or control user private keys
- take custody of assets simply because a wallet is connected
- recover seed phrases or private keys
- guarantee wallet recovery
- replace a lost wallet
- reverse blockchain transactions
- retrieve assets sent incorrectly
- revoke smart-contract approvals automatically when a wallet disconnects
- operate external wallet providers or authentication services
- guarantee third-party smart contracts, protocols or providers
- provide continuous wallet monitoring or a guarantee against fraud
- provide insurance against wallet loss, scams or unauthorised transactions
- guarantee reimbursement for losses caused by compromised wallets or third-party scams
Amy can review issues involving its own interface, wallet-linked account records and displayed product information.
21. Worked examples
Example 1
Connecting the intended wallet
A user has two wallets. Before connecting, they check the displayed address and choose the wallet they want Amy to use as their account identity.
Example 2
In-app wallet access
A user accesses an in-app wallet using Google through thirdweb. They later return using the same authentication method. The verified Amy email address remains a separate account-verification layer.
Example 3
Fake support message
A user receives a direct message claiming that Amy needs their seed phrase to restore Points. They do not reply, open links or share information. They independently open an official Amy support route.
Example 4
Unexpected approval
A wallet asks for a broad token approval when the user expected only to view information. The user rejects the request because it does not match the action they intended and checks the workflow before continuing.
Example 5
Wallet logout
A user disconnects their wallet from Amy. The session ends, but an earlier token approval remains onchain until the user separately revokes it.
Example 6
Wrong-network check
Before sending an asset, a user checks the network and destination address. They notice the destination does not support the selected network and cancel the transfer.
22. Changes and current information
Available sign-in methods and supported external wallets may change through the thirdweb-powered connection interface. Supported networks, providers and transaction requirements may vary by Amy feature.
The live connection window and relevant product screen show the options currently available. Review each live wallet request rather than relying only on this general guide.
Simple rule
Use this guide for general wallet safety. Use the live connection window, product screen and wallet confirmation to check the details of each action.
