Security

Your security is the architecture, not an add-on.

EvoMone is built so that your money and your data are protected by design. Not by our promises, by the way the app is structured from the ground up.

Available in 160+ countries
Non-custodial by design
Your keys, your control

Non-custodial

We never hold your funds

Your keys

Stored only on your device

Encrypted

Protected in transit and storage

No tracking

No ads, no profiling, ever

Security built into the foundation

Most apps add security on top of their product. With EvoMone, security is the product. Here's how it works.

You hold the keys

EvoMone is non-custodial. Your private keys are generated and stored only on your device, never on our servers. We could not access your funds even if we wanted to.

Your phone number is hashed

When you register, your phone number is converted into a one-way cryptographic hash that cannot be reversed. We never store your actual number. Even we cannot retrieve it.

Encrypted messaging

Messages are encrypted in transit and stored in encrypted form on our servers. EvoMone cannot read the content of your conversations. Full end-to-end encryption is planned for a future update.

No tracking, no ads

We do not track your behaviour, build advertising profiles, or sell your data. There are no ads in EvoMone and there never will be. Your activity is yours alone.

Encrypted device backup

If you choose cloud backup, your recovery phrase is encrypted locally using AES-256 with keys held in your device's secure keychain before it ever leaves your phone.

Built on Bitcoin

Your wallet lives on the Bitcoin blockchain, the most secure and battle-tested monetary network in the world, not on a private company's servers that could be a single point of failure.

What happens to your phone number

We use it once to verify you, then it's gone. Here's the exact journey, start to finish.

1

You enter it

Your number is used to send a one-time verification code via Twilio.

2

It's hashed

Instantly converted into a one-way cryptographic hash that cannot be reversed.

3

Original discarded

Your actual number is never written to our database. It simply doesn't get stored.

4

Only the hash remains

Even EvoMone cannot retrieve your number from what's stored. That's the point.

The result: we literally cannot give away what we never keep.

Why self-custody is safer

When you keep money with a bank or an exchange, you are trusting them to keep it safe and to give it back when you ask. History has shown that trust is not always rewarded. Accounts get frozen. Exchanges collapse. Withdrawals get halted.

With EvoMone, there is no middleman to fail. Your Bitcoin is held by you, on the Bitcoin network, accessible only with your keys. Nothing that happens to EvoMone the company can touch your funds.

Privacy is the default, not a setting

You don't have to configure EvoMone to protect your privacy. It's built that way from the start. No ID is required to hold or send Bitcoin. Your phone number is hashed and never stored. Your messages are encrypted.

We collect the absolute minimum needed to make the app work, and nothing more. What you do with your money and who you talk to is your business, not ours.

Staying safe from scams

The biggest risk to your crypto isn't the technology, it's people trying to trick you into giving up access. Here's what to watch for.

SIM-swapping

SIM-swap scams trick your mobile provider into moving your number to a fraudster's SIM, letting them intercept calls and texts. With EvoMone, the good news is that your Bitcoin is protected by your recovery phrase, not your phone number. Losing your SIM does not give anyone access to your funds.

To stay safe: ask your mobile provider to add a port-out PIN to your account, and never rely on SMS alone to protect anything valuable.

Email & phishing scams

Scammers send fake emails pretending to be from EvoMone, MoonPay, or other services, often with links to fake login pages designed to steal your details or your recovery phrase.

EvoMone will never email you asking for your recovery phrase, private keys, or password. If an email asks for these, or pushes you to click a link urgently, treat it as a scam. When in doubt, come directly to the app or our official website.

Fake support & impersonation

Be wary of anyone contacting you claiming to be EvoMone support, especially on social media, Telegram, or by direct message. Real support will never slide into your DMs asking for access.

We will never ask for your recovery phrase or remote access to your device. Our only support channel is the chat on our official website and app.

Your part matters too

Self-custody means you're in control, and that comes with responsibility

The same architecture that makes EvoMone secure also means there's no "forgot password" button. Your 12-word recovery phrase is the master key to your Bitcoin. Protecting it is the most important thing you can do.

Write your recovery phrase down on paper. Never store it digitally, in screenshots, or in cloud notes.

Keep it somewhere safe and offline that only you can access.

Never share it with anyone. EvoMone will never ask for it. Nobody legitimate ever will.

Security questions, answered in full

Detailed guidance for the situations that matter most. If you need help with any of these, our live chat is always available.

What should I do if my wallet is compromised?

If you believe someone has gained access to your wallet or your recovery phrase, the most important thing is to act quickly. Bitcoin transactions are irreversible, and because EvoMone is non-custodial, no one, including us, can reverse a transaction or recover stolen funds. Speed is your best defence.

Step by step:

  1. Create a brand new wallet with a completely new recovery phrase. Treat the compromised wallet as permanently unsafe, never reuse its phrase, PIN, or passwords.
  2. Move any remaining funds immediately from the compromised wallet to your new one. Every minute counts.
  3. Scan your device with reputable anti-malware software. Look for keyloggers, suspicious apps, or browser extensions that may have captured your phrase.
  4. Check your online accounts. If your recovery phrase was ever stored in email, cloud storage, notes, or a screenshot, those accounts may also be compromised. Change passwords and enable two-factor authentication.
  5. Store your new phrase offline only. Write it on paper and keep it somewhere safe. Never store it digitally again.

Once you've secured your funds, consider reporting the incident to your local cybercrime authority. You can also reach us through the live chat for guidance through these steps, though please remember we cannot access or recover funds on your behalf.

I've lost my recovery phrase. What now?

Your 12-word recovery phrase is the only way to restore your wallet if you lose access to your device. Because EvoMone is non-custodial, we never hold a copy of it, which means we cannot recover it for you. This is a deliberate security choice, it's the same reason no one else can ever access your funds.

If you still have access to your wallet right now:

  1. Open the app while you still have access.
  2. Go to your wallet's backup or security settings.
  3. Carefully write down your 12-word recovery phrase on paper.
  4. Store it somewhere safe and offline that only you can access.

If you've lost both your phrase and access to your device, your funds cannot be recovered by anyone. This is why backing up your phrase the moment you create your wallet is so important.

If you enabled encrypted cloud backup when setting up your wallet, you may be able to restore from iCloud or Google Drive. Check your backup settings, but remember the most reliable method is always a handwritten phrase stored offline.

How do I protect myself from SIM-swapping?

SIM-swapping is when a scammer convinces your mobile provider to transfer your phone number to a SIM card they control. This lets them intercept calls and text messages, which on many platforms is enough to break into accounts protected only by SMS codes.

Here's the reassuring part: with EvoMone, your Bitcoin is protected by your 12-word recovery phrase, not your phone number. Your phone number is only used once at sign-up and is then stored as a one-way cryptographic hash. Losing control of your SIM does not give anyone access to your funds.

That said, SIM-swapping can still affect other accounts in your life, so it's worth protecting against:

  • Ask your mobile provider to add a port-out PIN or passcode to your account.
  • Avoid using SMS as your only form of two-factor authentication anywhere important, use an authenticator app instead.
  • Be cautious about how much personal information you share publicly, scammers use it to impersonate you to your provider.
How can I tell if a message or email is really from EvoMone?

Scammers impersonate companies like EvoMone through fake emails, social media accounts, and direct messages. They often create a false sense of urgency, claiming there's a problem with your wallet or suspicious activity, to pressure you into acting without thinking.

The single rule that keeps you safe: because EvoMone is non-custodial, genuine support never needs access to your wallet, your recovery phrase, or your device. Anyone who asks for these is not us.

EvoMone will never:

  • Ask for your 12-word recovery phrase or private keys.
  • Ask you to install remote-access or screen-sharing software.
  • Ask you to move your funds to a "safe" wallet.
  • Contact you first by phone, social media, or DM requesting any of the above.

Our only support channel is the live chat on our official app and website. If a message feels off, don't act on it, come to us directly through the chat to check.

Security you can verify, not just trust.

Want to understand exactly how we handle your data? Our Privacy Policy and FAQ break it all down in plain language.

Read our Privacy Policy Visit the FAQ