ONTO Wallet: build an easy to use experience and navigate a secure future in Web 3.0

GoPlus Security
8 min readDec 8, 2022


Web3 is the next-generation internet. It stands for decentralization, privacy, composability, permanent storage, owning your own data, a more decentralized web and value creation.

Instead of independent sites hosted on a particular server, Web3’s use of the blockchain

provides greater resiliency, protection against censorship, and other benefits. Web3 is a

marvel of the possibilities of blockchain, but it doesn’t take much to reveal the darker


Web3 is still in its infancy. Early adopters are facing complicated terminology and bad UIs, making for a very tricky onboarding process. What’s more, in the context of such a decentralized space, for most new users, the crypto space currently feels a bit like the wild west. So many risks for security are out there, including scams, hack, phishing attacks and what’s worse is there is no recourse for any loss from such transactions.

ONTO Wallet, a DID-based gateway for a seamless Web3 experience, tries to solve all these two key problems to get the masses onboarded into the Web3 world with a Web2-like experience.

ONTO Wallet is providing users with a gateway into this ever-growing space with ease, offering seamless access to Web3 and efficiently and securely managing their own crypto assets, data and digital identities.

Deliver the Best Web3 User Experience

User experience is the biggest hurdle to Web3 adoption. For a Web3 beginner, switching from Web2 to Web3 can be very challenging.

Aiming for a seamless Web3 experience and lowering the entry barrier for new users, ONTO Wallet has optimized its UX in the following aspects:

1)ONT ID — Your Passport to Web3

In the Web2 world, the digital identity is confined to each social platform where

users have to have multiple identities across different platforms. The owner of the account generates personal information and data on every single platform, which are collected and controlled by tech giants who will then monetize it. In other words, users in Web2 have multiple digital identities which are neither synced up with each other, nor own and control their own data.

Web3 promises to shift this paradigm by giving data ownership back to users. In the Web3 world, users are allowed to create a single decentralized identity which is interoperable. All the on-chain behaviors and activities around a ‘Web3 citizen’ are attached to a single decentralized identity, A.K.A DID, generally referred to as Decentralized Identity, an extension and expansion of the Web2 user profile concept in Web3.

Online users require a plethora of accounts to access different services in Web2. In stark contrast, thanks to ONTO’s unique ONT ID decentralizedl identity and data system, you can access a variety of dApps alongside features of the wider Web3 ecosystem with just a single ONT ID. ONT ID is your passport to the Web3 world. Users can use their ONT ID to control on-chain assets and manage identity data, so as to better protect their data privacy.

2)Improve Human Readability with Domain Name Solutions

When you enter Web3, you’re given a 42-character hexadecimal address. Domain name solution adds human readability and character to such address.

ONTO integrates solutions with domain names like FIO Crypto Handles and Unstoppable Domains. These one-of-a-kind solutions can turn a long and conplicated string of wallet addresses into human-readable domain names, which you can use to access Web3 dApps in ONTO and come with multi-chain support.

3)Multi-Chain Wallet

One concept which can be difficult for new users to wrap their heads around is that, out of the over tens of thousands cryptocurrencies available for purchase right now, they are not all supported by the same wallets. Ethereum-based wallets like MetaMask cannot accept Bitcoin, let alone dozens of different kinds of public chains out there and their own blockchain-enabled wallets, creating an obstacle to novice buyers, traders and investors alike.

In addition to its unique DID system, ONTO also functions as a multi-chain wallet with more than 40 blockchains available. In practice, users can manage all of their digital assets in one place, from tokens to NFTs, and private data.

To date, ONTO supports more than 40 public blockchains including Ethereum, BNB Chain, Ontology, Polkadot, Polygon, etc.

4)Access over 1000 DApps and NFT Collections

ONTO Wallet allows users to display, send or receive and even trade NFTs without going to an NFT marketplace. Furthermore, ONTO also provides seamless access to over 1,000 dApps. Users can switch addresses of other chains within the dApp without repeatedly switching tabs, offering a much better user experience. With more than 1,000 dApps easily accessible in ONTO, all users can find their niche.

5)Native Swap and Bridge

ONTO offers in-app native Swap and Bridge features, allowing you to swap assets with the optimal exchange rate instantly and directly within the wallet, powered by OpenOcean and PolyNetwork.

6)Address Scan for Token and NFT Detection

ONTO also comes with a unique address scan feature that can automatically detect and add digital assets and NFTs with balances in your addresses in real-time. Since ONTO has integrated the token prices and information on CoinMarketCap, you can find real-time token-fiat prices and detailed information about the projects and tokens at ease.

With this feature, users aren’t required to add assets manually and don’t have to worry about forgetting their assets.

Security and Safety First

Security issues matters more in Web3 than in Web2 since security risks are more about assets in Web3. Once a hack happens, it can lead to millions of dollars losses. And in the context of such a decentralized space, there is no recourse for any loss from such transactions. So Web3 security must be more proactive and prevention-oriented than Web2 security.

With this in mind, safety and security is a top priority for ONTO Wallet. As ONTO is a decentralized wallet, it does not store any data. This makes the wallet immune to external attacks.

By integrating with multiple security API services powered by GoPlus , ONTO Wallet automatically detects security risk and triggers alerts for users in the process of token transfer and trading, NFT trading, and dApp approvals.

Token Security API

When token swap happens in ONTO Wallet, an instant auto-detection for token security risk will be triggered.

This service would identify risks and assess its risk levels around the tokens on its basic information, contract security, trading security, and information security.

Once the token is detected with a security risk, users will be informed with detailed risks info.

Users could click any token to enter its intro tab, checking if it’s safe or risky.

Click to access the full security detection page for more detailed information:

The powerful token security detection service of ONTO Wallet is supported by the Token security API provided by GoPlus, which is one of the most complete and accurate security services for token data on the market. As of October 21, a total of 1.6m+ tokens have been detected and 2–3 million times of calls happen per day. The database is currently automatically keeping on adding newly issued tokens in the market and doing security identification and detection for them, covering as fast as possible for as many tokens in the market as possible.

Malicious Address API

In the event of asset transfer, ONTO Wallet would auto-detect the receiving address. The identification of potential risk for security would be based on if the following honeypot activities are ever involved with the given address: phishing scams, blackmail activities, malicious mining activities, money laundering, token mixing and financial crime.

Once the address is identified to be a malicious address, a security warning will be given to the user, informing that the address is a malicious address, and the user SHOULD NOT do the next step.

The powerful malicious address detection of ONTO Wallet is supported by the malicious address detection API powered by GoPlus Security Engine, compatible with several public blockchains including Ethereum, BNB Chain, Polygon, HECO, Arbitrum, Avalanche, etc. Aggregating data sources from multiple security companies including SlowMist and BlockSec, GoPlus is a leader in the market in terms of public blockchain compatibility (Supported public chains including Ethereum, BNB Chain, Polygon, HECO, Avalanche, etc.), token standards supported (ERC 20, ERC 721 and ERC 1155 supported), library pattern diversity (data sources from multiple security companies which provided different type of code analysis patterns), sync-up speed (maintain a library to keep up with the emerging honeypot tokens related addresses in the market) and coverage (the library has accumulated more than 100,000 of black addresses now, and it keeps up adding newly ones)

Currently, GoPlus provides free API access services for partners. In contrast, most of other AMLs on the market are paid services, like the AML services that offer quite expensive services for financial institutions.

NFT Security API

See the corresponding security report for an NFT collection built in ONTO Wallet as the security alert is triggered once the security vulnerability is detected thanks to the integration of GoPlus NFT Security API.

In the context of more and more sneaky traps, especially the innovative NFT honeypots and many more fake name NFT scams, GoPlus goes for NFT security detection on the over 20 security checkboxes in the contract level from whether it is open sourced, whether there is an agent, whether there is malicious behavior, whether there is a blacklist doubt, preventing users from getting scammed.

GoPlus NFT security API dominates the security market with full coverage of NFT projects (more than 160M) and the most verified NFTs (more than 4M+ verified NFTs have been indexed so far).

Approval Security V1 API:

ONTO Wallet allows users to seamlessly access more than 1,000 dApps across different public blockchains.

We all know, to interact with a dApp, one has to sign transactions & approve their access to our tokens. But it comes at the cost of security, as connecting to a dApp can lead to drained wallets.

So never blindly approve a dApp and if you do, it is necessary to do a security detection for the approved contract. This is how ONTO Wallet plays out for security checks.

When a user uses dApps in ONTO Wallet, a security check on the approved contract would pop up and once any potential risks are detected, an alert with red flag mark would be displayed, informing users that they should NEVER click the confirm button.

This approval contract security detection of ONTO Wallet is supported by GoPlus Security Engine Approval Security V1 API. It has a growing number of whitelists as a full library by collecting the approval contract of legit dApps on the market. Combined with the malicious addresses database and on-chain data analysis, it is aimed at protecting users against would-be crypto thieves.

For more Info:




GoPlus Security

Empowering a #SaferWeb3 with user-driven, open access security solutions. Championing user education for a fortified front against adversaries.