Coming Soon: TSS-MPC Embedded Wallets

Dynamic announced our new TSS-MPC offering at EthDenver 2025, and its rolling out in the coming weeks - contact us for early access or to learn more. If you’re looking to start using Dynamic today, we recommend starting with our TEE wallets. When our TSS-MPC wallets are rolled out, you’ll have a clear upgrade path to transition your users to the new system.

Importing External Keys

When importing an existing private key into Dynamic’s TSS-MPC system, we use Shamir Secret Sharing (SSS) to securely split the key into multiple shares. This process:

  1. Takes your existing private key as input
  2. Uses SSS to split it into either 2 or 3 shares (depending on your configuration)
  3. Distributes the shares between the relevant parties (user, server, and optionally a backup)
  4. Securely destroys the original complete private key

After import, the key exists only in its distributed form and all future operations use TSS-MPC - the complete private key is never reconstructed. This maintains the security benefits of TSS-MPC while allowing seamless migration from traditional wallets.

Exporting Keys

Key export should be treated with caution as it temporarily reconstructs the complete private key. We recommend using the MPC system for normal operations and only exporting when absolutely necessary.

For maximum user control and portability, Dynamic allows users to export their private keys. During export:

  1. The key shares are temporarily recombined on the user’s device using secure MPC
  2. The private key is constructed client side and provided to the user

This ensures users maintain true self-custody and can always access their assets, even outside of Dynamic’s ecosystem.

When implementing Dynamic in headless mode, please ensure you are surfacing this flow to your end users, so that they always maintain control of their wallet.

End User Experience

The Dynamic export flow reveals the private key/seed phrase in an secure isolated iframe to limit the ability of Dynamic, the developer, or anyone in the flow to view the exported key. For more details on the security of the iframe and cryptographic flows go to our FAQs.

Programmatically Triggering Wallet Export Flow

To open the export wallet flow on behalf of your users, you can call the initExportProcess method from the useEmbeddedReveal hook. This will open the flow described above. Only the end-user will be able to see the private key or seed phrase.

import { useEmbeddedReveal } from "@dynamic-labs/sdk-react-core";


const { initExportProcess } = useEmbeddedReveal();


<button onClick={() => initExportProcess()}>Export Wallet</button>;

You can see the experience by going to demo.dynamic.xyz and creating an embedded wallet.

Unlinking customer’s embedded wallet from your app

Once an end-user has revealed their private key/seed phrase, they can choose to unlink it from your site, maintaining full control over the interfaces on which their private key exists. To do this, Dynamic provides a checkbox option and confirmation screen to complete this flow.

If an end user chooses to complete this flow, their embedded wallet will no longer work within your application. They will be issued a new embedded wallet if they log in again.

Risks and Considerations

You should always provide your end users with a path to reveal and replicate their keys from their embedded wallet. When using the headless embedded wallet flow, please ensure you add a path for users to complete this step using the programmatic option described above.

End users should be aware that replicating their wallet credentials can expose their wallet to risk if the credentials are not stored securely. Users are advised to store their credentials in a secure location and not share them with anyone. When implementing Dynamic in headless mode, we recommend communicating these warnings to users.

Was this page helpful?

RecoveryAdvanced Features