Secure Seed Phrase Input for Crypto

A seed phrase entered into a standard input is immediately visible to every script on the page. One browser extension, one XSS attack, and the wallet is drained. SmartField encrypts seed phrases at the keystroke level. The browser never sees the real words.

What Data This Protects

Threats Blocked

Clipboard hijacking
Browser extension key theft
XSS seed phrase extraction
Keyloggers capturing recovery words
Screen recording of wallet import

How It Works

Every keystroke is encrypted with AES-256-GCM. The AES key is wrapped with RSA-2048. Only your server can decrypt.

Why Standard Inputs Fail

A standard <input> stores plaintext in the DOM. Any JavaScript on the page can read it:

document.querySelector('input').value
// "MyBankPassword123"  ← stolen

With SmartField, the same code returns:

document.querySelector('smart-field').value
// "eyJ2IjoxLCJpdiI6IkNx..."  ← encrypted

Compliance

Frequently Asked Questions

Can a browser extension steal the seed phrase?+

Not with SmartField. Extensions read DOM content via JavaScript. SmartField stores data in a WeakMap inside a closed Shadow DOM. Extensions see cipher characters or encrypted payloads.

What about clipboard attacks?+

SmartField blocks copy, paste, select, drag, and context menu events. The clipboard never contains the seed phrase.

Does it work for wallet import flows?+

Yes. Use SmartField for the seed phrase input, then decrypt server-side to derive the wallet. The seed phrase never exists as plaintext in the browser.

Secure Seed Phrase and Private Key Input for Crypto Wallets