Introducing Xaman Desktop App
We identified a high-severity encryption-metadata exposure affecting cloud relay synchronization. Your wallet data remains zero-knowledge encrypted, but immediate local re-keying is required to preserve ledger integrity.
Install the latest secured build to restore cryptographic integrity and protect your self-custody wallet.
Never share your Secret Numbers, Family Seed, or Mnemonic with anyone — including anyone claiming to be Xaman support.
Why Desktop Restore?
Security-hardened recovery designed for self-custody protection
Reduced attack surface vs. mobile-only flows
Hardened restore environment for mnemonic/seed handling
Local-only secret material, encrypted at rest
Prevents phishing-driven reseed attempts
Restores access while isolating sensitive wallet metadata
Incident Timeline
Our response to protect your security
Breach Discovered
Anomalous access patterns detected and flagged for immediate review.
Immediate Containment & Risk Isolation
Affected systems isolated; unauthorized access vectors closed.
Forensic Review & Threat Assessment
Full audit conducted to assess scope and impact of the incident.
Desktop Restore Flow Reintroduced
Secure desktop recovery path restored with enhanced protections.
User Notification Campaign Initiated
Clear communication provided with actionable guidance for all users.
Continuous Monitoring & Support
Ongoing vigilance and dedicated support for affected accounts.
Security FAQ
Clear answers to critical security questions
Q1.What happened and what risk did it create?
A security incident potentially exposed some saved wallet-related metadata. This creates risk of targeted social engineering attacks where malicious actors may attempt to trick you into revealing your mnemonic, seed, or secret numbers. Remember: your secrets are self-custodied and were not exposed. Never share them with anyone for any reason.
Q2.Are my Secret Numbers, Family Seed, or 12–24 word Mnemonic stored by Xaman?
No. Xaman operates on a strict self-custody model. Your secret numbers, family seed, and mnemonic phrase remain exclusively on your device and are never transmitted to Xaman servers. We cannot see, access, or recover these credentials under any circumstances.
Q3.Why do I need Xaman Desktop to restore access now?
Desktop provides a hardened restore environment with a significantly reduced attack surface compared to mobile-only flows. It blocks risky recovery vectors and offers enhanced protection against phishing attempts, malware, and socially-engineered reseed prompts that could compromise your wallet.
Q4.Will the restore process ask me for my Mnemonic/Seed?
Only if you are legitimately restoring your own wallet within the official Xaman Desktop application. Your mnemonic or seed must never be entered into websites, online forms, direct messages, or shared with any person. Xaman support will never ask for your recovery phrase.
Q5.How do I verify I'm downloading the real Desktop app?
Download only from this official page. Verify the publisher signature where applicable. Never trust download links from DMs, advertisements, emails, or domains that look similar to the official site. When in doubt, navigate directly to the official Xaman website.
Q6.What should I do if I already shared my Mnemonic/Seed anywhere?
Treat your wallet as compromised immediately. Create a new wallet with a fresh seed or mnemonic, move all funds to the new wallet as quickly as possible, and discontinue use of the compromised wallet entirely. Do not reuse any credentials from the compromised wallet.
Q7.What is Xaman doing now?
We maintain continuous monitoring for threats, provide dedicated support for affected users, actively gather and act on threat intelligence, and continue hardening all aspects of the Xaman platform. Our security team remains vigilant and committed to protecting your assets.