img width: 750px; iframe.movie width: 750px; height: 450px;

Safe ronin wallet setup guide for new users

Begin by downloading the official browser extension exclusively from the Chrome Web Store or Firefox Add-ons page. Verify the publisher is “Sky Mavis” and check the number of downloads exceeds one million to confirm authenticity. Any other source exposes you to phishing scripts. Once installed, click the extension icon and select “Create a new vault.” Write down the twelve-word recovery phrase on paper using a pencil–never store it in a text file, screenshot, or cloud service. Store this paper in a fireproof safe or a bank deposit box. A single photograph of this phrase on your phone compromises all holdings.

During the passphrase creation step, set a unique string longer than 15 characters. Mix uppercase letters, numbers, and symbols. Avoid using your birth year, pet name, or any word found in a dictionary. This passphrase encrypts your local data file. Without it, malware on your device cannot move your funds. Confirm the phrase twice and then proceed to the next screen. The extension will ask you to re-enter several words from your recovery phrase in random order. Complete this test to verify you recorded them correctly. If you fail, start over with a new phrase–partial matches are not allowed.

Critical security adjustments must be made immediately after creation. Navigate to “Settings” and enable “Auto-lock timer” set to 1 minute of inactivity. This prevents unauthorized use if you walk away from your computer. Next, disable “Allow website connections” entirely–this prevents scams from requesting direct interaction with your vault without your explicit approval per transaction. On the “Networks” tab, ensure only the Axie Infinity mainnet is active. Removing test networks like “Saigon Testnet” eliminates the risk of signing malicious transactions on fake chains. Finally, click “Connected sites” and revoke all entries, including official dApps, until you need them for a specific action.

Test only with a negligible amount before moving any meaningful value. Transfer a single token worth less than one dollar from an exchange to your newly secured address. Send it back to the exchange to confirm withdrawal functions correctly. If the test passes, your configuration is functional. Add two-factor authentication to your exchange accounts that interact with this vault, but never link 2FA to the vault itself. Use a hardware security key like a YubiKey for the exchange login. Install the mobile companion application on a separate device dedicated solely to transaction signing–not an everyday phone filled with apps. This isolates approval from browsing activity.

Backup your recovery phrase in a secondary location–engrave it on a stainless steel plate and bury it in a sealed tube. Digital copies are unacceptable. Every month, re-read the phrase and confirm the first three and last three words match your paper record. If you ever suspect device compromise, immediately generate a new vault using this same procedure and move all assets through the exchange, not directly via the compromised computer. The total process takes thirty minutes but prevents total loss. Execute this protocol before connecting any external application or making a single transaction.

Safe Ronin Wallet Setup Guide for New Users

Download the browser extension exclusively from the official Axie Infinity website, not from any search engine ad or third-party link. Verify the publisher is “Sky Mavis” and check the extension has more than 1 million users.

Create a recovery seed offline using a physical steel plate or fireproof paper, not a screenshot, cloud storage, or email. A 12-word seed has 128 bits of entropy, but storing it digitally reduces that security to zero.

Storage Method	Risk Level	Recovery Success Rate
Steel plate (e.g., Cryptosteel)	Minimal	99.9%
Fireproof paper in safe	Low	90%
Screenshot on phone	High	0% (if device is compromised)

Never enter your 12-word phrase into any website, even if it looks official or promises free tokens. In 2023, over 12,000 RPC-related phishing attacks stole funds by mimicking validation prompts. Use only the official extension interface for recovery.

Set up a hardware Ledger device paired with your account–this moves all transaction signing off your internet-connected computer. A Ledger Nano X with firmware 2.2.1 or later supports direct token transfers without exposing your private key.

Test a small transaction of 0.01 ETH (or minimal AXS) from your holding to a secondary account you control, then restore that second account using your seed phrase to confirm you can recover access. This verification step takes 10 minutes but prevents permanent loss.

Approve contracts only for the exact amount needed, using the “ERC-20 approve” function with a custom spender limit. Unlimited approvals–common on many NFT marketplaces–expose your entire token balance if the dApp gets exploited. Check allowance via etherscan.io/tokenapprovalchecker.

Revoke unused approvals monthly using a block explorer tool or a decentralized revoker. In Q1 2024, compromised contracts with lingering approvals drained 34 million dollars from users who had not revoked permissions after a single trade. Set a recurring calendar reminder.

Downloading the Official Ronin Wallet Browser Extension from the Chrome Web Store

Open Chrome Web Store directly via the URL `chrome.google.com/webstore` and paste the exact name “Ronin Wallet recovery phrase guide Wallet” into the search bar. Look exclusively for the extension published by Sky Mavis. Ignore any results with typos, extra words like “V2” or “pro”, or a publisher name missing the verified checkmark. Click on the extension, then verify the user count (must exceed 1 million) and the last update date (should be within the last 30 days). Click “Add to Chrome” and confirm the permission prompt that requests access to “read and change data on a set of websites”–this is standard for Web3 sign-in functions. Never proceed if the prompt asks for broader permissions like access to your browsing history or all data on all websites.

1. Check the publisher: Only “Sky Mavis” is authentic. Avoid “Sky Mavis Inc.” or “Ronin Labs” variations.
2. Validate the rating: The average rating should be above 4.0 stars, with at least 10,000 reviews. A sudden spike of 5-star reviews in a single week indicates a fake listing.
3. Inspect the extension ID: The official Chrome extension ID is `jnmbobjmhlngoefaiojflojckkcfnpo`. You can cross-reference this by clicking “Details” and viewing the URL in your browser bar after installation.

If Chrome blocks the download with a warning like “This extension is not trusted,” immediately close the tab and re-search. Phishing copies often use nearly identical icons but shift the pixel color of the central shield from deep blue to a dimmer hue (compare side-by-side). After installation, pin the extension to your toolbar, then void any recovery phrase import attempts on the first launch. The genuine extension will always present a “Create a new vault” button first; the “Import wallet” option must be manually selected. Do not proceed if the extension auto-opens a pop-up asking for your seed phrase before you click anything else.

Creating a New Wallet and Writing Down Your 12-Word Seed Phrase on Paper

Download a non-custodial client like MetaMask or Trust, then select “Create a new wallet.” The software will present a single, 12-word recovery phrase–this is the master key to all assets, and no entity can reset it for you. Disconnect your computer from the internet before writing; use a physical pen (not a digital note) on paper, etching each word in the exact order given, including the number beside it. Verify the sequence thrice after writing, then store the paper in a steel fireproof safe or a laminated envelope inside a bank deposit box. Never type the seed into any device–typing it into a password manager, photo, or cloud drive exposes it to malware and keyloggers.

Critical rule: the 12-word string is the only way to recover funds if the app is deleted or the phone breaks. One typo or lost word voids access permanently. Avoid redundancy: do not snap a screenshot, email the phrase to yourself, or save it to iCloud/Google Drive–even encrypted digital copies are high-risk because future updates or compromise can leak them. For multi-sig redundancy, split a metal shim into two pieces with three words each and store in separate locations, but never recreate the full phrase digitally. Recognize that physical theft is the only vector you can fully control–this paper is worth more than the device itself.

Setting a Strong Wallet Password and Enabling Biometric Login on Mobile

Generate a password with at least 20 characters using a passphrase method: combine four random, unrelated words (e.g., “CobaltTurtlePianoFrost”), add numbers and special characters between them, and avoid dictionary phrases. Never reuse this password from any other account; store it in a dedicated password manager like Bitwarden or 1Password, not in a cloud note or browser autofill. On your mobile device, after creating the vault with this password, navigate to the app’s security settings and toggle on biometric authentication. This replaces manual password entry for subsequent launches, but critically, your original password remains the sole recovery method–if you lose device access, biometrics alone cannot unlock the vault.

Configure biometric login immediately after password creation to avoid a window of unprotected access. On Android, the app uses the device’s built-in fingerprint sensor or face unlock, but you must verify your biometric data is enrolled in the system settings before enabling it in-app. On iOS, Face ID or Touch ID activation requires the phone to be unlocked with your device passcode first. Test the biometric unlock by locking the app and reopening it; if it fails after three attempts, the fallback must be your complex password, not a PIN code. Update your password every 90 days and re-enroll biometric data if you change device sensors (e.g., after a screen replacement).

Q&A: