Self-Custody

Wallet Safety

A Vorliq wallet is controlled by its private key. The server cannot recover it for you, so safe backup habits matter as much as the software itself.

The Rule To Remember

If someone has your private key, they can control your wallet. If nobody has your private key, including you, the wallet cannot be recovered. Vorliq does not store your private key or wallet password on the server.

How To Protect A Wallet

Use a strong wallet password, keep your device updated, avoid shared browsers, and back up your wallet before storing meaningful VLQ. Keep backups in a password manager, encrypted drive, or offline location that only you control.

What Not To Do

Do not post private keys in chat, email, screenshots, support requests, forum posts, cloud notes, or public documents. Do not enter a private key on a site you reached from an unknown link.

Export An Encrypted Wallet Backup

  1. Open https://vorliq.org/account after unlocking your wallet.
  2. Click Export Encrypted Wallet.
  3. Enter your wallet password.
  4. Save vorliq-wallet-backup.json somewhere safe.

The backup contains the encrypted private key, address, public key, salt, initialization vector, encryption method, timestamps, and version. It does not contain the raw private key in plaintext.

Import A Wallet Backup

  1. Open https://vorliq.org/login in the browser where you want to restore the wallet.
  2. Use Import Wallet Backup when no wallet is saved in that browser.
  3. Select vorliq-wallet-backup.json and enter the password used to encrypt it.
  4. The app decrypts locally to confirm the password before saving the encrypted wallet in browser storage.

Verify The Official Site

Before entering a wallet password, revealing a private key, or importing a backup, check that the browser address is exactly https://vorliq.org. Do not trust lookalike domains, shortened links, direct messages, or pages that ask you to upload a backup and password outside the official app or your own trusted local node.

Verify A Receiver Address

  1. Copy the receiver address from the source the receiver controls.
  2. Check that it uses only Vorliq base58 characters. Ambiguous characters such as 0, O, I, and l should not appear.
  3. Compare the first and last several characters before sending.
  4. Do not send normal user transactions to SYSTEM, VORLIQ_TREASURY, or LENDING_POOL.
  5. When sending meaningful value, test with a small amount first and wait for confirmation.

Sending Is Final

A submitted transaction cannot be reversed by Vorliq support, miners, node operators, or the community. If the receiver address is wrong, the funds may be unrecoverable. The Send page includes a review step so users can verify sender, receiver, amount, pending status, and local signing before confirming.

Pending And Confirmed

After a send is accepted, it is placed in the pending pool. Pending means the transaction has not yet been mined into a block. Confirmed means a miner included it in a valid block. Transaction detail pages show status, confirmations, block links when available, sender, receiver, and copy buttons for safe verification.

Faucet Claims

The starter faucet only needs a public wallet address. You never need to enter a private key, wallet password, recovery phrase, admin token, or secret to request starter VLQ.

Mobile Wallets

The mobile app stores wallet data locally on the device. In this release, mobile file export/import is not enabled and should not be treated as available. Mobile users should unlock the private key only on a trusted device, save it in a secure password manager or offline backup, and keep their node URL from Settings with their records.

Mobile features such as faucet claims, profiles, lending repayment, exchange trade records, treasury proposals, treasury voting, node registry views, transaction history, and block lookup use public wallet addresses, public chain data, or local transaction signing. They should never ask you to paste a private key. Sending VLQ is the exception because the transaction is signed locally on the phone before it is submitted, and the private key is not sent to the backend.