Critical Affects < v1.3.0

Security Advisory: Wallet Migration

A vulnerability in seed generation was discovered in NanChat versions prior to v1.3.0. If you created a wallet with an older version, your wallet should be considered compromised, migrate now.

Action required. If you created your NanChat wallet before version 1.3.0, move your funds to a new wallet immediately using the built-in migration tool.

What happened
Am I affected?
How to migrate
After migration
Timeline & credit
Questions

What happened

In NanChat versions earlier than v1.3.0, the algorithm used to generate wallet seeds (secret phrases) relied on a third-party library that did not use a cryptographically secure source of randomness. This means that seeds generated by affected versions have a reduced entropy, making them potentially guessable by an attacker with sufficient resources.

Version 1.3.0 fixes the seed generation to use a secure, properly seeded random number generator. Wallets created on v1.3.0 or later are not affected.

Am I affected?

You are affected if all of the following are true:

You created your NanChat wallet using a version earlier than v1.3.0.
You have not yet migrated your funds to a new wallet.

You can check your current app version all below in Me › Settings . If you are unsure when you created your wallet or which version you used, treat yourself as affected and migrate to be safe.

You are not affected if any of the following apply:

You created your wallet on v1.3.0 or later
You are using a Ledger hardware wallet
You only used NanChat with an imported secure seed
You have already changed your secret phrase after upgrading

Dismissing the warning for imported seeds. If you are certain your secret phrase was generated securely outside of NanChat and was only imported into the app, you can dismiss the migration warning by re-importing your seed: go to Me › Settings › Logout, then log back in by importing your secret phrase. Make sure you have your secret phrase backed up before logging out..

How to migrate

NanChat v1.3.0 includes a built-in migration tool that generates a new secure seed and automatically transfers all your funds to the new wallet after your confirmation. The process takes under a minute.

Update NanChat to v1.3.0 or later from the App Store or Google Play:
Open the app and go to Me › Settings › Change Secret Phrase.
Tap Generate new secret phrase. The app will create a new, cryptographically secure seed.
Write down or securely store your new secret phrase before proceeding.
Confirm the migration. NanChat will send all funds from your old wallet to the new one automatically.

After migration

Your new wallet address will be different from your old one. Share your new address with anyone who sends you funds.
Any login-with-NanChat sessions tied to your old address will need to be refreshed.
Keep your new secret phrase stored securely offline. NanChat cannot recover it for you.
Your old wallet remains accessible in Me › Switch Wallet, but it is permanently compromised, do not send new funds to it.

Timeline & credit

June 10, 2026 — Issue identified and reported by Juliano Rizzo (Coinspect.com).
June 12, 2026 — v1.3.0 released with fix.

We thank Juliano Rizzo for the responsible disclosure.

Questions

If you have trouble migrating or have questions about whether you are affected, reach out at [email protected] or message us directly via NanChat Team on NanChat.

Security Advisory: Wallet Migration

Contents

What happened

Am I affected?

How to migrate

After migration

Timeline & credit

Questions