Skip to content
Tolinku
Tolinku
Sign In Start Free
Use Cases · · 4 min read

Deep Links for Cryptocurrency Apps

By Tolinku Staff
|
Tolinku fintech deep linking dashboard screenshot for use cases blog posts

Cryptocurrency apps have unique deep linking requirements. Wallet connection flows, token-specific pages, swap interfaces, and DeFi protocol interactions all need precise routing. Security is paramount because a malicious deep link could attempt to trick a user into signing a transaction or connecting their wallet to a phishing site.

This guide covers deep linking patterns for crypto and Web3 apps. For broader fintech deep linking, see deep linking for fintech and banking apps. For investment app patterns, see investment app deep links.

Route Patterns

Token and Asset Pages

/tokens/{chain}/{address}      → Token detail page (e.g., /tokens/ethereum/0x...)
/tokens/{symbol}               → Token by symbol (e.g., /tokens/ETH)
/nfts/{chain}/{contract}/{id}  → Specific NFT
/collections/{collection-slug} → NFT collection page

Portfolio and Wallet

/portfolio                     → Portfolio overview
/wallet/{address}              → Specific wallet view
/wallet/receive                → Receive/deposit screen
/wallet/send                   → Send screen
/wallet/send/{address}         → Pre-filled send screen

Trading and Swaps

/swap/{from}/{to}              → Swap interface (e.g., /swap/ETH/USDC)
/buy/{token}                   → Fiat on-ramp for a token
/trade/{pair}                  → Trading pair (e.g., /trade/BTC-USD)
/orders/{order-id}             → Order detail

DeFi

/stake/{protocol}/{pool}       → Staking pool
/lend/{protocol}/{asset}       → Lending interface
/yield/{protocol}              → Yield farming opportunities
/bridge/{from-chain}/{to-chain} → Cross-chain bridge

Governance

/governance/{dao}              → DAO governance page
/governance/{dao}/proposals/{id} → Specific proposal
/governance/{dao}/vote/{id}    → Vote on a proposal

Security: The Critical Concern

Wallet Connection Attacks

Malicious deep links can attempt to:

  1. Open your app with a pre-filled wallet connection to a phishing dApp.
  2. Navigate to a swap page with a malicious token address.
  3. Open a transaction signing screen with hidden parameters.

Defenses:

func handleDeepLink(_ url: URL) {
    // 1. Validate the domain
    guard isAllowedDomain(url) else {
        logSecurityEvent("blocked_domain", url: url)
        return
    }

    // 2. Never auto-execute transactions from deep links
    // Deep links should open forms, never submit them
    let route = parseRoute(url)

    switch route {
    case .send(let address, let amount):
        // Show the send form with pre-filled values
        // User MUST manually confirm
        showSendForm(prefillAddress: address, prefillAmount: amount)
        showWarning("Verify the recipient address before sending.")

    case .swap(let fromToken, let toToken):
        // Validate token addresses against known tokens
        guard isKnownToken(fromToken), isKnownToken(toToken) else {
            showWarning("Unknown token. Verify before proceeding.")
            return
        }
        showSwapInterface(from: fromToken, to: toToken)

    case .connect(let dappUrl):
        // Never auto-connect. Show connection request with details.
        showConnectionRequest(dappUrl: dappUrl)

    default:
        navigateTo(route)
    }
}

Token Address Validation

When a deep link includes a token contract address, validate it:

fun validateTokenAddress(chain: String, address: String): TokenValidation {
    // Check against known token lists
    val knownToken = tokenListManager.getToken(chain, address)
    if (knownToken != null) {
        return TokenValidation.Known(knownToken)
    }

    // Check if the address is a valid contract
    val isContract = blockchainService.isContract(chain, address)
    if (!isContract) {
        return TokenValidation.Invalid("Address is not a contract")
    }

    // Unknown token: show warning
    return TokenValidation.Unknown(
        warning = "This token is not on verified token lists. Proceed with caution."
    )
}

Transaction Signing Safeguards

Deep links should never include enough information to sign a transaction. The user must always:

  1. See the full transaction details on screen.
  2. Explicitly confirm with a button tap.
  3. Authenticate with biometrics or PIN.

WalletConnect uses deep links to connect dApps to wallets. The standard URI format:

wc:{topic}@{version}?relay-protocol={protocol}&symKey={key}

Handling WalletConnect deep links in your wallet app:

func handleWalletConnectDeepLink(_ url: URL) {
    guard let uri = url.absoluteString.replacingOccurrences(of: "yourapp://wc?uri=", with: ""),
          let decodedUri = uri.removingPercentEncoding else {
        return
    }

    // Parse the WalletConnect URI
    let session = WalletConnectSession(uri: decodedUri)

    // Show the connection request to the user
    showConnectionApproval(
        dappName: session.dappName,
        dappUrl: session.dappUrl,
        chain: session.chain,
        methods: session.requestedMethods
    )
}

Token Sharing

When a user shares a token from your app:

<meta property="og:title" content="Ethereum (ETH) | $3,450.00">
<meta property="og:description" content="View ETH price, charts, and trade on YourApp">
<meta property="og:image" content="https://yourapp.com/og/tokens/ETH.png">

The web fallback should show:

  • Token price and basic chart.
  • Links to download the app.
  • No wallet connection or transaction options (web fallback should be read-only).

NFT Sharing

NFTs are visual and shareable:

<meta property="og:title" content="CryptoPunk #1234">
<meta property="og:description" content="View this CryptoPunk on YourApp">
<meta property="og:image" content="https://yourapp.com/nfts/cryptopunks/1234/image.png">

Crypto app referrals often include trading fee discounts:

https://links.yourapp.com/invite/{code}

Regulatory note: referral incentives for crypto apps may be subject to financial promotion rules. Verify with your compliance team.

Notification Deep Link Priority
Price alert triggered /tokens/{symbol} High
Transaction confirmed /wallet/tx/{hash} High
New token listing /tokens/{symbol} Normal
Staking reward received /stake/{protocol}/{pool} Normal
Governance vote open /governance/{dao}/vote/{id} Normal
Security alert /settings/security Critical

Multi-Chain Handling

Crypto apps support multiple blockchains. Deep links need to specify the chain:

/tokens/ethereum/0x...     → Token on Ethereum
/tokens/polygon/0x...      → Same contract on Polygon
/tokens/arbitrum/0x...     → Same contract on Arbitrum

If the user does not have the specified chain enabled in their app, show a prompt to add it rather than failing silently.

Tolinku for Crypto Apps

Tolinku supports the route patterns crypto apps need. Define token pages, swap routes, and portfolio links in the Tolinku dashboard. Web fallback pages display token information without exposing wallet data or enabling transactions.

For deep link security best practices, see deep linking security. For fintech deep linking, see deep linking for fintech and banking apps.

Get deep linking tips in your inbox

One email per week. No spam.

Ready to add deep linking to your app?

Set up Universal Links, App Links, deferred deep linking, and analytics in minutes. Free to start.