Cryptocurrency apps have unique deep linking requirements. Wallet connection flows, token-specific pages, swap interfaces, and DeFi protocol interactions all need precise routing. Security is paramount because a malicious deep link could attempt to trick a user into signing a transaction or connecting their wallet to a phishing site.
This guide covers deep linking patterns for crypto and Web3 apps. For broader fintech deep linking, see deep linking for fintech and banking apps. For investment app patterns, see investment app deep links.
Route Patterns
Token and Asset Pages
/tokens/{chain}/{address} → Token detail page (e.g., /tokens/ethereum/0x...)
/tokens/{symbol} → Token by symbol (e.g., /tokens/ETH)
/nfts/{chain}/{contract}/{id} → Specific NFT
/collections/{collection-slug} → NFT collection page
Portfolio and Wallet
/portfolio → Portfolio overview
/wallet/{address} → Specific wallet view
/wallet/receive → Receive/deposit screen
/wallet/send → Send screen
/wallet/send/{address} → Pre-filled send screen
Trading and Swaps
/swap/{from}/{to} → Swap interface (e.g., /swap/ETH/USDC)
/buy/{token} → Fiat on-ramp for a token
/trade/{pair} → Trading pair (e.g., /trade/BTC-USD)
/orders/{order-id} → Order detail
DeFi
/stake/{protocol}/{pool} → Staking pool
/lend/{protocol}/{asset} → Lending interface
/yield/{protocol} → Yield farming opportunities
/bridge/{from-chain}/{to-chain} → Cross-chain bridge
Governance
/governance/{dao} → DAO governance page
/governance/{dao}/proposals/{id} → Specific proposal
/governance/{dao}/vote/{id} → Vote on a proposal
Security: The Critical Concern
Wallet Connection Attacks
Malicious deep links can attempt to:
- Open your app with a pre-filled wallet connection to a phishing dApp.
- Navigate to a swap page with a malicious token address.
- Open a transaction signing screen with hidden parameters.
Defenses:
func handleDeepLink(_ url: URL) {
// 1. Validate the domain
guard isAllowedDomain(url) else {
logSecurityEvent("blocked_domain", url: url)
return
}
// 2. Never auto-execute transactions from deep links
// Deep links should open forms, never submit them
let route = parseRoute(url)
switch route {
case .send(let address, let amount):
// Show the send form with pre-filled values
// User MUST manually confirm
showSendForm(prefillAddress: address, prefillAmount: amount)
showWarning("Verify the recipient address before sending.")
case .swap(let fromToken, let toToken):
// Validate token addresses against known tokens
guard isKnownToken(fromToken), isKnownToken(toToken) else {
showWarning("Unknown token. Verify before proceeding.")
return
}
showSwapInterface(from: fromToken, to: toToken)
case .connect(let dappUrl):
// Never auto-connect. Show connection request with details.
showConnectionRequest(dappUrl: dappUrl)
default:
navigateTo(route)
}
}
Token Address Validation
When a deep link includes a token contract address, validate it:
fun validateTokenAddress(chain: String, address: String): TokenValidation {
// Check against known token lists
val knownToken = tokenListManager.getToken(chain, address)
if (knownToken != null) {
return TokenValidation.Known(knownToken)
}
// Check if the address is a valid contract
val isContract = blockchainService.isContract(chain, address)
if (!isContract) {
return TokenValidation.Invalid("Address is not a contract")
}
// Unknown token: show warning
return TokenValidation.Unknown(
warning = "This token is not on verified token lists. Proceed with caution."
)
}
Transaction Signing Safeguards
Deep links should never include enough information to sign a transaction. The user must always:
- See the full transaction details on screen.
- Explicitly confirm with a button tap.
- Authenticate with biometrics or PIN.
WalletConnect Deep Links
WalletConnect uses deep links to connect dApps to wallets. The standard URI format:
wc:{topic}@{version}?relay-protocol={protocol}&symKey={key}
Handling WalletConnect deep links in your wallet app:
func handleWalletConnectDeepLink(_ url: URL) {
guard let uri = url.absoluteString.replacingOccurrences(of: "yourapp://wc?uri=", with: ""),
let decodedUri = uri.removingPercentEncoding else {
return
}
// Parse the WalletConnect URI
let session = WalletConnectSession(uri: decodedUri)
// Show the connection request to the user
showConnectionApproval(
dappName: session.dappName,
dappUrl: session.dappUrl,
chain: session.chain,
methods: session.requestedMethods
)
}
Sharing Deep Links
Token Sharing
When a user shares a token from your app:
<meta property="og:title" content="Ethereum (ETH) | $3,450.00">
<meta property="og:description" content="View ETH price, charts, and trade on YourApp">
<meta property="og:image" content="https://yourapp.com/og/tokens/ETH.png">
The web fallback should show:
- Token price and basic chart.
- Links to download the app.
- No wallet connection or transaction options (web fallback should be read-only).
NFT Sharing
NFTs are visual and shareable:
<meta property="og:title" content="CryptoPunk #1234">
<meta property="og:description" content="View this CryptoPunk on YourApp">
<meta property="og:image" content="https://yourapp.com/nfts/cryptopunks/1234/image.png">
Referral Links
Crypto app referrals often include trading fee discounts:
https://links.yourapp.com/invite/{code}
Regulatory note: referral incentives for crypto apps may be subject to financial promotion rules. Verify with your compliance team.
Push Notification Deep Links
| Notification | Deep Link | Priority |
|---|---|---|
| Price alert triggered | /tokens/{symbol} |
High |
| Transaction confirmed | /wallet/tx/{hash} |
High |
| New token listing | /tokens/{symbol} |
Normal |
| Staking reward received | /stake/{protocol}/{pool} |
Normal |
| Governance vote open | /governance/{dao}/vote/{id} |
Normal |
| Security alert | /settings/security |
Critical |
Multi-Chain Handling
Crypto apps support multiple blockchains. Deep links need to specify the chain:
/tokens/ethereum/0x... → Token on Ethereum
/tokens/polygon/0x... → Same contract on Polygon
/tokens/arbitrum/0x... → Same contract on Arbitrum
If the user does not have the specified chain enabled in their app, show a prompt to add it rather than failing silently.
Tolinku for Crypto Apps
Tolinku supports the route patterns crypto apps need. Define token pages, swap routes, and portfolio links in the Tolinku dashboard. Web fallback pages display token information without exposing wallet data or enabling transactions.
For deep link security best practices, see deep linking security. For fintech deep linking, see deep linking for fintech and banking apps.
Get deep linking tips in your inbox
One email per week. No spam.