> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sei.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Sei Network Accounts: Dual Address System Explained

> Understand how Sei's unified account system works with both EVM (0x) and Cosmos (sei1) addresses, including association methods, security considerations, and cross-environment interactions.

Every account on Sei has a unique public key. This public key can be used to
generate multiple wallet addresses, but it is important to note that the two are
functionally the same. They appear different, and depending on the app they may
be used interchangeably, but they both point to the same destination - your
account. The difference is like the difference between the numeral "2" and the
word "two". They both define the same value, but may be used in different
contexts.

* **"hex" Address**: Starts with `0x` and is EVM-based.

* **"bech32" Address**: Starts with `sei1` and is used for Cosmos functions.

<img src="https://mintcdn.com/seilabs/szEAtr1JphlH_mVc/assets/address-derivation.png?fit=max&auto=format&n=szEAtr1JphlH_mVc&q=85&s=23cfcb90fbd44a69781b884302670b92" alt="Address derivation" width="1600" height="900" data-path="assets/address-derivation.png" />

Although these addresses appear different, they actually share the same
underlying account. Once the two addresses are linked through association
(described below), whatever action you take with one address also affects the
other.

Once associated, if you deposit funds into your EVM address you can access and
use those same funds with your SEI address, and vice versa — they behave as one
account, ensuring seamless integration between the EVM and SEI ecosystems. Until
the addresses are associated, they are treated as separate accounts with
separate balances (see **Before Linking** below).

Both addresses for a single account are derived from the same **public key**, but the chain can only determine their association **after the public key is known by the chain** via association.

## Key Points

### Before Linking

* The Bech32 (`sei...`) and EVM (`0x...`) addresses are treated as **separate
  accounts**.
* They will have separate balances until linked.
* Cosmos tokens received by the EVM address prior to association will be held in
  a temporary Cosmos Bech32 address, which will transfer to the associated address upon
  linking.
* Some types of transactions will **not be possible** (see table below).

### After Linking

* Balances are reflected consistently across both addresses.
* Applications can query either address format seamlessly.

## Wallet Association and Transfer Limitations

Certain actions are **not possible** before wallets are associated:

* Transfers of **CW-based tokens** (e.g., CW20/721/1155) from a non-EVM wallet
  to an **unassociated EVM address**.
* Transfers of **ERC-based tokens** (e.g., ERC20/721/1155) from an EVM wallet to
  an **unassociated Cosmos address**.

## Methods of Association

| Method                     | Security Risk | User Action Required                                                     |
| -------------------------- | ------------- | ------------------------------------------------------------------------ |
| 1. Broadcast a Transaction | Low           | Association happens automatically                                        |
| 2. Direct Private Key      | High          | Provide private key directly                                             |
| 3. Signed Message          | Medium        | Sign a predefined message to prove ownership *(recommended for wallets)* |
| 4. Public Key              | Low           | Provide a compressed public key for association                          |

<Info>Each method ensures the **public key** is known to the chain, enabling automatic association between the EVM-compatible and Bech32 addresses. All four go through the on-chain `addr` precompile (`0x0000000000000000000000000000000000001004`) or the EVM ante handler and are available on every Sei EVM RPC.</Info>

<Note>A previous "gasless" association flow that used the `sei_associate` JSON-RPC method has been retired — the method is part of the deprecated `sei_*` namespace and is not in the default `enabled_legacy_sei_apis` allowlist, so it returns `legacy_sei_deprecated` on public RPCs. Method 3 covers the same wallet-signed-message UX without depending on a gated endpoint. Node operators who want to re-enable the legacy method on their own infrastructure can add `sei_associate` to `enabled_legacy_sei_apis` in `app.toml` — see [Node Operators](/node/node-operators) for the surrounding config.</Note>

Constants for the `addr` precompile can also be found in the repo
[Sei-Chain/precompiles](https://github.com/sei-protocol/sei-chain/tree/main/precompiles/addr):

## Method 1: Broadcast a Transaction

* When an account **broadcasts a transaction** (e.g., sending tokens), its
  public key is recorded on-chain.
* Once the public key is known, the **EVM address** and **Bech32 address** are
  linked automatically.
* This ensures balances and transactions are accessible across both address
  formats.

## Method 2: Direct Private Key Association

<Danger>**Security Risk**: **High** – Requires the private key to be directly available. Exposing the private key can compromise the wallet.</Danger>

This method directly uses the private key to interact with the network.

```ts theme={"dark"}
import { createPublicClient, createWalletClient, http } from 'viem';
import { privateKeyToAccount } from 'viem/accounts';
import { seiTestnet } from 'viem/chains';
import { ADDRESS_PRECOMPILE_ABI, ADDRESS_PRECOMPILE_ADDRESS } from '@sei-js/precompiles';

const PRIVATE_KEY = '<replace_with_private_key>';

const publicClient = createPublicClient({
	chain: seiTestnet,
	transport: http()
});
const client = createWalletClient({ chain: seiTestnet, transport: http() });

const account = privateKeyToAccount(PRIVATE_KEY);

const response = await client.writeContract({
	account,
	address: ADDRESS_PRECOMPILE_ADDRESS,
	abi: ADDRESS_PRECOMPILE_ABI,
	functionName: 'associate',
	args: ['0', '0', '0', 'example_message'],
	gasPrice: BigInt(100_000_000_000)
});
console.log(response);
```

## Method 3: Associate via Signed Message

<Warning>**Security Risk**: **Medium** – Requires signing a specific message using the private key.</Warning>

This method involves signing a predefined message to prove ownership of the
account.

```ts theme={"dark"}
import { createWalletClient, http, parseSignature, toHex } from 'viem';
import { privateKeyToAccount, generatePrivateKey } from 'viem/accounts';
import { seiTestnet } from 'viem/chains';
import { ADDRESS_PRECOMPILE_ABI, ADDRESS_PRECOMPILE_ADDRESS } from '@sei-js/precompiles';

const client = createWalletClient({ chain: seiTestnet, transport: http() });

const associate = async () => {
	const account = privateKeyToAccount('<replace_with_private_key>');
	const newPk = generatePrivateKey();
	const newAccount = privateKeyToAccount(newPk);

	const message = 'associate';
	const signature = await newAccount.signMessage({ message });
	const parsedSignature = parseSignature(signature);
	const customMessage = `\x19Ethereum Signed Message:\n${message.length}${message}`;

	const response = await client.writeContract({
		account,
		address: ADDRESS_PRECOMPILE_ADDRESS,
		abi: ADDRESS_PRECOMPILE_ABI,
		functionName: 'associate',
		args: [toHex(Number(parsedSignature.v) - 27), parsedSignature.r, parsedSignature.s, customMessage],
		gasPrice: BigInt(100_000_000_000)
	});
	console.log(response);
};

associate();
```

## Method 4: Associate via Public Key

<Info>**Security Risk**: **Low** – Involves using the public key, which is less sensitive than the private key.</Info>

This method compresses the public key and sends it for association.

```ts theme={"dark"}
import secp256k1 from 'secp256k1';
import { createWalletClient, http } from 'viem';
import { privateKeyToAccount, generatePrivateKey } from 'viem/accounts';
import { seiTestnet } from 'viem/chains';
import { ADDRESS_PRECOMPILE_ABI, ADDRESS_PRECOMPILE_ADDRESS } from '@sei-js/precompiles';

const client = createWalletClient({ chain: seiTestnet, transport: http() });

const associateViaPubkey = async () => {
	const account = privateKeyToAccount('<replace_with_private_key>');
	const newPk = generatePrivateKey();
	const newAccount = privateKeyToAccount(newPk);

	const publicKeyBuffer = Buffer.from(newAccount.publicKey.slice(2), 'hex');
	const compressedPubKey = secp256k1.publicKeyConvert(publicKeyBuffer, true);

	const response = await client.writeContract({
		account,
		address: ADDRESS_PRECOMPILE_ADDRESS,
		abi: ADDRESS_PRECOMPILE_ABI,
		functionName: 'associatePubKey',
		args: [Buffer.from(compressedPubKey).toString('hex')],
		gasPrice: BigInt(100_000_000_000)
	});
	console.log(response);
};

associateViaPubkey();
```

## Query Linked Addresses

Resolve either side of an existing association by calling the `addr` precompile at `0x0000000000000000000000000000000000001004` over a standard `eth_call`. The precompile is universally available on every Sei RPC.

### Fetch Bech32 Address for an EVM Address

```bash theme={"dark"}
curl -X POST $SEIEVM -H "Content-Type: application/json" -d '{
  "jsonrpc": "2.0",
  "method": "eth_call",
  "params": [{
    "to": "0x0000000000000000000000000000000000001004",
    "data": "0x0c3c20ed000000000000000000000000<evmAddressWithout0x>"
  }, "latest"],
  "id": 1
}'
```

The selector `0x0c3c20ed` is `getSeiAddr(address)`. The returned ABI-encoded string is the bech32 `sei1…` address, or the call reverts if the EVM address is not yet associated.

In TypeScript with viem:

```ts theme={"dark"}
import { createPublicClient, http } from 'viem';
import { sei } from 'viem/chains';

const ADDR_PRECOMPILE = '0x0000000000000000000000000000000000001004';
const ADDR_ABI = [
  { name: 'getSeiAddr', type: 'function', stateMutability: 'view',
    inputs: [{ name: 'addr', type: 'address' }],
    outputs: [{ name: 'response', type: 'string' }] },
  { name: 'getEvmAddr', type: 'function', stateMutability: 'view',
    inputs: [{ name: 'addr', type: 'string' }],
    outputs: [{ name: 'response', type: 'address' }] },
] as const;

const client = createPublicClient({ chain: sei, transport: http() });

const seiAddr = await client.readContract({
  address: ADDR_PRECOMPILE,
  abi: ADDR_ABI,
  functionName: 'getSeiAddr',
  args: ['0x…'],
});
```

### Fetch EVM Address for a Sei Address

```ts theme={"dark"}
const evmAddr = await client.readContract({
  address: ADDR_PRECOMPILE,
  abi: ADDR_ABI,
  functionName: 'getEvmAddr',
  args: ['sei1…'],
});
```

The precompile reverts if the address has never been associated; surface this as "not linked" rather than re-throwing.

## Deriving Addresses from the Public Key

Both address formats come from the same secp256k1 public key, but they use
**different hashing schemes**: the bech32 (`sei1…`) side follows the standard
Cosmos derivation (`SHA256` then `RIPEMD160` of the **compressed** pubkey), and
the EVM (`0x…`) side follows the standard Ethereum derivation (`keccak256` of
the **uncompressed** pubkey without its `0x04` prefix byte).

### Sei Address Derivation

The Cosmos address is derived from the public key using the following steps:

1. Take the **compressed** secp256k1 public key (33 bytes; first byte `0x02` or `0x03`).
2. Hash it with `SHA256`.
3. Hash the result with `RIPEMD160` to get a 20-byte digest.
4. Encode that digest in **Bech32 format** with the `sei` prefix.

Example implementation:

```ts theme={"dark"}
import { bech32 } from 'bech32';
import { sha256 } from '@noble/hashes/sha256';
import { ripemd160 } from '@noble/hashes/ripemd160';

/**
 * @param compressedPublicKey 33-byte secp256k1 pubkey in compressed form
 */
export function deriveSeiAddress(compressedPublicKey: Uint8Array): string {
  const digest = ripemd160(sha256(compressedPublicKey));
  return bech32.encode('sei', bech32.toWords(digest));
}
```

### EVM Address Derivation

The EVM-compatible address is derived as follows:

1. Take the **uncompressed** secp256k1 public key (65 bytes; first byte `0x04`).
2. Drop the leading `0x04` prefix byte so the input to the hash is the bare 64-byte `(x, y)` coordinate pair.
3. Hash with `keccak256`.
4. Take the **last 20 bytes** of the hash and format as `0x…` hex.

Example implementation:

```ts theme={"dark"}
import { keccak_256 } from '@noble/hashes/sha3';

/**
 * @param uncompressedPublicKey 65-byte secp256k1 pubkey in uncompressed form (leading 0x04)
 */
export function deriveEVMAddress(uncompressedPublicKey: Uint8Array): string {
  const hash = keccak_256(uncompressedPublicKey.slice(1));
  return `0x${Buffer.from(hash.slice(-20)).toString('hex')}`;
}
```

### Summary

* **Sei Address**: `bech32('sei', RIPEMD160(SHA256(compressedPubKey)))` — 20 bytes, Cosmos-standard derivation.
* **EVM Address**: `'0x' + keccak256(uncompressedPubKey[1:])[-20:]` — last 20 bytes of the keccak256 hash, Ethereum-standard derivation.
* The two formats share an account because the chain stores the **public key** itself on association; either format can be derived from it deterministically.

### Why It Works

Both formats are deterministic, public-key-derived address schemes. Once the
public key is on-chain (via any of the four association methods above, or
implicitly via a first signed transaction), the chain can derive both formats
itself and route any incoming reference to the same account.

### Recap

* Accounts are automatically linked when a transaction is broadcast, or can be
  associated manually via the `addr` precompile (`associate` / `associatePubKey`).
* Both address formats share the same **public key**.
* Linking enables dApps and tools to access balances consistently across both
  address formats.

## HD Paths and Coin Types

When deriving a private key from a mnemonic phrase, the hierarchical
deterministic (HD) path involves multiple parameters, including the coin type.
The coin type determines the blockchain ecosystem for which the key is derived,
making it crucial when dealing with different wallets and blockchains.

### Coin Type Parameter

The second parameter in the HD path specifies the coin type, which is defined by
the BIP-44 standard. This parameter identifies the blockchain ecosystem
associated with the derived keys.

* **Ethereum (Coin Type 60)**: Wallets like MetaMask use coin type 60. The HD
  path for Ethereum typically looks like this: `m/44'/60'/0'/0/0`.
* **Cosmos (Coin Type 118)**: Wallets for Cosmos-based chains, such as OKX,
  use coin type 118. The HD path for Cosmos typically looks like this:
  `m/44'/118'/0'/0/0`.

### Implications

Due to the different coin types, a mnemonic phrase used to derive keys for
Ethereum (coin type 60) cannot be directly used in a Cosmos wallet (coin
type 118) to access the same accounts. This is because the HD path determines a
different set of keys for each coin type, meaning the derived addresses will
differ.

### Private Key Export

Users can export their private key from MetaMask (derived using coin type 60)
and import it into any Cosmos wallet. This works because the private key, once
derived, can be used across different blockchain ecosystems, provided the
receiving wallet supports the import function. This allows users to manage their
assets across various blockchains using the same underlying cryptographic key.

### Example HD Paths

* **Traditional Cosmos Path**: `m/44'/118'/0'/0/0`
* **Traditional EVM Path**: `m/44'/60'/0'/0/0`

## Generating Wallets

### Deriving bech32 and hex addresses from pubkey

Sei derives both the Cosmos/Tendermint style bech32 address and the
Ethereum-style hex address from the same public key, but each format uses its
own hashing scheme: the bech32 address uses the Cosmos-standard `SHA256` then
`RIPEMD160`, while the hex address uses the `keccak256` method common in EVM
networks. These extensively commented snippets demonstrate the 'proper' method
of deriving both bech32 and hex addresses from a given ECDSA SECP256k1 key:

<Accordion title="Python - from pubkey">
  ```python theme={"dark"}
  import base64
  import json
  from hashlib import sha256, new as hashlib_new
  from coincurve import PublicKey
  from bech32 import bech32_encode, convertbits
  from Crypto.Hash import keccak

  # Example input, replace with the actual pubkey JSON string
  pubkey_json = '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"Agmik4xkmF57hNjzykYHP3gRu1Mpae4B5BCiwx7jmRzI"}'

  # Extract the base64-encoded key from the JSON-like string
  pubkey_dict = json.loads(pubkey_json)
  pubkey_base64 = pubkey_dict['key']

  # Decode the base64-encoded public key
  public_key_compressed = base64.b64decode(pubkey_base64)

  # Ensure the public key length is 33 bytes (compressed key format)
  if len(public_key_compressed) != 33:
      raise ValueError(f"Invalid public key length, expected 33 bytes for compressed format, got {len(public_key_compressed)}")

  # Debugging: Print the public key details
  print(f"Compressed public key (hex): {public_key_compressed.hex()}")

  # SHA-256 on the compressed public key
  sha256_digest = sha256(public_key_compressed).digest()
  # Debugging: Print SHA-256 digest
  print(f"SHA-256 Digest: {sha256_digest.hex()}")

  # RIPEMD-160 on SHA-256 hash
  ripemd160 = hashlib_new('ripemd160')
  ripemd160.update(sha256_digest)
  ripemd160_digest = ripemd160.digest()
  # Debugging: Print RIPEMD-160 digest
  print(f"RIPEMD-160 Digest: {ripemd160_digest.hex()}")

  # Convert the digest to 5-bit groups for Bech32 encoding
  five_bit_ripemd160 = convertbits(ripemd160_digest, 8, 5, pad=True)
  bech32_address = bech32_encode("sei", five_bit_ripemd160)

  print(f"Bech32 Cosmos Address: {bech32_address}")

  # Decompress the public key to 65 bytes
  public_key = PublicKey(public_key_compressed).format(compressed=False)

  # Debugging: Print the public key details
  print(f"Decompressed public key length: {len(public_key)}")
  print(f"Decompressed public key (hex): {public_key.hex()}")

  # Derive Ethereum Address using Keccak-256
  keccak_hash = keccak.new(digest_bits=256)
  keccak_hash.update(public_key[1:])  # Exclude the first byte (0x04)
  digest_keccak = keccak_hash.digest()
  eth_address = digest_keccak[-20:]
  eth_address_hex = '0x' + eth_address.hex()

  print(f"Ethereum Address: {eth_address_hex}")
  ```
</Accordion>

<Accordion title="Typescript - from pubkey">
  ```typescript theme={"dark"}
  import { fromBase64 } from '@cosmjs/encoding';
  import { sha256 } from '@noble/hashes/sha256';
  import { ripemd160 } from '@noble/hashes/ripemd160';
  import { keccak_256 } from '@noble/hashes/sha3';
  import { secp256k1 } from '@noble/curves/secp256k1';
  import { bech32 } from 'bech32';

  // Utility function to convert bits for Bech32 encoding
  function convertBits(data: Uint8Array, fromBits: number, toBits: number, pad: boolean): number[] {
    let acc = 0;
    let bits = 0;
    const result: number[] = [];
    const maxv = (1 << toBits) - 1;

    for (const value of data) {
      acc = (acc << fromBits) | value;
      bits += fromBits;
      while (bits >= toBits) {
        bits -= toBits;
        result.push((acc >> bits) & maxv);
      }
    }

    if (pad) {
      if (bits > 0) {
        result.push((acc << (toBits - bits)) & maxv);
      }
    } else if (bits >= fromBits || (acc << (toBits - bits)) & maxv) {
      throw new Error('Unable to convert bits');
    }

    return result;
  }

  // Define the prefix for the Bech32 address (e.g., "sei" for Sei network)
  const chainPrefix = 'sei';

  // Public key JSON string (replace with actual data)
  const pubkeyJson = '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"AiN+aFvHgjblWPaP9Er5p005JjPX3nj4I/+jA6W4BOho"}';

  // Parse the JSON string to extract the public key in Base64 format
  const pubkeyDict = JSON.parse(pubkeyJson);
  const pubkeyBase64 = pubkeyDict.key;

  console.log('Original public key JSON:', pubkeyJson);
  console.log('Parsed public key object:', pubkeyDict);
  console.log('Base64-encoded public key:', pubkeyBase64);

  // Decode the Base64-encoded public key to its compressed form
  const publicKeyCompressed = fromBase64(pubkeyBase64);

  console.log('Compressed public key (bytes):', publicKeyCompressed);
  console.log('Compressed public key (hex):', Buffer.from(publicKeyCompressed).toString('hex'));

  // Perform SHA-256 hashing on the compressed public key
  const sha256Digest = sha256(publicKeyCompressed);
  console.log('SHA-256 hash of public key (hex):', Buffer.from(sha256Digest).toString('hex'));

  // Perform RIPEMD-160 hashing on the SHA-256 digest
  const ripemd160Digest = ripemd160(sha256Digest);
  console.log('RIPEMD-160 hash of SHA-256 hash (hex):', Buffer.from(ripemd160Digest).toString('hex'));

  // Convert the RIPEMD-160 digest to a 5-bit array for Bech32 encoding
  const fiveBitArray = convertBits(ripemd160Digest, 8, 5, true);

  // Encode the 5-bit array into a Bech32 address with the specified prefix
  const bech32Address = bech32.encode(chainPrefix, fiveBitArray);

  console.log(`Bech32 Cosmos Address: ${bech32Address}`);

  // Decompress the public key to its uncompressed form (65 bytes) and exclude the first byte
  const publicKeyUncompressed = secp256k1.ProjectivePoint.fromHex(publicKeyCompressed).toRawBytes(false).slice(1);

  // Perform Keccak-256 hashing on the uncompressed public key to derive the Ethereum address
  const keccakHash = keccak_256(publicKeyUncompressed);
  const ethAddress = '0x' + Buffer.from(keccakHash.slice(-20)).toString('hex');

  console.log('Uncompressed public key (hex):', Buffer.from(publicKeyUncompressed).toString('hex'));
  console.log('Keccak-256 hash of uncompressed public key (hex):', Buffer.from(keccakHash).toString('hex'));
  console.log(`Ethereum Address: ${ethAddress}`);
  ```
</Accordion>

<Accordion title="Typescript - Full Derivation from Private Key">
  ```typescript theme={"dark"}
  import { sha256 } from '@noble/hashes/sha256';
  import { ripemd160 } from '@noble/hashes/ripemd160';
  import { keccak_256 } from '@noble/hashes/sha3';
  import { secp256k1 } from '@noble/curves/secp256k1';
  import { bech32 } from 'bech32';

  // Utility function to convert bits for Bech32 encoding
  function convertBits(data: Uint8Array, fromBits: number, toBits: number, pad: boolean): number[] {
    let acc = 0;
    let bits = 0;
    const result: number[] = [];
    const maxv = (1 << toBits) - 1;

    for (const value of data) {
      acc = (acc << fromBits) | value;
      bits += fromBits;
      while (bits >= toBits) {
        bits -= toBits;
        result.push((acc >> bits) & maxv);
      }
    }

    if (pad) {
      if (bits > 0) {
        result.push((acc << (toBits - bits)) & maxv);
      }
    } else if (bits >= fromBits || (acc << (toBits - bits)) & maxv) {
      throw new Error('Unable to convert bits');
    }

    return result;
  }

  // Function to generate addresses from a private key
  function generateAddresses(privateKeyHex: string): {
    seiAddress: string;
    ethAddress: string;
  } {
    // Ensure the private key is exactly 32 bytes long
    const privateKey = Uint8Array.from(Buffer.from(privateKeyHex.padStart(64, '0'), 'hex'));
    if (privateKey.length !== 32) {
      throw new Error('Private key must be 32 bytes long.');
    }

    // Derive the compressed public key from the private key
    const publicKey = secp256k1.getPublicKey(privateKey, true);
    const publicKeyBytes = publicKey;

    // Perform SHA-256 hashing on the compressed public key
    const sha256Digest = sha256(publicKeyBytes);

    // Perform RIPEMD-160 hashing on the SHA-256 digest
    const ripemd160Digest = ripemd160(sha256Digest);

    // Convert the RIPEMD-160 digest to a 5-bit array for Bech32 encoding
    const fiveBitArray = convertBits(ripemd160Digest, 8, 5, true);

    // Bech32 address with "sei" prefix
    const seiAddress = bech32.encode('sei', fiveBitArray, 256);

    // Derive the uncompressed public key from the private key and exclude the first byte
    const publicKeyUncompressed = secp256k1.getPublicKey(privateKey, false).slice(1);

    // Perform Keccak-256 hashing on the uncompressed public key to derive the Ethereum address
    const keccakHash = keccak_256(publicKeyUncompressed);
    const ethAddress = `0x${Buffer.from(keccakHash).slice(-20).toString('hex')}`;

    return { seiAddress, ethAddress };
  }

  // Example usage of the generateAddresses function
  const privateKeyHex = '907ab4bf7fc60cff';
  const { seiAddress, ethAddress } = generateAddresses(privateKeyHex);

  console.log(`Sei Address: ${seiAddress}`);
  console.log(`Ethereum Address: ${ethAddress}`);
  ```
</Accordion>
