Guide & Playbook

DarkDrop is a “dead drop” layer on Solana mainnet. When you create a drop, the app spins up a disposable keypair (“burner”), transfers the requested asset into it, and hands you the burner’s private key as a claim string. Anyone holding that string can reconstruct the keypair and sweep the funds, but there is no on-chain link between the sender and recipient beyond the initial deposit.

• SOL and cUSDC (Token-2022, mainnet) are supported.
• Password protection optionally encrypts the private key with AES (tweetnacl secretbox + PBKDF2).
• Claim strings use the format darkdrop:v1:{cluster}:{asset}:{mode}:….

1. Connect a wallet that is on Solana Mainnet Beta and funded with SOL (0.01 SOL buffer recommended). cUSDC (Token-2022) drops also require rent for the recipient ATA.
2. Pick the asset + amount and optionally enter a password. When you confirm, DarkDrop generates a new burner keypair entirely in-browser and pushes the funds into it via a System Program transfer (and ATA instructions for USDC).
3. You receive (a) a claim string, (b) a QR code representation, and (c) the Solscan link for the deposit transaction. Share only the claim string/QR; never send the keypair anywhere else.

Raw drops use base58-encoded secret keys. Password-protected drops append an AES payload with a password hint (first 8 bytes of the PBKDF2 hash) so the recipient can verify they have the right passphrase before decrypting.

• darkdrop:v1:mainnet:sol:raw:XyZ… – raw SOL drop.
• darkdrop:v1:mainnet:usdc:aes:2f8a9c11:BASE64 – password-protected cUSDC (Token-2022) drop.
• Older “legacy” claim strings that are just base58 private keys are still supported during import.

1. Paste or scan the claim string. If the drop was encrypted, enter the password and the app will confirm the hint before decrypting.
2. DarkDrop rebuilds the burner keypair locally and temporarily registers it with Wallet Adapter as “Burner Import.” The burner never leaves the browser.
3. When you hit Sweep, the app signs a transfer from the burner to your connected wallet and destroys the burner reference. Local history is the only record.

• Everything happens client-side; no claim strings or private keys ever touch a server.
• Use strong passwords for AES drops and communicate them out-of-band. The password hint is only a hash fragment so the sender/recipient can confirm they’re in sync.
• Treat claim strings like bearer instruments. Anyone with the string can sweep the funds, so avoid copying them into shared channels.
• cUSDC (Token-2022) drops require ~0.002 SOL extra to pay ATA rent for the burner.

The underlying helpers live in src/lib/drop.ts (claim formatting / parsing) and src/lib/encryption.ts (tweetnacl secretbox + PBKDF2 using @noble/hashes). Burner wallets are mounted via a lightweight adapter so Wallet Adapter treats them like any other signer.

The history, settings, and burner stores are implemented with Zustand and persist only to the user’s browser. Clearing site data obliterates your local activity log.