Watch-only wallet

Watch-only wallet is any TON address added to a wallet app without its private key. The app shows balances, history, NFTs, and jettons; the “send” button is absent because there is nothing to sign with.

Why use it

A few practical cases:

• Monitoring cold storage. The main seed lives on a metal plate in a safe, and the address is added to Tonkeeper as watch-only — the user can check the balance from the phone without touching the safe.
• Tracking other wallets. Add a foundation wallet, a whale, or an exchange hot wallet and follow flows in real time.
• Accounting / tax. A bookkeeper or auditor can see the complete history without ever holding the key.
• Multi-device. Sign with a Ledger at home, but watch the balance from work by adding the address as watch-only in a second Tonkeeper.

Adding to TON

In Tonkeeper: ”+” → “Watch wallet” → paste the address. MyTonWallet has the same flow. The address can be in any TON format — raw (0:abc…), bounceable (EQ…), non-bounceable (UQ…), or a .ton domain.

What is visible

Visible:

• Current balance in TON and every jetton on that address.
• Full transaction history (anyone can see this on Tonscan or Tonviewer — the chain is public).
• NFTs across collections.
• Staking positions and Liquid Staking Tokens.

Not visible:

• Active TON Connect sessions — these live in the real wallet, watch-only has no concept of them.
• Sibling addresses unless explicitly added.

Security

Watch-only is safe by construction: even if the app is compromised, there is no key to steal. The mild risk is targeted phishing — an attacker who sees a high balance can pick a victim. Importing publicly known addresses (an exchange hot wallet) is fine; importing addresses that can deanonymise the user is better kept local.