Hi Christopher — thanks for the clear write-up and sorry you’re hitting this friction. This sounds like a production-impacting OTP delivery problem, so I’ll keep this focused and actionable.
Summary of what you reported
- Symptom: OTP SMS often never arrive; >70% of users fail on first attempt and many still fail on subsequent attempts.
- Behavior: inconsistent, not deterministic; some users get codes only after several retries.
Quick possible causes (most common)
- SMS provider deliverability issues (carrier filtering, regional sender restrictions, carrier throttling, short-code vs long-code behavior).
- Incorrect phone number format (not E.164) or regional formatting issues.
- Rate limiting or abuse protection either in your account, Web3Auth, or the SMS gateway (429 errors, throttling).
- Template/sender ID issues (carrier blocks, required registration in some countries).
- Retry/backoff logic causing duplicate requests or hitting limits.
- Server-side/controller time drift or OTP TTL mismatch causing codes to be invalidated.
Immediate suggestions you can try now
- Confirm phone numbers are being sent in E.164 format (e.g. +15551234567).
- Check Web3Auth (or your SMS provider) delivery logs for per-message status and error codes — look for permanent blocks vs transient failures.
- If you’re on Web3Auth’s default SMS provider, try a more robust provider (Twilio, AWS SNS, MessageBird) for a subset of users to compare deliverability.
- Add server-side logging for every send attempt: timestamp, provider response, status code, and any message-id returned.
- Implement exponential backoff for retries and avoid immediate repeated sends that can trigger carrier protections.
- Consider a fallback (email OTP or social login) while you investigate.
What would help the support team investigate (please provide if available)
- Platform: Web / Mobile (iOS/Android)
- Which SDK/integration you’re using (Web3Auth passwordless/phone verifier, or other) and SDK version number
- Are you using Web3Auth’s default SMS provider or a custom SMS gateway? If custom, which provider?
- Examples of countries/carriers affected (are issues concentrated in specific regions?)
- Timestamps (UTC) and masked sample phone numbers for a few failed attempts
- Server and provider response logs for failed sends (or screenshots of provider dashboard showing failures)
- Code snippets for your OTP init/send/login flow (initialization & login snippets)
- Any browser console logs or mobile logs at the time of failures
Relevant docs & next steps
- Web3Auth docs (general): https://docs.web3auth.io/ — check the OTP / phone-passwordless sections and any provider configuration.
- If you find provider-level error codes in logs, share them here and we can interpret specifics (e.g., 429, 4xx carrier block, 5xx gateway error).
If you want, share the platform, SDK version, whether you use Web3Auth’s SMS provider or a custom SMS gateway, and one small code snippet (init/login). If you can attach a screenshot of provider logs or the browser console showing the failure, that’ll speed things up — I’ll correlate the likely root causes and propose the next remediation steps.
I’ll also flag this to the support team once you post the logs/snippet so they can take a closer look. Thanks — I know this is painful for onboarding; we’ll work through it together.
Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. MetaMask Developer Office Hours