diff --git a/4B.md b/4B.md
new file mode 100644
index 00000000..c7ee7e9f
--- /dev/null
+++ b/4B.md
@@ -0,0 +1,89 @@
+NIP-4B
+======
+
+nsec Transfer
+--------------------
+
+`draft` `optional`
+
+This NIP defines how to accomplish nsec transfer from client to client including browser extensions or signers.
+
+## Terminology
+
+- **Source client**: A client that holds the user's nsec.
+- **Destination client**: A client that doesn't have the user's nsec and wants it.
+- **Ephemeral pubkey**: A pubkey of a kay pair generated for one-time use only.
+
+## Flow
+
+### 1. The destination client creates a transfer request URL.
+
+1. The client generates an ephemeral pubkey.
+2. The client creates a transfer request URL, which includes the ephemeral pubkey and relay URLs.
+3. The client shows the user the URL. The client MAY show the user a QR code.
+4. The client subscribes to the relays and waits for the kind-1059 response, which includes the `["p", "<destination client's ephemeral pubkey>"]` tag.
+
+
+#### Transfer request URL
+
+```
+transfer://<destination client's ephemeral pubkey>?relay=<relay URL>&relay=<relay URL>
+```
+
+### 2. The source client responds with gift-wrapped ncryptsec.
+
+1. The user enters the transfer request URL.
+2. The client parses the URL.
+3. The client generates an ncryptsec ([NIP-49](./49.md)) from the user's nsec and a random 6-digit PIN.
+4. The client creates an ncryptsec rumor ([NIP-59](./59.md)) event.
+5. The client seals and gift-wraps the rumor event.
+6. The client publishes the gift-wrapped event to the destination's relays.
+7. The client shows the user the PIN.
+
+#### ncryptsec rumor event
+
+`kind: 24144`
+
+This event MUST NOT be signed.
+
+```jsonc
+{
+    "kind": 24144,
+    "pubkey": "<source client's ephemeral pubkey A>",
+    "content": "<ncryptsec>",
+    // ...
+}
+```
+
+#### Sealed event
+
+```jsonc
+{
+  "pubkey": "<source client's ephemeral pubkey A>",
+  "content": "<NIP-44 encrypted ncryptsec rumor event>",
+  "kind": 13,
+  "sig": "<source client's ephemeral pubkey A signature>"
+  // ...
+}
+```
+
+#### Gift-wrapped event
+
+`source client's ephemeral pubkey B` MUST NOT be the same as `A` described above.
+
+```jsonc
+{
+  "pubkey": "<source client's ephemeral pubkey B>",
+  "content": "<NIP-44 encrypted sealed event>",
+  "kind": 1059,
+  "tags": [["p", "<destination client's ephemeral pubkey>"]],
+  "sig": "<source client's ephemeral pubkey B signature>"
+  // ...
+}
+```
+
+### 3. The destination client fetches the response.
+
+1. The client fetches and validates the gift-wrapped event.
+2. The client prompts the user to enter the PIN.
+3. If the PIN is valid, the client retrieves the user's nsec from the ncryptsec.