Crypto Safety Resource Hub

The #1 crypto scam. Someone — fake support, a "friend", or a website — asks for your 12 or 24-word seed phrase. This is ALWAYS a scam. Your seed phrase gives full control of your wallet to whoever has it. Never type it anywhere except your actual wallet app when restoring a wallet you own.

You see a message, tweet, or video saying "Send 1 SOL and get 2 SOL back." This is always a scam. No one sends free money. Celebrities and influencers shown in these videos have been impersonated without consent. The funds will disappear instantly.

Random tokens appear in your wallet. When you try to sell or find out their value, the site asks you to 'verify' or 'approve' something. That action drains your entire wallet. The tokens themselves are bait — do not interact with them.

Fake NFT mints, fake DeFi apps, or fake giveaway sites ask you to connect your wallet and 'approve a transaction.' The transaction secretly grants permission to drain all your assets. These sites often look pixel-perfect — identical to real projects.

Fake customer support accounts on Discord, Twitter, and Telegram pretend to be from Phantom, Solflare, Coinbase, or popular projects. They reach out first (a red flag itself) and ask for your seed phrase to 'fix' a problem. Real support never contacts you first and never needs your seed phrase.

A project launches with hype and community buzz, collects investment from buyers, then the developers abandon it and take all the funds. Signs: anonymous teams, no audited code, artificial urgency to buy before a deadline, locked roadmap with impossible promises.

"Act now or you'll lose your funds!" "This offer expires in 10 minutes!" Scammers use urgency to stop you from thinking clearly. Legitimate services never pressure you into instant decisions. When you feel rushed, slow down — that feeling is a warning sign.

Someone DMs you out of nowhere with an opportunity, a warning about your wallet, or an exclusive offer. Legitimate platforms do not cold-contact users. Any unsolicited crypto message is suspicious by default — especially if it involves your wallet.

Guaranteed 200% returns, risk-free investment, celebrity-backed coins, secret strategies. If it sounds too good to be true, it is. In crypto especially: there are no guarantees. Anyone promising them is lying.

Scammers make you feel special to bypass your natural skepticism. Phrases like 'you were selected,' 'exclusive whitelist,' or 'limited to early supporters' are designed to trigger FOMO. Real opportunities don't need to single you out.

A site asks you to sign a transaction you don't understand. Your wallet shows a complex approval — maybe for a large token amount or unfamiliar program. Always reject anything you don't fully understand. If you're unsure, copy the details and ask the Sheriff before signing.

Someone tells you your current wallet is compromised or at risk, and you need to move your funds to a new wallet they provide or help you set up. This is a setup. They create the 'new' wallet and already have the seed phrase — the moment you transfer, they drain it.

Write it on paper, store it somewhere physically safe (not a photo, not a cloud document, not a note app). Never type it online, in any app, or give it to anyone. Not Phantom support, not a friend helping you, not this website. Ever.

A hardware wallet (Ledger, Trezor) stores your private key offline — completely isolated from the internet. Even if your computer is fully compromised by malware, your hardware wallet keeps your funds safe because the key never leaves the device.

In Phantom: Settings → Connected Apps → Disconnect sites you don't use. In Solflare: similar process under Settings. Limiting your connected apps reduces your attack surface — a disconnected wallet can't be targeted by a compromised site.

Scammers register domains like 'phant0m.app', 'sol-flare.io', or 'raydium-swap.com'. Always check the exact URL character by character. Bookmark the real sites you use regularly. If you followed a link from anywhere, double-check before connecting.

Create a second wallet with a different seed phrase specifically for interacting with new NFT mints, DeFi protocols, or unknown projects. Fund it with only what you're willing to lose. Keep the majority of your assets in a separate 'cold' wallet you rarely connect anywhere.

A crypto wallet doesn't actually store your tokens — they live on the blockchain. Your wallet stores a private key, which is a cryptographic proof that you own certain funds. Think of it like a password that controls an account. Losing access (or sharing it) means losing your funds permanently.

A seed phrase (12 or 24 words) is a human-readable version of your private key. It can regenerate your entire wallet on any device. Anyone who has it has full access to all your funds from anywhere in the world. Write it on paper, keep it physically secure, and never enter it digitally.

Every transaction on Solana costs a tiny fee (usually less than $0.01) paid in SOL to compensate network validators. This is completely normal. However, if a website asks you to pay a large 'activation fee,' 'gas deposit,' or 'unlock fee' — that is a scam. Real transactions never require pre-payment to a third party.

Connecting your wallet to a website lets it see your public address and request transaction approvals from you. It does NOT automatically give the site access to your funds. However, it can present you with transaction requests — which is where the risk lies. Always read what you're approving and reject anything unfamiliar.

1. Immediately create a brand-new wallet with a new seed phrase. 2. Move any remaining funds to the new wallet. 3. Do not use the old wallet again — assume it's permanently compromised. 4. Report the scam on the relevant platform (Discord, Twitter) and to authorities if the amount is significant. Unfortunately, blockchain transactions are irreversible — funds sent to scammers cannot be recovered.