Skip to main content

How to Protect Yourself from Scams

Scams are an unfortunate reality of the crypto industry. It's important to stay alert and protect yourself and your non-refundable crypto assets from scammers. If you ever feel you are being scammed, please get in contact with Polkadot Support.

DISCLAIMER: Key Securityโ€‹

The only ways to access your account are via your secret seed or your account's JSON file in combination with a password. Keep them offline in a secure and private location. If you share these with anyone, they can access your account, including your funds. This information is always a target for hackers and malicious actors. Check out the wiki doc on how to recognize scams.

info

Visit this support article for more information about key security.

Essential Rulesโ€‹

  1. Never, ever, ever share your seed phrase or account password.

  2. Do not trust anyone online. It is trivial for them to lie and change their identities.

  3. If you are scammed, there is likely nothing that can be done to recover your funds. If a scammer gets a hold of your seed phrase, they can transfer all of your funds to their account in seconds. It is better to be safe than to risk all of your tokens.

  4. If it sounds too good to be true, it probably is. People, especially celebrities, do not give away crypto for free. Even if they wanted to, they could just ask for your address as opposed to having you send them tokens.

  5. Scams are absolutely rife in this space. It is easy and cheap to set a scam up, and hard to shut one down. Therefore, the onus is on the user to be as diligent as possible in avoiding them.

  6. If you can, try to always verify new information that you see with an official source, such as Polkadot network's official blog or Polkadot's Official Support. Often scammers will fake a website or a blog post, but if you check it against a secondary source you will reduce the chances of being scammed.

    caution

    With crowdloans active on the network, it is very important to know how to safely participate. Fake crowdloan campaigns may present an attractive target for scammers. If you are participating in a network-native crowdloan, never send your tokens to an address. Native crowdloan contributions are made with a special transaction using a campaign index, where the contributed assets remain locked until the end of the lease period. Legitimate teams will not ask you to send your assets to an address to participate in a network-native crowdloan.

Some Common Types of Scamsโ€‹

  • Private messages sent to you over Telegram, Twitter, and other social media - admins or employees will never contact you.
  • "Giveaways" advertising that you "send us some DOT/KSM, we'll send you double back".
  • Sites where you need to enter your seed phrase in order to "sync" your account, claim tokens, unblock transactions etc.
  • Emails asking for DOT/KSM private keys/seeds/etc., posing as a member of any of our teams.
  • Scammers will take official videos, add "giveaway" text around it so that it looks like the giveaway is supported by Polkadot, Kusama, Web3 Foundation, Parity, or another well-known entity.
  • Many scammers will create nearly perfect imitations of sites - always triple-check the URL.
  • People offering to help you stake or get rewards.
  • People responding to questions that you asked publicly in a private chat.
  • Advertisements pointing to imitations of sites asking you to enter your seed words.

These are just some of the types of scams. Scammers are inventing new ones all the time. In general, do not trust anyone messaging you that you did not message yourself, and be wary of anyone attempting to help you or offer you a "deal".

Scammers will often imitate usernames, profile pictures, etc. of well-known members of the community. Often the differences in these accounts will be very minor, such as joe_sm1th or jo_smith instead of joe_smith.

Scammers will often make it seem like the "deal" is only available for a limited time. Do not be tricked by this, it is always better to confirm than to risk losing everything.

Admins will never contact you directlyโ€‹

If you've received a message from an admin over Telegram, ignore it. Our team members will never personally message you. Our social media accounts are posted on our website and any new social media accounts will be announced by our team. We will never offer to sell you DOT at a discount, air-drop "rewards", or message you privately to help with a problem you posted publicly. Our social media can be found below:

Keep your data secureโ€‹

You should never share your seed phrase, password, private keys, or any other personal data with anyone. If you are concerned a wallet could be fake, please check out our list of well-known wallets.

Some simple things that you can do to keep your assets and information secure from hackers:

  • Keep your seed phrase only on paper, in a secret and secure location.
  • DO NOT keep your seed phrase on any electronic medium, like the cloud, on your computer, on a USB drive, etc.
  • Never enter your seed or mnemonic phrase directly into a website.
  • Your seed phrase is meant as a backup in case you lose access to your wallet. Use it only for that purpose and only in wallets you've used before and trust.
  • Your passwords should be strong and unique. It is recommended that you use a password manager app to create and store your passwords.
  • Keep your computer free of malware. Although an antivirus can be of great help, it's not a panacea. Safe browsing and downloading is the only way to be sure your computer is clean.
  • Avoid installing browser extensions from sources you don't trust explicitly.
  • Store your assets in cold storage, like a hardware wallet or Parity Signer.

Always check the sourceโ€‹

For any potential scam, always be sure to do a background check on the source, i.e, look at any username, email, YouTube channel name, URL, etc. If something seems fishy, that's because it likely is. Never enter any personal data if you feel the source could be a scam. Feel free to check with Polkadot's official support..

Check twice before sending DOT/KSMโ€‹

A good practice to take into consideration is to verify the address you are sending crypto to. If you don't know that account, you probably shouldn't be sending your assets there. It's your responsibility to make sure that you understand where you are sending your funds. Crypto is a decentralized space and your only recourse if a mistake is made is by appealing to the council (who usually will not get involved in matters of mistaken transfers - see below).

Install the Polkadot{.js} extensionโ€‹

The extension uses crowd-sourced anti-phishing measures to automatically prevent your browser from displaying known phishing or scam sites. They will be blocked upon loading, helping to prevent you from visiting these sites and thus falling for them.

Our official sitesโ€‹

You can use the following list of our official domains to make sure that you're visiting an official site:

Of course, many projects building on Polkadot and Kusama that use similar names. If, however, a site poses as Polkadot, Kusama, Web3 Foundation, or Parity on a domain not listed above, then it's most likely a scam.

Besides those, there are also polkadot.js.org and dotapps.io that host our web wallet and other tools.

I Got Scammed - What Can I Do?โ€‹

In the unfortunate case of having fallen for a scam, there is likely nothing that can be done to recover your funds. However, there is still help and support that you can receive. The Polkadot Support team stands ready to help you in this difficult situation. Please check this Support article for steps you should take to prevent further loss and contact Polkadot Support from the same page. Finally, make sure to read the present article carefully to learn how to avoid falling victim in the future.