How to Protect Yourself from Scams
Last updated
Last updated
Scams have unfortunately made an impact on our community. It's important to stay alert and protect yourself and your non-refundable crypto assets from scammers. If you ever feel you are being scammed, please get in contact via the .
Never, ever, ever share your seed phrase or account password.
Do not trust anyone online. It is trivial for them to lie and change their identities.
, there is likely nothing that can be done to recover your funds. If a scammer gets a hold of your seed phrase, they can transfer all of your funds to their account in seconds. It is better to be safe than to risk all of your tokens.
If it sounds too good to be true, it probably is. People, especially celebrities, do not give away crypto for free. Even if they wanted to, they could just ask for your address as opposed to having you send them tokens.
Scams are absolutely rife in this space. It is easy and cheap to set a scam up, and hard to shut one down. Therefore, the onus is on the user to be as diligent as possible in avoiding them.
If you can, try to always verify new information that you see with an official source, such as or . Often scammers will fake a website or a blog post, but if you check it against a secondary source you will reduce the chances of being scammed.
CAUTION
With crowdloans active on the network, it is very important to know how to safely participate. Fake crowdloan campaigns may present an attractive target for scammers. If you are participating in a network-native crowdloan, never send your tokens to an address. Native crowdloan contributions are made with a special transaction using a campaign index, where the contributed assets remain locked until the end of the lease period. Legitimate teams will not ask you to send your assets to an address to participate in a network-native crowdloan.
Private messages sent to you over Telegram, Twitter, and other social media - admins or employees will never contact you.
"Giveaways" advertising that you "send us some DOT/KSM, we'll send you double back".
Sites where you need to enter your seed phrase in order to "sync" your account, claim tokens, unblock transactions etc.
Emails asking for DOT/KSM private keys/seeds/etc., posing as a member of any of our teams.
Scammers will take official videos, add "giveaway" text around it so that it looks like the giveaway is supported by Polkadot, Web3 Foundation, Parity, or another well-known entity.
Many scammers will create nearly perfect imitations of sites - always triple-check the URL.
People offering to help you stake or get rewards.
People responding to questions that you asked publicly in a private chat.
Advertisements pointing to imitations of sites asking you to enter your seed words.
These are just some of the types of scams. Scammers are inventing new ones all the time. In general, do not trust anyone messaging you that you did not message yourself, and be wary of anyone attempting to help you or offer you a "deal".
Scammers will often imitate usernames, profile pictures, etc. of well-known members of the community. Often the differences in these accounts will be very minor, such as joe_sm1th or jo_smith instead of joe_smith.
Scammers will often make it seem like the "deal" is only available for a limited time. Do not be tricked by this, it is always better to confirm than to risk losing everything.
If you've received a message from an admin over Telegram, ignore it. Our team members will never personally message you. Our social media accounts are posted on our website and any new social media accounts will be announced by our team. We will never offer to sell you DOT at a discount, air-drop "rewards", or message you privately to help with a problem you posted publicly. Our social media can be found below:
Some simple things that you can do to keep your assets and information secure from hackers:
Keep your seed phrase only on paper, in a secret and secure location.
DO NOT keep your seed phrase on any electronic medium, like the cloud, on your computer, on a USB drive, etc.
Never enter your seed or mnemonic phrase directly into a website.
Your seed phrase is meant as a backup in case you lose access to your wallet. Use it only for that purpose and only in wallets you've used before and trust.
Keep your computer free of malware. Although an antivirus can be of great help, it's not a panacea. Safe browsing and downloading is the only way to be sure your computer is clean.
Avoid installing browser extensions from sources you don't trust explicitly.
A good practice to take into consideration is to verify the address you are sending crypto to. If you don't know that account, you probably shouldn't be sending your assets there. It's your responsibility to make sure that you understand where you are sending your funds. Crypto is a decentralized space and your only recourse if a mistake is made is by appealing to the council (who usually will not get involved in matters of mistaken transfers - see below).
You can use the following list of our official domains to make sure that you're visiting an official site:
Of course, many projects building on Polkadot and Kusama that use similar names. If, however, a site poses as Polkadot, Kusama, Web3 Foundation, or Parity on a domain not listed above, then it's most likely a scam.
Besides those, there are also polkadot.js.org and dotapps.io that host our web wallet and other tools.
In the unfortunate case of having fallen for a scam, there is likely nothing anyone can do to help you restore your funds. Polkadot and Kusama are decentralized platforms and while we do have governance functionality that could technically allow for funds freezing or refunds, it is impossible to prove that you are the original owner, or that you did not sell the tokens and are trying to reclaim them. Additionally, even with addresses that are obviously in possession of a scammer, governance is a slow-moving process; even under ideal conditions, it would take over 56 days to come into effect. The thief could easily monitor the network for governance proposals that would affect their ill-gotten gains and move them to a new address before the proposal is enacted.
You could put together a full account of the transactions and chat messages accompanied by screenshots and explanations, but there are no guarantee stakeholders on the network will help you restore the funds as it would set a dangerous precedent. In fact, there have been several attempts on Polkadot in the past and none have been passed. It is safer for the network and for future users to consider the money lost. Still, your detailed account of the situation might help prevent others from falling for the same thing so we recommend retracing your steps and talking publicly about them, if it's not too private.
also lists more social media accounts that Web3 Foundation, Polkadot, and Kusama have.
You should never share your seed phrase, password, private keys, or any other personal data with anyone. If you are concerned a wallet could be fake, please check out our official list of supported .
Your passwords should be strong and unique. It is recommended that you use a to create and store your passwords.
Store your assets in cold storage, like a hardware wallet or .
For any potential scam, always be sure to do a background check on the source, i.e, look at any username, email, YouTube channel name, URL, etc. If something seems fishy, that's because it likely is. Never enter any personal data if you feel the source could be a scam. Feel free to check with ..
The extension uses crowd-sourced to automatically prevent your browser from displaying known phishing or scam sites. They will be blocked upon loading, helping to prevent you from visiting these sites and thus falling for them.