If this is happening right now, slow down here first
Scam attempts rely on speed, confusion, and isolation. A page, ticket, or warning can be stale, spoofed, or copied, so pause and verify from a fresh path before acting.
Someone contacted you first
A support account, admin, trader, recruiter, or recovery helper contacted you first, moved you into DMs, and wants private action.
Referral Code
TRADEOFF20
Check TRADEOFF20 fee terms before your first trade
Do not do this
Do not share balances, screenshots, seed phrases, 2FA codes, or remote access, and do not click a link they sent.
Verification step
Open the official help center from a typed URL or bookmark, compare the handle and domain, and check whether the issue is visible there before replying.
A wallet pop-up feels broader than expected
The request mentions approvals, blind signing, permit signatures, setApprovalForAll, token spending limits, or a chain or contract you did not expect.
Do not do this
Do not sign, reconnect, switch networks, or retry from the same tab just to see whether it works.
Verification step
Close the site, reopen it from a trusted bookmark or current docs, confirm the domain and contract address, and compare token, amount, and spender before reconnecting.
You got an urgent account warning
An email, SMS, search ad, or copycat domain says your exchange account has unusual activity, frozen withdrawals, or required verification.
Do not do this
Do not log in through that message, call a phone number shown inside it, or paste a 2FA code into a form reached from the warning.
Verification step
Open the exchange app or type the known domain yourself, then check security notices, sessions, withdrawals, and support tickets from inside the dashboard.
You are being told to pay first
Someone says you must send funds to release a balance, verify a wallet, unlock yield, pay tax or insurance, complete a withdrawal, or start recovery.
Do not do this
Do not treat a small test deposit, gas top-up, tax payment, or verification fee as safe because the other person sounds official.
Verification step
Pause and identify who controls the destination address. If it is not your wallet or an official platform flow you opened yourself, stop and verify elsewhere.
Referral Code
TRADEOFF20Check TRADEOFF20 fee terms before your first trade
60-second verification checks
Before you connect a wallet, send funds, or scan a QR code, check source, domain, permission scope, contact origin, and money flow. A single mismatch is enough to stop and use the linked phishing or approval checks below.
Domain and source control
Continue only when:
You typed the exact URL, used a saved bookmark, or followed the current link from official docs, then checked spelling, subdomain, and certificate context.
Pause and verify if:
You arrived from a DM, ad, search result, reply thread, copycat domain, old bookmark, stale screenshot, or "support" message.
Permission scope
Continue only when:
The wallet request matches the chain, contract, spender, token, amount, and action you intended, without unrelated or unlimited approval scope.
Pause and verify if:
It asks for a seed phrase, private key, remote access, blind signing, permit signature, unlimited approval, or a spender that does not match official docs.
Who started the contact
Continue only when:
You initiated the conversation through the platform's official help center, app, or public support channel, and any ticket is visible in your account.
Pause and verify if:
Someone contacted you first, impersonated support, asked for screenshots or codes, and tried to move you into Telegram, WhatsApp, or a private call.
Money-flow logic
Continue only when:
You can explain where funds go, what changes on-chain, what you receive, why the transaction is necessary, and who controls the destination.
Pause and verify if:
You are asked to send money first to "unlock," "verify," "recover," "double," pay tax, buy insurance, or receive guaranteed yield.
How to Detect and Avoid Crypto Phishing Scams 2026
Check the domain, sender, support path, and lookalike spelling before you log in or approve anything.
Check impersonationHow to Revoke Smart Contract Allowances (Stay Safe) 2026
Review and revoke broad grants from a clean session; drainers can use old approvals without another prompt.
Review drainer riskHow common crypto scam patterns work
Most scams are easier to spot when you separate the story from the requested action. Check who contacted you, what permission or payment is requested, and which step would be hard to reverse.
Impersonation, copycat domains, or fake support
How it starts
Email, ad, search result, reply thread, QR code, or DM that uses a lookalike domain, verified-looking handle, or urgent account warning.
What it asks you to do
Log in through a copied site, reveal 2FA codes, share a seed phrase, install remote support, scan a QR code, or approve a wallet action.
Highest-risk step
When credentials, 2FA codes, a seed phrase, remote access, or a broad wallet approval are entered outside a domain and support path you verified yourself.
Immediate verification step
Close the page, open the real domain from a bookmark or current docs, compare the support handle and URL, and reset credentials from a clean device if anything was entered.
Recovery reality: Exchange access may be containable if sessions and withdrawals are locked quickly; exposed self-custody keys usually require moving funds to a fresh wallet.
Wallet drainer or approval risk
How it starts
Airdrop, NFT mint, claim page, token migration, yield page, or Discord link that may be cloned, stale, or pointing at an old contract.
What it asks you to do
Unlimited token approval, setApprovalForAll, Permit2 or permit signature, blind signature, or contract interaction you cannot explain in one sentence.
Highest-risk step
When a broad approval or signature is active; closing the tab or disconnecting the wallet does not remove that on-chain permission.
Immediate verification step
From a clean session, revoke the exact spender approvals on each relevant chain, verify the domain and contract against official docs, and move unaffected assets if needed.
Recovery reality: Fast revocation can limit remaining exposure; once funds move, recovery usually depends on the receiving platform, chain evidence, and reporting process.
Recovery scam, fake support, or promised yield
How it starts
DMs, comments, search ads, or "account manager" calls after you mention a prior incident, stuck withdrawal, or interest in yield.
What it asks you to do
Upfront payment, tax, insurance, activation fee, verification deposit, gas top-up, wallet connection, or remote session to release a balance or begin recovery.
Highest-risk step
The first transfer, seed entry, remote-access session, or wallet approval. Additional payment requests often follow once you respond.
Immediate verification step
Stop the conversation, preserve evidence, and contact the exchange, wallet provider, reporting channel, or local authority from a URL you typed yourself.
Recovery reality: No one can guarantee blockchain recovery. Legitimate support may ask for transaction hashes, but not your seed phrase, private key, upfront crypto, or repeated fees.
Fake app or device compromise
How it starts
A side-loaded APK, cloned mobile app, browser extension, fake wallet update, clipboard tool, or remote-support request.
What it asks you to do
Login credentials, screen sharing, clipboard access, extension permissions, or recovery phrase entry outside the official app or store path.
Highest-risk step
When an unverified device, app, extension, or support session can read credentials, clipboard content, wallet prompts, or recovery phrases.
Immediate verification step
Move to a clean device first, rotate credentials, end sessions, review extensions, and treat the original device as untrusted until rebuilt or reviewed.
Recovery reality: Depends on whether keys or seeds were exposed. Device-only credential theft is easier to contain than wallet seed exposure.
Build a verification workflow
Use a repeatable routine instead of relying on one warning sign. Each layer below reduces a different failure mode: bad links, broad approvals, compromised devices, and pressure from fake support.
Own the path you use to reach a protocol
Use bookmarks and current official docs, verify the domain character by character, and be wary of sponsored results, stale bookmarks, and screenshots that may point to old or copied pages.
Separate cold storage from testing wallets
A wallet used for experiments, mints, and new dApps should hold only funds you are prepared to risk; review approvals regularly and test larger sends with a small transaction to a destination you control.
Treat your phone and browser like part of your custody setup
Extensions, copied clipboard addresses, fake mobile apps, and remote-support tools are common failure points. Update only through official stores and review device permissions after any suspicious interaction.
Slow down any request that mixes urgency with secrecy
Legitimate support should tolerate a pause, public verification, and a ticket visible in your account. Secrecy, guaranteed yield, recovery pressure, or upfront fees are reasons to stop.
What to do if you already interacted
You shared a seed phrase or private key
Priority: highestTreat the wallet as exposed, even if funds have not moved yet; real support should never need your seed phrase or private key.
First move
Create a fresh wallet from a clean device or hardware wallet and move any remaining assets that you still control.
Next move
Do not keep using the old address for one more transfer, future deposits, address books, or allowlists. Retire it from future use.
You connected a wallet and approved something suspicious
Priority: immediateA drainer may be able to spend approved tokens even after you disconnect or close the site, but you may still reduce remaining approval exposure.
First move
From a clean session, revoke the exact spender approvals on each relevant chain, then move unaffected assets if the wallet holds important funds.
Next move
Audit recent approvals and signatures, save transaction hashes, domains, and spender contracts, and report the malicious site or account before using another dApp.
You entered exchange credentials or 2FA codes
Priority: within minutesUnauthorized access may still be limited if withdrawals and sessions are restricted quickly.
First move
Reset email and exchange passwords, rotate 2FA, end active sessions, remove unknown devices, and freeze withdrawals if the platform allows it.
Next move
Check API keys, withdrawal allowlists, address books, account recovery settings, and official support tickets before treating the account as clean.
You installed a fake app or allowed remote access
Priority: highAnything typed, pasted, or shown on screen may be exposed.
First move
Move to a clean device, then rotate sensitive accounts before logging back into exchanges, wallets, email, or password managers.
Next move
Treat clipboard addresses, saved passwords, browser sessions, extensions, and mobile apps as exposed until you verify, remove, or rebuild them.
Containment order of operations
Response is mostly containment. First separate clean devices and accounts from exposed ones, then restrict exchange access, review custody, preserve evidence, and use the linked exchange, custody, and seed-backup guides for the next checks.
Move assets that were not exposed
Move unaffected funds to a fresh wallet or account from a clean device. Use a small test transaction for a new destination you control, never to satisfy a stranger's recovery fee, tax, or gas request.
Remove remaining unauthorized access
Change exchange passwords, rotate email credentials, reset 2FA, disconnect sessions, remove unknown API keys and devices, freeze withdrawals where possible, and review token approvals on exposed wallets.
Preserve evidence before chats disappear
Save wallet addresses, transaction hashes, URLs, copycat domains, support handles, phone numbers, app package names, spender contracts, screenshots, timestamps, and the exact sequence of events.
Report the right counterparties promptly
Notify the exchange, wallet provider, social platform, domain registrar or host, chain analytics or reporting channel, and local authorities while transaction details are fresh.
Fix the root cause before doing anything else
Work out whether the failure was a stale link, sponsored result, copycat domain, fake support, seed phrase request, malicious approval, or device compromise so you do not repeat it during recovery.
Is It Safe to Keep Your Crypto on an Exchange? 2026
Check official access, withdrawal controls, support paths, and account settings before choosing where to trade or hold funds.
Check exchange accessSelf-Custody Wallet Guide: When to Move Crypto Off-Exchange in 2026
Separate spending and storage wallets before moving important funds.
Set custody boundarySeed Phrase Storage Guide: Backups, Recovery Drills, and Failure Modes
Write, store, and verify the backup before moving important funds.
Back up seed phraseReferral Code
TRADEOFF20Check TRADEOFF20 fee terms before your first trade
Referral Code
TRADEOFF20
Check TRADEOFF20 fee terms before your first trade
Choices that can make recovery harder
Paying someone who claims to offer guaranteed recovery, chargeback help, tax clearance, insurance release, gas refill, or unlock fees.
Continuing to use the same exposed wallet, email, device, or bookmarked site because nothing moved yet or the warning no longer appears.
Reporting too late because you are embarrassed, negotiating in private, or waiting for a fake support agent to provide the next step.
Mixing clean and compromised devices while you reset accounts, revoke approvals, move funds, or open official support tickets.