What scams should I watch out for?

How to spot different types of phishing scams, ways to prevent malicious actors and hackers from getting access to your wallet, and some common signs of scams.

One of the biggest threats in crypto is getting tricked into giving your private keys or 12-word secret recovery phrase to a scammer.

In this article:

Lee este artículo en Español | Read this article in Spanish

What is a phishing scam?

A phishing scam is a fraudulent method of impersonating famous people or pretending to be from reputable companies in order to convince people to reveal personal information. In a sense, the thieves are “fishing” for your information hoping you will bite.

They typically send fake emails, create fake websites, and make sham social posts to get your 12-word secret recovery phrases, private keys, or other personal information in order to steal your money.

Phishing scams are ubiquitous and not unique to crypto. However, scammers are very active in this space. If you hold your funds in a non-custodial wallet such as Exodus, you control your assets. If they can convince you to reveal your private keys or 12-word phrase, they will have full access to your funds.

Once someone has stolen crypto from your wallet, it’s not possible for anyone to retrieve it - immutability, or the inability to cancel or reverse transactions, is one of the core features of blockchain technology.

So what can we do? Prevention here is key. With the power of controlling your own bank, comes the added responsibility of protecting your bank. Let’s dig deeper into how to recognize the common tactics that scammers use, and how to protect yourself against them.

How can I identify a scam?

Watch out for spoofs of legitimate websites

Spoofing is when a malicious website is disguised as a known, trusted platform. Spoofed websites might look nearly identical to an official website, but if you look closely, you will spot minor differences. For instance, scammers will use a domain address that looks very closely related to the real site. They might just change one letter of the company name or use different domain extensions such as .biz .info, etc.

Spoofed websites are successful as many scammers purchase advertising space on search engines. This allows their advertising links to appear higher in the search results which then causes people to think it’s legitimate. As such, try to avoid clicking on ad links when searching for a website. While some ads will bring you to the correct websites, it’s a good security practice to click only on the search engine results and check that the address begins with https://, and the URL is spelled correctly, so you know your link is secure.

Want to be sure you are on the correct Exodus website? We have an article in our Knowledge Base that summarizes all the official domains of Exodus:

Aside from search engines, be very careful on social media as well! Scammers will set up accounts on popular social media applications such as Twitter, Reddit, Facebook, TikTok, Telegram, Instagram, Discord, and other social media platforms, and wait for vulnerable users to prey on.

Scammers will initially offer you some good advice to trick you into believing they are legitimate. Once they win your trust, they’ll direct you to a fake website asking for your private information. They will use official-sounding terms like “validate your wallet” and “verify your info”.

Watch out for malicious wallets and apps

While Apple and Google are really good at screening their app stores, fake and malicious apps can still sometimes get through. When scammers get fake versions in official stores, they use screenshots and pictures from the real app as well as fake reviews to make their wallets look legitimate.

Checking to make sure your app is authentic is key to protecting your funds. We go into this information in depth in this article here:

If you are more technical, you can use a checksum and look for the release hashes and verify that the download you have is signed. You can also turn on auto-update in your mobile phone settings or in the desktop app.

Exodus Mobile is offered on Apple devices running iOS 12 or higher as well as Android devices running Android 8.0 Oreo or higher. We offer no other way to download Exodus apart from using the Google Play Store for Android, App Store for iOS, or the direct download links on our website.

Spear phishing via your information that has been leaked

Some scammers use personal information leaked from data breaches to launch targeted attacks. This is called spear phishing. If your email address has been involved in a data breach, then you could be at risk.

A great example of this is the Ledger data leak. As Ledger is a crypto company, the people on the breached email database were likely to have crypto. Knowing this, scammers targeted campaigns to the leaked email addresses. They sent information from spoofed email addresses directing users to “validate” their wallets on malicious sites or apps.

Knowing if your email address has been compromised and being aware that scammers might contact you via email will keep you on alert. We recommend that you check here to see if your email address has been leaked:

Hallmarks of a scam

Be on the lookout for celebrity giveaways, time crunches, and double-back promises. While these are not phishing, they are worth noting while we are talking about scams. Elon Musk, Vitalik Buterin, and Changpeng Zhao (CZ) don’t give away crypto. Adding a famous name to a “promotion” is a way to trick you into a false sense of security.

There are many scam websites that push a very tight time limit or “limited space” so you’ll be rushed to send funds quickly. This is often done on YouTube live streams that have comments disabled. The focus is put on getting double the amount back to make you concentrate on the reward. If it ever sounds too good to be true, especially with crypto, it most certainly is.

What are some common scams?

Be on the lookout for these common scams, and don't fall for them!

Ethereum Merge scam

There was a recent scam about The Merge. A scammer claimed to be from Exodus and told customers that they need to merge their assets.

This is untrue. There was no need to take any action after The Merge. You can read more about it here: Ethereum: The Merge FAQs.

Customers were directed to a malicious link. If you received an email like this, the best thing to do is nothing. Don't click on any links. Your assets are 100% safe. 

Your Exodus wallet is not linked to your email address. The only way Exodus would have your email is if you signed up for our newsletter. If you signed up for our newsletter, your email is not tied to your wallet, so we would have no way of knowing about your assets.

Exodus announces wallet issues through in-app messages or the status page.

If you have any doubts about the validity of an email, or any questions at all, you can always contact Exodus support for confirmation.

Exodus imposters

Scammers will pose as Exodus and will sometimes contact users with spoofed emails to trick users in an attempt to steal their funds. It is a method commonly used by scammers performing spear phishing attacks.

Some of these Exodus imposters might falsely claim that there has been a data breach, action needed to protect or claim your funds, or request that other urgent actions be taken. These are tell-tale signs that the email did not come from Exodus.

Exodus is a non-custodial wallet, you will never be asked to validate your wallet, and Exodus will never ask for your private keys or your 12-word secret recovery phrase.

Don't validate your wallet!

If you are ever asked to enter your 12-word secret phrase or private keys into a form, or send them to a support agent in order to validate your wallet, or prove the wallet belongs to you, don't do it!

No legitimate support team will ever ask for any private information, including 12-word secret recovery phrases, private keys, or passwords.

The only reason anyone would ask for this information is to steal your money.

Don't import TRON 12-word phrases or private keys!

This is a scam to steal your TRX.

Scammers will contact you and provide you with a TRON wallet 12-word secret recovery phrase and/or private key and ask you to recover their funds for them.

There will be funds in the wallet, usually TRON USDT, but there's no TRX to pay for the transaction fees. So you might send a little TRX to the wallet to send out the USDT.

What you don't know is that you've restored a multi-sig TRON wallet. Multi-sig wallets require more than one private key to access funds. Without all the necessary private keys (signatures) you won't be able to withdraw the funds.

This leaves the TRX in the wallet for the scammers. These wallets are usually equipped with bots that send your TRX to another wallet as soon as it's received.

If you’ve restored a multi-sig TRON wallet, you won’t have the necessary permissions to access the TRON. Exodus will notify you of this with a warning.

Don't trust others to help set up your wallet

Some scammers will offer to help you set up your Exodus wallet (or another crypto wallet), or they claim that they can assist with an issue you are having with the wallet. These scammers will pretend to help you, try to confuse you, and take advantage of the situation to gain access to your 12-word secret recovery phrase and steal your funds. Some will even pretend to be Exodus Support.

It is important never to share information like your secret 12-word recovery phrase or private keys with anyone, not even with Exodus Support.

Never allow somebody to remotely access your device, as this is a common method scammers use when they try to steal funds and wallet information.

For example, a scammer could try to confuse you by remotely accessing your device and then change which fiat currency the value of your crypto is shown in, so it looks like you have more (or less) funds.

If you are ever concerned about the value of your crypto, or the amount you hold, you can always check your balance using a blockchain explorer: Why should I use a block explorer?

Remember that you should never share your secret 12-word recovery phrase or private keys with anyone, including Exodus. Exodus Support will never ask for sensitive information, including 12-word phrases, private keys, or passwords.

If you ever have an issue with your wallet, or if you need help setting it up, then make sure you contact the official Exodus support team: How do I contact Exodus Support?

How can I protect myself from scammers?

Protect your private information

The easiest way to protect yourself from being phished is to know what information is for your eyes only. Your 12-word secret recovery phrase and your private keys should not be shared with anyone. There is no legitimate reason why anyone, including crypto support staff, would need this information. The only reason someone would ask you for this information is to steal your funds.

Never enter your private keys or 12-word phrase into any website. For more information on this, you can check out this article here:

Remember as a non-custodial wallet Exodus does not collect any user information. Our staff will never ask you for personal information or to verify your wallet. They will never ask you for your 12-word phrase or private keys. Should you ever receive this type of email or direct message (DM), please ignore the contents and do not click on any links.

For more information about this, you can read these articles:

How to contact Exodus Support

Remember there is no signup necessary or traditional account log in with Exodus. This means Exodus doesn’t have your email address. We will only contact you via email as a reply to an inquiry you’ve already sent to us.

If you need to reach out to Exodus Support, please do so through our official channels. While we do have staff on the major social media channels, our staff will never DM you. If someone is DMing you on a social media platform, they are likely a scammer. Our social media team will only post public replies. Please see the following for more information on how to get in touch with us.:

Further resources

If you are interested in reading more about how to keep yourself and your crypto safe, you can visit these resources:

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.