How to Protect Yourself from Scams

Scams have unfortunately made an impact on our community. It's important to stay alert and protect yourself and your non-refundable crypto assets from scammers. If you ever feel you are being scammed, please email our support team.

Essential rules:

Never, ever, ever share your seed phrase or account password.
Do not trust anyone online. It is trivial for them to lie and change identities.
If you are scammed, there is likely nothing that can be done to recover your funds. If a scammer gets a hold of your seed phrase, they can transfer all of your funds to their account in seconds. It is better to be safe than to risk all of your DOT and KSM.
If it sounds too good to be true, it probably is. People, especially celebrities, do not give away crypto for free. Even if they wanted to, they could just ask for your address as opposed to having you send them tokens.
Scams are absolutely rife in this space. It is easy and cheap to set a scam up, and hard to shut one down. Therefore, the onus is on the user to be as diligent as possible in avoiding them.
If you can, try to always verify new information that you see with an official source, such as Polkadot Network's official blog or Web3 Foundation support. Often scammers will fake a website or a blog post, but if you check it against a secondary source you will reduce the chances of being scammed.

Some Common Types of Scams

Private messages sent to you over Telegram, Twitter, and other social media - admins or employees will never contact you.
"Giveaways" advertising that you "send us some DOT/KSM, we'll send you double back".
Sites where you need to enter your seed phrase in order to "sync" your account, claim tokens, unblock a transactions etc.
Emails asking for DOT/KSM private keys/seeds/etc., posing as a member of any of our teams.
Scammers will take official videos, add "giveaway" text around it so that it looks like the giveaway is supported by Polkadot, Web3 Foundation, Parity, or another well-known entity.
Many scammers will create nearly perfect imitations of sites - always triple-check the URL.
People offering to help you stake or get rewards.
People responding to questions that you asked publicly in a private chat.
Advertisements pointing to imitations of sites asking you to enter your seed words.

These are just some of the types of scams. Scammers are inventing new ones all the time. In general, do not trust anyone messaging you that you did not message yourself, and be wary of anyone attempting to help you or offer you a "deal".

Scammers will often imitate usernames, profile pictures, etc. of well-known members of the community. Often the differences in these accounts will be very minor, such as joe_sm1th or jo_smith instead of joe_smith.

Scammers will often make it seem like the "deal" is only available for a limited time. Do not be tricked by this, it is always better to confirm than to risk losing everything.

Admins will never contact you directly

If you've received a message from an admin over Telegram, ignore it. Our team members will never personally message you. Our social media accounts are posted on our website and any new social media accounts will be announced by our team. We will never offer to sell you DOT at a discount, air-drop "rewards", or message you privately to help with a problem you posted publicly. Our social media can be found below:

Twitter
Reddit
Discord
Polkadot YouTube
Polkadot Medium
Our Community Page also lists more social media accounts that Web3 Foundation, Polkadot, and Kusama have.

Keep your personal data secure

You should never share your seed phrase, password, private keys or any other personal data with anyone. If you are concerned a wallet could be fake, please check out our official list of supported wallets here.

Some simple things that you can do to keep your assets and information secure from hackers:

Keep your seed phrase only on paper, in a secret and secure location.
DO NOT keep your seed phrase on any electronic medium, like the cloud, on your computer, on a USB drive etc.
Never enter your seed or mnemonic phrase directly into a website.
Your seed phrase is meant as a backup in case you lose access to your wallet. Use it only for that purpose and only in wallets you've used before and trust.
Your passwords should be strong and unique. It is recommended that you use a password manager app to create and store your passwords.
Keep your computer free of malware. Although an antivirus can be of great help, it's not a panacea. Safe browsing and downloading is the only way to be sure your computer is clean.
Avoid installing browser extensions from sources you don't trust explicitly.
Store your assets in cold storage, like a hardware wallet or Parity Signer.

Always check the source

For any potential scam, always be sure to do a background check on the source, i.e, look at any username, email, Youtube channel name, URL, etc. If something seems fishy, that's because it likely is. Never enter any personal data if you feel the source could be a scam. Feel free to check with [email protected].

Check twice before sending DOT/KSM

A good practice to take in consideration is to verify the address you are sending crypto to. If you don't know that account, you probably shouldn't be sending your assets there. It's your responsibility to make sure that you understand where you are sending your funds. Crypto is a decentralized space and your only recourse if a mistake is made is by appealing to the council (who usually will not get involved in matters of mistaken transfers - see below).

Install the Polkadot{.js} extension

The extension uses crowd-sourced anti-phishing measures to automatically prevent your browser from displaying known phishing or scam sites. They will be blocked upon loading, helping to prevent you from visiting these sites and thus falling for them.

I Got Scammed - What Can I Do?

In the unfortunate case of having fallen for a scam, there is likely nothing anyone can do to help you restore your funds. Polkadot and Kusama are decentralized platforms and while we do have governance functionality which could technically allow for funds freezing or refunds, it is impossible to prove that you are the original owner, or that you did not sell the tokens and are trying to reclaim them. Additionally, even with addresses that are obviously in possession of a scammer, governance is a slow-moving process; even under ideal conditions, it would take over 56 days to come into effect. The thief could easily monitor the network for governance proposals that would affect their ill-gotten gains and move them to a new address before the proposal is enacted.

You could put together a full account of the transactions and chat messages accompanied by screenshots and explanations, but there is no guarantee stakeholders on the network will help you restore the funds as it would set a dangerous precedent. In fact, there have been several attempts on Polkadot in the past and none have been passed. It is safer for the network and for future users to consider the money lost. Still, your detailed account of the situation might be helpful in preventing others from falling for the same thing so we definitely recommend retracing your steps and talking publicly about them, if it's not too private.

Polkadot Wiki

Basics

Parachains

Advanced

Cryptography

Polkadot Comparisons

Development Guide

Integration Guide

Tools

Resources

Nodes and Dapps

Nominator Guides

Validator Guides

Governance Guides