Coinbase Wallet

Identify and avoid malicious dapps

Quick tips

  • Protect your recovery phrase. Never share your 12-word recovery phrase. Your recovery phrase is what gives you and only you access to your wallet. 

  • Research dapp websites. Check that the dapp website you want to use is legitimate. Also double-check that you’re using the correct dapp website URL.

  • Slow down. Watch out for grammatical mistakes, typos, and misspelled words. Scammers often make grammar or spelling mistakes.

A dapp is the commonly used abbreviation referring to decentralized apps. Dapps are conceptually the same as apps or games you might use on your computer or phone. The key difference is that dapps are built on and powered by decentralized protocols such as Ethereum. You can use dapps to exchange tokens, buy and trade collectibles, make payments, and more.

To protect your wallet:

  • Connect and use dapps supported through WalletLink.  

  • Monitor the connected apps in your Coinbase Wallet. Go to Settings > Connected Apps to see all the apps your wallet is linked to. 

  • Keep track of your token approvals and revoke them as needed. Learn more

  • Only use legitimate dapps. Take time to look into whether the dapp maker has a good reputation. If you use a dapp that isn’t trustworthy or following security best practices like smart contract code audits, your information could be compromised due to bugs or other product weaknesses. The dapp you want to use should display that they’ve been reviewed or audited by one of the top security and smart contract auditing companies in this Hackernoon article.

  • Only send cryptocurrency to entities you trust. When you send cryptocurrency to a blockchain address, you must be certain of the legitimacy of any involved third-party services and merchants.

  • Do your research. Take time to look into whether the dapp maker has a good reputation.

    • Review publicly posted data about the dapp. You can often find on-chain data graphs that will show fluctuations in users or volume that could indicate a risk.

    • Ensure the dapp is not impersonating another dapp. Double check URLs to inspect for slight changes that are commonly overlooked, such as extra letters or swapped characters (like the number 0 and the letter O).

    • Use a VPN when accessing dapps, especially on public networks, to prevent unauthorized access to your assets.

    • Confirm the dapp is audited by a top security and smart contract auditing company.

Keep in mind that cryptocurrency transactions are irreversible. If you send cryptocurrency to a third party, you cannot reverse or stop the payment. Furthermore, if you lose access to your recovery phrase, Coinbase cannot help recover it. It is very important that you keep your 12-word recovery phrase secure. We recommend storing it in a secure location or backing up your Coinbase Wallet.

Important: Malicious dapps can make false claims on their website that they were audited by a reputable auditing company, as well as claim that Coinbase is one of their partners. Always research the dapp to make sure they are legitimate. 

Links to third-party websites will open new browser windows. Coinbase accepts no responsibility for content on third-party websites.