Coinbase Wallet

Avoiding crypto scams

Quick tips

  • Protect your recovery phrase. Never share your 12-word recovery phrase. Your recovery phrase is what gives you and only you access to your wallet. 

  • Research dapp websites. Check that the dapp website you want to use is legitimate. Also double-check that you’re using the correct dapp website URL.

  • Slow down. Watch out for grammatical mistakes, typos, and misspelled words. Scammers often make grammar or spelling mistakes.

Phishing

Phishing websites and dapps try to trick visitors into providing their signin credentials or other sensitive information to gain control of their accounts or wallet. These scammers use emails, SMS text messages, social media, and search-engine advertisements to make their sites appear legitimate.

To avoid phishing:

  • Check that you’re using the correct dapp website URL.  

  • Double-check that the dapp website is legitimate. Research the platform thoroughly to validate their services and authenticity.

Giveaway scams

Scammers are using social media to carry out their giveaway scams. They post screenshots of forged messages from companies and executives promoting a giveaway with hyperlinks to fraudulent websites. Fake accounts will then respond to these posts making the scam appear legitimate. The fraudulent websites will then ask that you “verify” your address by sending cryptocurrency to the scam giveaway.

To avoid giveaway scams:

  • Never send cryptocurrency to giveaways under the guise of address verification. 

  • Be skeptical of all giveaways and offers found on social media. Do not trust screenshots in reply messages as images can be forged and altered. 

  • Use a reputable search engine to do research on any entity soliciting you on social media. If the offer sounds too good to be true, it probably is

  • Check the giveaway URL to make sure it’s legitimate.

Dusting attacks

A dusting attack begins when an attacker sends “dust” funds (a tiny amount of crypto) to multiple wallets via an airdrop. If the recipient tries to cash out or move these funds, the attacker will use the activity to try to discover the wallet owner’s identity, which can then be used for phishing scams or other types of attacks. 

Sometimes these tokens will have a URL in the name to try to get the recipient to visit the website for malicious purposes, such as to reveal their seed phrase.

If you receive unexpected dust funds from an airdrop, you can simply leave them alone, in which case the attacker can’t perform the required analysis to try to de-anonymize the address. You can also report the token from your Coinbase Wallet app by selecting the three dots at the top of the asset screen and then selecting Hide & report

Airdropped tokens

An airdrop is when free assets are sent or “dropped” into your wallet by an asset issuer to draw awareness of a new cryptocurrency. We recommend you contact the asset issuer directly for guidance on how to move these assets. For example, some airdropped tokens may be frozen by their smart contract and have complex instructions for trading funds in which you will need the asset issuer’s help.

  • Be extra cautious when receiving airdropped tokens that you’re not familiar with. 

    • For example: Some scammers will use airdrops to get your personal information and attempt to take over your accounts. 

  • Remember that no legitimate airdrop campaign will ask for your 12-word recovery phrase.

Note: An asset can start out as an ERC-20 token and then move on to its own blockchain which may or may not be supported by Coinbase Wallet. Search the asset under Receive in your wallet to see if it’s supported.