The internet can be dangerous when you have a Swiss bank in your pocket. Self custody of your digital assets comes with responsibilities, including securing yourself against attacks and scams.
Scammers will usually try to get you to send them your money or your Recovery Phrase. Never share your password or Recovery Phrase with anyone! They may try to create a sense of urgency so you act quickly and irrationally. If anything ever happens, you need to take your time and think. If something is wrong and you need help, stopping and breathing cannot ever make things worse, but acting carelessly most likely will. If you ever suspect someone may have accessed your Recovery Phrase, please read our security article here.
We will list below some common tactics used by scammers to try and take your funds.
Fake support agent
If you have issues and try get help via any public channel, you may be contacted by a scammer pretending to be a support agent. The only real Koala Wallet support channels are this website support.koalawallet.io and the email firstname.lastname@example.org. Real support agents will reply via these channels. While Koala Wallet has official social media presence, we encourage you to seek support via the links above. Any other way you're most likely to be approached by a scammer.
Fake website or contract
It's not hard to create a fake website that looks exactly like a legit one, and addresses can also be deceiving when using lookalike characters. Don't click on links received by email or you may be led to a fake website. If possible, open the desired website from your bookmarks list to check the information contained in the email. Using a password manager can also help detect fraudulent websites, as you won't be automatically logged in. Also don't interact with smart contracts that you don't know or trust. What looks like a simple NFT randomly sent to your address could in fact be a trap.
Wallet activation / backup site
Scammers can claim to want to help you "activate", "unblock" or "back up" your wallet. Those claims are a lie, of course. Among other things, you will be asked for your wallet's Recovery Phrase, and upon providing it, the thieves immediately drain the wallet of all funds. As explained in our security article, you should never share your phrase with anyone or anything. The only software you should write it on is the Koala app itself. Backups should be done offline.
Malware and clipboard hijacking
It's possible that malware in your device detects when a cryptocurrency address is copied to the clipboard. The malware can then replace the address with one belonging to the attacker, so when you paste it you end up sending funds to the thief. It can also detect private keys or recovery phrases, and send them to the attacker if your device is connected to the internet. Always be mindful of which apps you install or which sites you visit to avoid infecting your device. When pasting addresses, take a few seconds to check that the value pasted is the same as the original one. Avoid copying raw private keys or recovery phrases on connected devices.
Binary options, pump signals, guaranteed returns, send and receive 2x the money in return... Scammers count on their targets being greedy. None of what they say is true. If anyone contacts you offering these things, block them immediately. The best way to make money still is honest and hard work.
You received a prize
Scammers can try to fool you into thinking you just won a prize, or that you just received access to a web wallet that contains a very large balance, all yours for the taking. But to collect the prize or withdraw the balance, you are asked to first make a deposit sending some of your own money. Don't do it, the prize is just a bait! Remember that cryptocurrency transactions are irreversible. Once your coins are sent, only the receiver could ever send them back. And if a scammer doesn't immediately disappear with your funds, they will only try to get you to send more.