Recognize phishing & social engineering
Scammers use fake sites, impersonated support agents, or malicious browser extensions to trick users into revealing seeds or approving transactions. Never enter your seed phrase into a website. If someone asks for your seed, it is a scam.
Warning: Requests for private keys, seed phrases, or one-time codes outside the official wallet interface are malicious. Immediately disconnect and verify via your official MetaMask UI.
Protective habits
- Keep your browser and extension up to date.
- Only install extensions from trusted publishers; audit permissions for installed extensions.
- Use separate browser profiles or dedicated browsing environments for Web3 activity.
If you believe you’ve been exposed
From a secure device: move any remaining funds to a new wallet (create a fresh seed on a secure device or hardware wallet), revoke contract approvals, and revoke connected sites. Report the incident and preserve evidence (timestamps, URLs, screenshots).