BETA Solana Wizard โ€” Theory in Academy, Practice in Workshop. Non-custodial, always. View fees
Level 3 ยท Module 3.3

Protecting Yourself from Scams

Crypto scams cost users over $14 billion in 2023 alone. The attacks are sophisticated, well-funded, and target people at every level of experience. The good news: nearly all of them follow the same small set of patterns โ€” and patterns can be learned.

โฑ 14 min read ๐Ÿ”ด Critical โ€” Read Everything ๐Ÿ“– 6 sections

01 Attack Pattern 1: Phishing

The most common attack. A fake website, email, or advertisement that looks exactly like a legitimate service โ€” designed to steal your credentials or seed phrase.

HOW IT LOOKS
An ad for "Phantom Wallet" appears at the top of Google search results. The site looks pixel-perfect. The URL is phantorn.app instead of phantom.app. One letter. Everything else is identical.
THE ATTACK
The fake site asks you to "import your existing wallet" and enter your seed phrase. You do. Within seconds, a bot empties every asset in your wallet.
YOUR DEFENCE
Bookmark every site you use. Never click a Google ad to access a wallet or exchange. Never type wallet URLs โ€” always use bookmarks. HTTPS and the padlock icon mean nothing: phishing sites have them too.

02 Attack Pattern 2: Fake Support

You post in a Discord or Telegram that you're having trouble with a transaction. Within minutes, several "helpful" people DM you offering to help. They claim to be official support for Phantom, Raydium, or whatever you mentioned.

The conversation eventually leads to: "To fix this, you need to enter your seed phrase in this recovery portal."

โ›”
No Legitimate Support Ever Asks for Your Seed Phrase 
Not Phantom support.
Not Raydium support.
Not Solana Foundation support.
Not Solana Wizard support.
Not anyone.
Ever.
Under any circumstance.
For any reason.

03 Attack Pattern 3: Malicious Token Approvals

You connect your wallet to a DeFi protocol or NFT mint. A transaction request appears. You click "Approve" โ€” but instead of the expected swap, you've granted the contract permission to transfer all your tokens at any future time.

UNLIMITED APPROVAL
Many dApps request approval for an unlimited token amount. This is not always malicious โ€” Uniswap does this for UX reasons โ€” but a malicious contract can exploit it to drain your wallet later.
PHANTOM SIMULATION
Phantom's transaction simulation shows what a transaction will do before you sign. If it shows outgoing tokens you didn't expect โ€” reject immediately.
REVOKE.CASH
Visit revoke.cash regularly to see every contract that has approval permissions on your wallet and revoke any you don't recognise or no longer need.

04 Attack Pattern 4: Honeypots and Rug Pulls

These attacks target your investments rather than your wallet directly:

HONEYPOT
A token you can buy but cannot sell. The smart contract is programmed to block all sell transactions (except for the creator's wallet). You buy in, watch the price pump, try to sell โ€” and discover you can't. Use token security checkers before buying any new token.
RUG PULL
A project's team removes all liquidity from the pool and disappears. The token becomes worthless instantly. Warning signs: anonymous team, no audited smart contracts, mint authority not revoked, concentrated LP ownership.
FAKE AIRDROP
Unknown tokens appear in your wallet. Attempting to swap them triggers a contract that requests approval over your real assets โ€” and drains them. Never interact with tokens you didn't receive intentionally.

05 Your Pre-Transaction Checklist

Before signing ANY transaction โ€” apply this checklist every single time, without exception:

  1. 1URL check: Are you on the exact official website? Verify every character of the domain.
  2. 2Simulation check: Read Phantom's transaction simulation. Do the outgoing and incoming amounts match what you expect?
  3. 3Address check: Verify the full destination address โ€” not just the first and last 4 characters. Clipboard malware can silently swap addresses.
  4. 4Amount check: Is the exact amount correct? Check the decimal places.
  5. 5Fee check: On Solana, normal fees are ~$0.00025. A fee of $0.10+ on a simple transfer is a red flag โ€” possibly a malicious contract.
  6. 6Approval scope check: If approving token access, is it for a specific limited amount โ€” not unlimited?

06 The Rules You Cannot Break

๐Ÿ”‘
The Three Unbreakable Rules 
1. Your seed phrase never gets typed, photographed, or spoken aloud. Ever.

2. Every approval gets read before signing. 
   No exceptions โ€” even for familiar protocols.

3. When in doubt, reject.
   You can always redo a legitimate transaction.
   You cannot undo a malicious one.
Security in crypto is your responsibility โ€” there is no fraud department, no chargeback, no insurance. The good news: the patterns above cover 90%+ of all attacks. Know the patterns, follow the checklist, and you will be dramatically safer than the average user.
โ† 3.2 Installing Phantom Wallet 3.4 Networks, Fees, and SOL โ†’