How to identify onchain scams and secure your KuCoin Web3 Wallet
A very common Web3 scam is tricking you into signing an authorization that quietly hands attackers control of your tokens.
Instead of stealing your seed phrase, they get you to approve a malicious contract – then pull funds whenever they want.
1. eth_sign scams
The eth_sign method lets a DApp ask you to sign an arbitrary hash – effectively a “blank check” if abused. Attackers can craft a malicious transaction and then ask you to sign its hash via eth_sign, bypassing clear UI prompts.
How the scam works:
- A fake DApp or support agent says: “Just sign this message so we can verify your address / unlock your funds.”
- You see a generic hash or random characters in the wallet.
- Behind the scenes, that signature is used to authorize a malicious transaction that moves your funds.
KuCoin Web3 Wallet’s hard block:
Automatic interception: Automatically identifies and blocks eth_sign transactions due to their high phishing nature.
2. Your Web3 safety checklist with KuCoin Web3 Wallet
To sum it up, here’s a simple mental checklist for every onchain action:
- Confirm the site / DApp
- Is the URL from an official KuCoin or project channel?
- Did KuCoin Web3 Wallet show a risk alert or blacklist warning?
- Check the address
- Compare the full address, not just the first/last 4 characters.
- Use your wallet’s address book; avoid copying from history.
- Read the transaction / signature
- What token, what amount, which contract?
- Is this an Approve / Permit or a normal transfer?
- Does the request match what you’re trying to do in the DApp?
- Guard your keys
- Never share your seed phrase or private key.
- Don’t screenshot or screen-share backup phrases.
- Remember: KuCoin will never ask for your seed phrase.
- Monitor approvals & airdrops
- Periodically revoke old DApp approvals.
- Ignore random airdrops and hide suspicious tokens.
About KuCoin Web3 Wallet:
🔗 X (Twitter)
🔗 Telegram Group
🔗 Telegram Channel
🔗 Get KuCoin Web3 wallet