Security and Risk Management

How to Identify Onchain Scams and Secure Your KuCoin Web3 Wallet

Last updated: 03/18/2026

Web3 gives users more control over their assets, but it also means you are responsible for your wallet security. Scammers often target wallet users through fake support accounts, phishing websites, malicious dApps, fake airdrops, and deceptive signing requests.

This guide explains how to recognize common on-chain scams, protect your KuCoin Web3 Wallet, and respond quickly if you think your wallet has been compromised.

1. Understand the basics of wallet security

KuCoin Web3 Wallet is a self-custody wallet. That means you control your wallet credentials and assets. Before anything else, remember these two rules:

  • Your recovery phrase / private key gives full access to your wallet. If anyone gets it, they can control your assets.
  • Blockchain transactions are generally irreversible. Once you approve and sign a malicious transaction, it may not be possible to recover the funds. Because of this, prevention is always more effective than trying to recover assets after a scam.

Because of this, prevention is always more effective than trying to recover assets after a scam.

2. Common onchain scams to watch out for

Phishing websites

Scammers create fake websites that look similar to official project pages, wallet pages, or campaign pages. Their goal is to trick you into connecting your wallet, entering your recovery phrase, or signing a malicious transaction.

Red flags:

  • Slightly misspelled domain names
  • Links shared in Telegram, X, Discord, or private messages
  • Pages that ask for your recovery phrase
  • Urgent messages like “claim now” or “wallet at risk”

Fake support or impersonation scams

Scammers may pretend to be official support staff and contact users through social media, Telegram, Discord, or email.

Red flags:

  • They message you first
  • They ask for your recovery phrase, private key, password, or verification code
  • They ask you to move assets to a “safe wallet”
  • They ask you to install remote access software or share your screen

Malicious dApps and deceptive signing requests

Not every wallet drain happens because a user shared a seed phrase. Many scams happen when users connect to a malicious dApp and sign a harmful approval or transaction.

Red flags:

  • You do not fully understand what you are signing
  • The site asks for broad token approvals without a clear reason
  • The transaction appears unrelated to the action you intended
  • The site uses fake mint, staking, claim, or verification flows

Fake airdrops, fake tokens, and scam NFTs

Scammers often send random tokens or NFTs to wallets to attract attention. The token name or NFT image may tell you to visit a website, claim a reward, or connect your wallet.

Important: Receiving an unknown token or NFT does not mean it is safe. Interacting with it may lead to phishing or malicious approvals.

Address poisoning

Attackers send tiny transactions from an address that looks similar to one you used before, hoping you will copy the wrong address from your transaction history.

Best practice: Never copy a recipient address from transaction history without checking the full address carefully.

Dust attacks

A scammer may send a tiny amount of tokens to many wallets. On its own, this does not necessarily steal funds, but it may be used to track activity, bait users into interaction, or support later phishing attempts.

3. What to check before every wallet action

Before connecting your wallet, signing a message, approving a token, or sending funds, pause and review these items:

Check the website

  • Make sure you are on the official domain. Verify all the KuCoin official channels here
  • Avoid links from unknown messages or comments
  • Bookmark official websites you use often

Check the transaction request 

  • Read what the request is actually asking you to approve
  • Watch for unlimited token approvals
  • Be cautious with unfamiliar smart contracts
  • If the request looks different from what you expected, reject it

Check the address

  • Verify the full recipient address, not just the first and last characters
  • Do not rely on copied addresses from wallet history 
  • Double-check addresses pasted from chat apps or screenshots

Check the token or NFT 

  • Do not trust a token just because it appears in your wallet
  • Do not click links attached to unknown NFTs or spam assets
  • Verify token contracts from official project sources

4. What to do if you think your wallet is compromised

If you suspect that you approved a malicious transaction, exposed your recovery phrase, or connected to a scam site, act immediately.

If you only connected to a suspicious dApp

  • Disconnect the dApp
  • Revoke suspicious token approvals (Settings > Security > Approvals)
  • Monitor your wallet activity closely

If you signed a suspicious approval or transaction

  • Move any remaining assets to a new, secure wallet as soon as possible
  • Revoke approvals if possible
  • Stop interacting with the suspicious site immediately

If your recovery phrase or private key was exposed

Treat the wallet as fully compromised.

  • Create a brand-new wallet
  • Move remaining assets to the new wallet immediately
  • Do not continue using the compromised wallet

5. How to report a scam

If you believe you were targeted by a scam, collect the following first:

  • Wallet address
  • Transaction hash
  • Suspicious website URL
  • Token contract address, if relevant
  • Screenshots of chats, pages, and signing prompts

Then:

  • Report the incident through KuCoin’s official support channels
  • Report suspicious wallet addresses or sites to relevant anti-scam reporting platforms
  • Consider reporting the incident to local law enforcement if funds were stolen

About KuCoin Web3 Wallet:

X (Twitter)
Telegram Group
Telegram Channel
Get KuCoin Web3 wallet