Articles on: User FAQ

How do I detect online scams and avoid them ?

One of the biggest threats in crypto is getting tricked into giving your private keys or 24-word secret recovery phrase to a scammer. Our Support team will never ask for this information. In the decentralized web, you are responsible for your security. Do your due diligence as you are the custodian of your tokens and wallet.


A phishing scam is a fraudulent method of impersonating famous people or pretending to be from reputable companies to convince people to reveal personal information. They typically send fake emails, create fake websites, and make sham social posts to get your 24-word secret backup phrases, private keys, or other personal information to steal your money.

Once someone has stolen crypto from your wallet, it’s not possible for anyone to reverse the transaction. Immutability, or the inability to cancel or reverse transactions, is one of the core features of blockchain technology.
Torus Support team will never reach out to you asking for any personal information. Please report or block any such individuals or groups impersonating us.


Spoofing is when a malicious website is disguised as a known, trusted platform. Spoofed websites might look nearly identical to an official website, but if you look closely, you will spot minor differences. For instance, scammers will use a domain address that looks very closely related to the real site. They might change one letter of the company name or use different domain extensions such as .biz .info, etc.

Spoofed websites are successful as many scammers purchase advertising space on search engines. This allows their advertising links to appear higher in the search results, which then causes people to think it’s legitimate. As such, try to avoid clicking on ad links when searching for a website.

While some ads will bring you to the correct websites, it’s a good security practice to click only on the search engine results and check that the address begins with https://, and the URL is spelled correctly, so you know your link is secure.

Scam Tokens

Scammers create scam tokens in an effort to fool victims into believing they've been given tokens of value. There are a few precautions you can take to detect this:

First, check the contract address of the token in question

To locate a contract address, click on the transaction ID from the Activity tab of your Torus Wallet. for any tokens you’ve received, and you'll be taken to that transaction on a block explorer. The token's contract address is displayed within the transaction's information:

Then search for the token by name on CoinMarketCap. The token's contract address can be found under Contracts:

Finally, compare the contract address you found on CoinMarketCap to the token in question. If the token is legitimate, the contract address will match

Another quick way to determine a token's legitimacy is to search the token's contract address on a block explorer:

Block explorers provide information on a few key areas regarding tokens:

Token reputation - indicated by a blue checkmark
Holders & Total Transfers
Code verification with Audit Report
Contract Address

Now, Compare it to a scam counterpart of the same token:

In this example, the scam token has:
an unknown reputation
a low number of holders and total transfers
no audit done on the source code (even though the source code is a match)
the contract address does not match what is listed on CoinMarketCap.

Although none of these checks automatically rule out a token's legitimacy, a token lacking all those criteria is suspect.

If you're still unsure if your token is legitimate, open a Support Ticket with us here.

Malicious wallets and Dapps

While Apple and Google Playstore are official platforms, sometimes fake and malicious apps get listed. When scammers get fake versions in official stores, they use screenshots and pictures from the real app, as well as fake reviews, to make their wallets look legitimate.

Torus Wallet is only accessible via our official link on your web, mobile or tablet browser. Do not install any apps which disguise to be us from Apple /Google Playstore as we do not have any iOS/Android app.
Be very careful when you connect your Torus Wallet to other Dapps online. Always check the application you are connecting your wallet to. Torus Wallet/Web3Auth will not be responsible for any interactions or losses made with such illegitimate Dapps.

Things to avoid

Don't allow others to help set up your wallet
Don't share your wallet QR code with unknown people
Don't allow anyone remote access to your device
Torus Wallet does not offer support on Telegram or Discord. If someone on Telegram or Discord claims to be from Torus support, and offers to assist with an issue you are having with your wallet then it is a scam. If you need any assistance, only contact by clicking here
Avoid interacting with individuals or groups who claim to have special expertise or resources that can help recover lost funds.
Don't validate your wallet! If you are ever asked to enter your 24-word backup phrase or private keys into a form, or prove the wallet belongs to you, avoid it!
Be careful when sending crypto using QR codes. If you're asked to send a small amount of crypto to verify your wallet address by scanning a QR code, avoid it!
Don't import unknown secret recovery phrases or private keys!
Scammers might pose as Torus Support and will sometimes contact users with spoofed emails or direct messages via Telegram/Discord with content to protect, verify your account or other urgent actions to be taken attempting to trick users to steal their funds. Our Support team will never reach out to you asking for any personal information and we are taking measures to block such scammers on our Telegram/Discord groups.

Fake Investment opportunities

Scammers often use sophisticated tactics to create a sense of urgency or to create the impression that the investment is legitimate.

Below are some of the signs of such fake schemes:

Guaranteed high returns.
Pressure to invest quickly.
Unsolicited offers.
Lack of transparency.
Requiring upfront fees
Fake Twitter and other Social media channels

Rugpulls and Airdrop scams

A rug pull is a scam where a cryptocurrency or NFT developer hypes a project to attract investor money, only to suddenly shut down or disappear, taking investor assets with them.

How it works

A token is created
The token is promoted, through airdrops, spamming through social media channels
The price of the token is inflated, often in a coordinated manner between a number of parties
Unwary investors buy due to the perception that the value is skyrocketing and they want to get in when the token is still relatively cheap
When the value of the token reaches the target that the creators were aiming for, or whenever they decide to, the scammers liquidate their shares or swap for another cryptocurrency, perhaps dropping the value of the token to below what it had been when the unwary investors had bought
The unwary investor has lost value, and is left with tokens worth next to nothing.

What to do?

Take the time to do your research. How long has the token been around? Search the block explorer, and see if you can figure out what the distribution of the token is like, and if the market has been fully diluted. Are there a handful of accounts holding a majority of the tokens? Is it being spoken about aggressively on chat platforms? Does the token have any true utility — or example, is it used in a video game? Or is it just a meme-inspired token?

An airdrop consists of a token creator sending some quantity of tokens to Ethereum addresses randomly. Torus Wallet does not offer any airdrop.

How it works

A wallet user , examining their wallet on a blockchain explorer, notices they've got some new tokens, probably even millions of a new token which they didn't pay for. This means they're the recipient of an airdrop!
The wallet holder attempts a swap of the tokens , maybe for some ETH, and nothing seems to happen. The user goes to the block explorer, and sees a message like this one which cryptically indicates they need to go to a 3rd Party website
Once on the 3rd Party site, a few things might happen:
The user might be tricked (phished) into putting their Backup Recovery Phrase into the website, at which point the scammers have control over their entire wallet.
You go to claim your tokens, and Torus Wallet pops up with a confirmation message. You confirm the transaction, but what you don't realize is that you're giving the page permission to take your tokens, rather than give you tokens.

NFT Airdrop Scams

If you notice suspicious items in the Collectibles tab of your wallet that you did not purchase, looking more like an ad than digital art, and informing you that you can claim your airdrop by clicking on the link to their website, do not proceed. This is an emerging scam method, and the website is most likely phishing for your Recovery Phrase. It's best not to interact with the NFT at all and just ignore it.

Updated on: 08/09/2023

Was this article helpful?

Share your feedback


Thank you!