Verify Official Channels Before Answering Support
Start from the official source, then match the account, domain, and chain-facing address before you respond.
On this page
Start with public records
Verification rule
Before you answer a support message, match it against three public records: the official website, the project-controlled social profile, and the chain-facing address or explorer reference.
- Use manually typed or bookmarked domains for first contact.
- Compare wallet and contract addresses across at least two official surfaces.
- Treat last-minute route changes as a security event, not a minor inconvenience.
Source note
What phishing looks like now
CISA says phishing messages can use urgent language, shortened links, and incorrect domains, and that good grammar does not make a message trustworthy.
- Look for lookalike domains and shortened links.
- Do not trust 'help desk' accounts that reach out first.
- If the message says your account is in danger, verify from the source directly instead of using the link provided.
Source note
Red flags
Channel impersonation can be cheap to run and easy to scale, so treat the support path as untrusted until public records match.
- A moderator asks for your seed phrase, QR code, or wallet file.
- The support path only exists inside a DM thread.
- Pinned links on social and the website do not match.
How to use this guide
Check the source before you respond or connect.
Compare the source you plan to use against this briefing. Confirm it independently, and stop if the public record does not match the message.
Primary sources