While Rabby provides robust built-in protections, your own security habits are the final and most important line of defense for your funds.
Keep your Seed Phrase and private keys secure
Your Seed Phrase and private keys are the most sensitive parts of your wallet. No one (not even Rabby) can recover your wallet if your keys are lost or compromised.
Never share them with anyone or enter them on websites, apps, or messages.
Avoid copying and pasting them, as clipboard data can be exposed to malicious software.
Store them offline in a secure location, such as a hardware wallet backup or a written note stored in a safe place.
Recognize common scams and phishing tactics
Deceptive messages
Scammers often impersonate support staff or community moderators on Discord, X (Twitter), or Telegram. They may claim they can help you with a "failed transaction" and ask for your Secret Recovery Phrase or direct you to a fake site to "sync" your wallet. Remember: real support will never ask for your keys.
Spam NFTs and fake tokens
Scammers may airdrop NFTs or tokens to your wallet with names like "Claim your $1,000 reward" or "You've won." These often contain links to malicious apps that attempt to drain your wallet. Rabby Wallet automatically hides most scam tokens—if you still see a suspicious token you didn't buy, do not interact with it.
Fake "Sponsored" Search Ads
When searching for "Rabby," "Uniswap," or other crypto sites on Google, the first few results may be "Sponsored" ads. Scammers buy these ads to lead you to a fake version of the website that looks identical to the real one. Always bookmark official sites and avoid clicking on sponsored search results.
Secure your device
Protect your local environment by keeping your OS and apps updated. Use a strong, unique password for Rabby and install trusted antivirus protection. Avoid downloading unknown files or clicking suspicious links.
Check your approvals regularly
Approvals give smart contracts permission to access or transfer your tokens and NFTs. Unchecked approvals can lead to unauthorized transfers.
Revoke approvals for contracts you no longer use or don't recognize.
Rabby makes this easy with its Approval feature. Review your approvals weekly or after each transaction.
Act immediately when Rabby flags a risky or malicious approval.
Avoid connecting to untrustworthy websites
Be cautious about the websites you connect your wallet to.
Rabby flags known phishing sites to protect you from scams.
Rabby provides credibility insights about websites. You'll see factors like whether the website is listed on trusted platforms (e.g., CoinMarketCap, DeFiLlama) and its popularity.
Websites with low credibility are often scams, and we recommend avoiding them. However, newly launched websites may also show low credibility because they haven't yet built a strong reputation. In such cases, carefully evaluate whether you trust the website before deciding to connect your wallet.
Examine every signature before signing
Always make sure that what you're signing matches what you expect to sign. You need to understand what you're doing and the consequences of the transaction.
For example, if you're claiming an airdrop, you should not be signing a transaction that transfers your valuable tokens to an unknown address. This indicates a scam. In such cases, reject the transaction and disconnect from the Dapp.
Rabby's transaction page helps you understand what you're signing by clearly showing details like balance changes or the contracts you're interacting with.
Gasless transactions aren't always safe. For instance, "permit" transactions often don't require gas but can be used by malicious websites to trick you into giving approvals for your valuable assets. Rabby decodes such transactions and helps you understand them with ease.
Take a moment to carefully review all transaction details and avoid signing anything unexpected or suspicious.
Use the Whitelist feature for trusted addresses
Rabby's Whitelist feature allows you to add trusted addresses. This extra layer of security prevents accidental transfers to unknown addresses.
While the Whitelist feature provides added convenience and security, it does not block unauthorized transactions initiated by someone else if they have access to your private key or Seed Phrase. Stick to your trusted list to minimize risks and always safeguard your private keys.