Privacy and Security

  • Is Rabby Wallet safe
    When it comes to managing your digital assets, security is paramount. Rabby Wallet prioritizes the safety and protection of your funds by implementing a range of industry-leading features. Here’s why Rabby Wallet is one of the safest options for managing your crypto:

     

    Rabby Wallet is self-custodial

     

    The term "self-custodial" comes from the fact that you, the user, are in control of your own digital assets. Unlike traditional systems where a third party (like a bank) holds your assets, a self-custodial wallet like Rabby means you hold the private keys to your wallet.

    This gives you full control over your funds, with no middleman involved. Since you are the only one with access to your private keys, your crypto is secure as long as you keep those keys safe. Rabby Wallet doesn’t store any data about your wallet. Everything is stored locally on your device—there are no personal identifiers or email addresses tied to your account, keeping your information private and secure.

     

    Rabby Wallet is open source

     

    Rabby Wallet is open-source, meaning anyone can inspect the code to verify its security and functionality. This transparency allows independent security researchers and developers to audit Rabby Wallet for vulnerabilities. It also encourages community involvement, enabling users to contribute to improving the wallet's security and performance.

    By making the code publicly available, Rabby Wallet reduces the risk of hidden backdoors or malicious features, boosting your confidence in its security.

    View our code on Github:

    Rabby Extension

    Rabby Mobile

    Rabby Desktop

     

    Rabby Wallet is audited regularly

     

    Rabby Wallet undergoes regular security audits by trusted third-party security firms. These audits are designed to identify potential vulnerabilities in the wallet’s code, smart contracts, and overall architecture. Each audit helps ensure that the wallet’s security measures are up to date and that it meets industry best practices for protecting users' funds.

    View audit reports on Rabby official website

     

    Rabby Wallet offers industry-leading security features

     

    Rabby Wallet is among the first wallets to introduce critical security features that set it apart from others in the industry:

    Transaction simulation: Before signing any transaction, Rabby Wallet simulates the result to ensure it behaves as expected, preventing errors or malicious activity.

    Balance change preview: Rabby Wallet shows you what's coming in and going out of your address before you sign any transaction, providing transparency.

    Risky approval alerts: Rabby alerts you if you've approved risky or potentially malicious contracts, reminding you to revoke them immediately to protect your funds.

    Batch-revoke: Rabby allows you to revoke multiple approvals in a batch, saving you time and effort in regularly checking your approvals.

    Risk alerts: Rabby gives you alerts when a transaction poses a potential risk that could lead to asset loss.

    And more...


    These features set us apart in the industry, ensuring your safety like no other wallet can. And we will continue to innovate and prioritize safety, keeping your funds protected every step of the way!

     

    See more
  • Best practice to stay safe

    Staying safe in the crypto world requires a combination of vigilance and good habits. Here are the best practices to protect your wallet and assets:

     

    Keep your Seed Phrase and private keys secure

     

    Your Seed Phrase and private keys are the most sensitive parts of your wallet.

    • Never share them with anyone or enter them on websites, apps, or messages.
    • Avoid copying and pasting them, as clipboard data can be exposed to malicious software.
    • Store them offline in a secure location, such as a hardware wallet backup or a written note stored in a safe place.

     

    Check your approvals regularly

     

    Approvals give smart contracts or Dapps permission to access or transfer your tokens and NFTs.

    • Revoke approvals for contracts you no longer use or don’t recognize.
    • Rabby makes this easy with its Approval feature. Review your approvals weekly or after each transaction.
    • Act immediately when Rabby flags a risky or malicious approval.

    Unchecked approvals can lead to unauthorized transfers. Regularly reviewing them ensures your assets stay safe.

     

    Avoid connecting to untrustworthy websites

     

    Be cautious about the websites you connect your wallet to.

    • Rabby flags known phishing sites to protect you from scams.
    • Rabby provides credibility insights about websites. You’ll see factors like whether the website is listed on trusted platforms (e.g., CoinMarketCap, DeFiLlama) and its popularity.

    Websites with low credibility are often scams, and we recommend avoiding them. However, newly launched websites may also show low credibility because they haven’t yet built a strong reputation. In such cases, carefully evaluate whether you trust the website before deciding to connect your wallet.

     

    Examine every signature before signing

     

    Always make sure that what you’re signing matches what you expect to sign. You need to understand what you’re doing and the consequences of the transaction.

    • For example, if you’re claiming an airdrop, you should not be signing a transaction that transfers your valuable tokens to an unknown address. This indicates a scam. In such cases, reject the transaction and disconnect from the Dapp.
    • Rabby’s transaction page helps you understand what you’re signing by clearly showing details like balance changes or the contracts you’re interacting with.
    • Gasless transactions aren’t always safe. For instance, “permit” transactions often don’t require gas but can be used by malicious websites to trick you into giving approvals for your valuable assets. Rabby decodes such transactions and helps you understand them with ease.
    • When you sign transactions, Rabby scans for potential risks and displays a warning if any are detected. If you see any risk, stop and review it.

    Take a moment to carefully review all transaction details and avoid signing anything unexpected or suspicious.

     

    Use the Whitelist feature for trusted addresses

     

    Rabby’s Whitelist feature allows you to add trusted addresses. Once enabled:

    • You’ll need to re-confirm transactions to non-whitelisted addresses by entering your password.
    • This extra layer of security prevents accidental transfers to unknown addresses.

    While the Whitelist feature provides added convenience and security, it does not block unauthorized transactions initiated by someone else if they have access to your private key or Seed Phrase. Stick to your trusted list to minimize risks and always safeguard your private keys.

     

    By following these best practices and leveraging Rabby Wallet’s security tools, you can confidently navigate the crypto world while keeping your assets safe.

    See more
  • Why do I see “Scam Tx” in my transaction records
    There are two common situations where you might see "Scam Tx" in your transaction records.
    Receiving or being airdropped random tokens/NFTs
    Scammers may send unsolicited tokens or NFTs to your wallet, attempting to lure you into interacting with them. If you try to stake, swap, or cash out these airdropped tokens, you may be directed to a scam website or a malicious contract.
    scamtx1.png
    Seeing a transfer record that looks similar to your own transfer
    Some users habitually copy recipient addresses from their transaction history when transferring tokens. Scammers can exploit this by creating an address that closely resembles one you frequently use, then sending a small transfer to your address so it appears in your transaction records. The next time you copy an address from your history, you might accidentally select the scammer's address. If you paste this address by mistake, you’ll end up sending funds to the scammer instead of your intended recipient.
    scamtx2.png
    Rabby Wallet automatically detects and flags such transactions as "Scam" to help protect you from fraud. The best practice is to ignore these scam transactions and avoid interacting with unknown tokens or addresses.
    Note: Seeing scam transactions does not mean your wallet has been compromised. These transactions are often attempts to phish or trick you, rather than indications of a security breach.
     
    If you believe a "Scam" mark is a mistake
    If you think that a transaction has been incorrectly flagged as "Scam," please reach out to the Rabby support team. Include a link to the transaction in the block explorer, or provide the transaction hash along with the chain information. This will help our team review the case accurately and address any potential mistakes in marking transactions.
    Please note that the "Scam" mark does not affect the value of your assets in any way. It is only a visual indicator to help you identify potentially suspicious transactions.
    See more
  • How to check if my wallet is safe

    Ensuring your wallet’s safety is crucial to protect your assets. Sometimes, you might feel concerned after visiting a suspicious website, interacting with an unfamiliar Dapp, or noticing unusual activity. It’s natural to want reassurance that your wallet is still secure.

    If you’re worried, follow these steps to check your wallet:

     

    Review your transaction history

     

    The most important step is to thoroughly review your transaction history. If any funds were lost, there will always be a transaction record showing where the assets went. If you don’t see any unauthorized transactions, your funds remain secure.

    Look for any activity you don’t recognize, such as unexpected token transfers or withdrawals. If you notice anything suspicious, take immediate action by revoking approvals or transferring your funds to a secure wallet. You can also contact Rabby Support—we’ll help you understand what happened and explore possible solutions.

     

    Check for suspicious approvals

     

    Use Rabby Wallet’s Approval feature to review contracts you’ve authorized to access your assets. Revoke approvals for any contracts you no longer need or recognize.

    Managing approvals regularly minimizes the risk of unauthorized access to your wallet.

     

    Recall if your Seed Phrase or private key has been shared

     

    Think carefully: Have you ever shared your Seed Phrase or private key with anyone or entered it on a website, app, or message?

    If your Seed Phrase or private key has been exposed, your wallet is at serious risk. In this case, transfer your funds to a new wallet immediately. Make sure the new wallet’s Seed Phrase is stored securely and never shared.

     

    Stay vigilant

     

    Regularly reviewing your wallet and following these steps can help ensure that your assets remain safe. Rabby Wallet’s advanced security tools make it easier to monitor and protect your wallet. Stay proactive to keep your crypto secure.

    See more
  • Avoiding crypto scams

    Rabby Wallet is designed to give you full control over your digital assets. As a self-custodial wallet, Rabby doesn’t store your private keys or funds—you do. This means your crypto is completely yours to manage, providing unparalleled freedom and security.

    However, this also means that protecting your wallet is entirely in your hands. In the crypto world, where transactions are irreversible, staying vigilant is crucial to avoid scams and malicious actors looking to exploit unsuspecting users.

    Rabby Wallet equips you with advanced security features to help you stay safe. With a bit of caution and the right practices, you can explore the crypto ecosystem confidently.

     

    Don't share your Seed Phrase and private keys

     

    Your Seed Phrase and private keys are the keys to your wallet. Anyone who has them can access your funds and send tokens from your accounts.

    Never share them with anyone—this includes the Rabby team or anyone claiming to represent us. Rabby will never ask for your Seed Phrase or private keys. If someone does, refuse to share them, whether it’s through websites, apps, or direct communication.

     

    If you have a significant amount of tokens, consider using a hardware wallet.

    Hardware wallets, often called ‘cold wallets,’ are disconnected from the internet most of the time, keeping your private keys safe from online threats. Transactions can only be authorized with the physical device, adding an extra layer of protection.

     

    Always verify official sources

     

    Scammers often create fake websites, apps, and social media profiles that mimic official ones to trick users into revealing sensitive information or transferring funds. Always double-check URLs, domain names, and official communication channels before interacting. If you’re unsure, cross-check announcements and links from verified sources like the project’s official website or social media channels.

    For Rabby Wallet, ensure you’re downloading the wallet only from our official website https://rabby.io/

     

    Watch out for unknown strangers

     

    If someone you don’t know messages you or replies to your posts about wallet issues, be cautious. Scammers often pose as helpful individuals, claiming to have had similar problems resolved by a certain “solution” or person. They might also impersonate community moderators or support staff.

    Always verify through official channels and never share your Seed Phrase, private keys, or sensitive wallet information with anyone.

     

    Be cautious of enticing offers and false promises

     

    Scammers often prey on users by offering deals that sound too good to be true, such as doubling your money if you send funds to a specific address or guaranteeing massive returns in a short time. These tactics are designed to exploit trust and urgency. Some may even use fake job offers or promotions to lure victims into sending funds or sharing sensitive information.

    Always question offers that require upfront payments or wallet access, and prioritize verifying information through official sources. Trust your instincts—if something feels off, it’s better to avoid it.


    By staying vigilant and leveraging Rabby Wallet’s security features, you can navigate the world of crypto safely and confidently. Your assets are always best protected when you take the right precautions.

    See more
  • How to delete my address

    Due to the nature of blockchain, it’s not possible to permanently delete an address from the blockchain. However, if you no longer want to use Rabby Wallet, you can simply uninstall it.

    Rabby Wallet is a non-custodial wallet, meaning we do not have access to your wallet, its Seed Phrase, or private keys. These are stored securely and privately on your device. When you uninstall Rabby Wallet, all locally stored data will also be removed.

     

    Your ETH addresses are permanent and can’t be deleted, but you can forget or abandon them if you no longer wish to use them.

     

    Delete an address in Rabby Wallet

     

    If you want to remove an address from Rabby Wallet:

    1. Go to More > Manage Address.
    2. Click the Delete button next to the address you want to remove.

    If you delete all addresses associated with a Seed Phrase, you will have the option to “Delete the Seed Phrase” as well.

    Important: Before deleting an address, ensure you have backed up your Seed Phrase. If the Seed Phrase is not backed up, you will not be able to recover the address later, and Rabby Wallet cannot assist in retrieving it.

    See more