Crypto security is your responsibility. Learn how to protect yourself.
Sora Wallet is a self-custody wallet. This means you have complete control over your funds — no one, including us, can access, freeze, or recover your assets.
This is powerful, but it also means you are responsible for your own security. If you lose your recovery phrase or fall for a scam, there's no way to reverse it.
Your recovery phrase is the master key to your wallet. Anyone who has it can steal all your funds. No legitimate service, including Sora, will ever ask for it.
Scammers create fake websites that look identical to real ones. Always double-check the URL before connecting your wallet or signing transactions.
Malicious dApps can request transactions that drain your wallet. Always read what you're signing. If something looks suspicious, reject it.
Your wallet password protects access on your device. Use a strong password that you don't use anywhere else.
You receive random tokens or NFTs in your wallet. When you try to interact with them, you're taken to a malicious site that steals your funds.
Prevention: Ignore unexpected tokens/NFTs. Never visit links from tokens you didn't buy.
Fake websites that look like real dApps or wallet sites. They ask you to enter your recovery phrase to "connect" or "verify" your wallet.
Prevention: Bookmark trusted sites. Never enter your recovery phrase on any website.
Someone on Twitter/Discord/Telegram claims to be from "Sora support" and offers to help with your issue, then asks for your recovery phrase.
Prevention: We never DM first. We never ask for your recovery phrase. Ever.
A dApp requests you to sign a transaction that looks harmless but actually transfers all your assets to the attacker.
Prevention: Read transaction details carefully. If you don't understand it, don't sign it.
Be immediately suspicious if:
If you encounter a scam targeting Sora users, please let us know so we can warn others.
Report to [email protected]