Skip to content

Security Guide

syntaxval edited this page Aug 13, 2018 · 4 revisions

Iron Rules

Bookmark our page and use the bookmark to always navigate to our website.

If you see the link to our website posted on social media, forum groups, or even Google Ad do not click on it. Those links could really be taking you to a phishing site, which looks identical to ours and by the means of different techniques will try to steal your funds.

Never submit your secret key or mnemonic phrase. We will not ask for it.

As mentioned above, please, never submit your secret information. The secret key or your mnemonic phrase is for your eyes only. It needs to remain that way for as long as you are willing to fund and use your account and care that your funds will not get stolen. There is nothing we can do if someone steals your funds due to the fact that they got hold of your secret information somehow.

Always check your Ledger device's screen to confirm the information displayed on your computer screen is the same.

There is a possible attack vector during transaction signing with your Ledger device. When you see confirmation on the screen for your transaction, and it looks correct, always check that the Ledger device used to sign it displays exactly the same information, especially, pay attention to the amount and destination address. It is possible that if someone cloned the website and changed transactions code to display to you your intended info and inject their destination account into the transaction. The Ledger would show that however on its screen, that is why it is important to compare the two sources of information.

In addition, please read this brief security guide provided by Stellar.