Documentation Index

Fetch the complete documentation index at: https://docs.raydium.io/llms.txt

Use this file to discover all available pages before exploring further.

​

Safety basics

​

Verify the URL

Always check you’re on raydium.io before connecting your wallet. This is Raydium’s only domain. Any variation you see on social media, video descriptions, or NFTs is a scam.

​

Verify transactions

Always double-check what you’re signing in your wallet — even on legitimate sites.

​

Do your own research

Check the token address. Tickers and logos can be set by anyone. The mint address is the true identity of a token. Copy-paste contract addresses instead of typing tickers. Read warnings. Slippage alerts, unknown token prompts, and confirmation dialogs exist for a reason. Ask questions. Join Discord or Telegram for 24/7 support if you’re unsure about something.

​

The taxonomy of Solana scams

Most losses fall into five buckets:

1. Seed-phrase theft — you hand over the 12/24 words, usually to a fake support agent or phishing site.
2. Phishing dApps — a pixel-perfect clone of Raydium (or another app) harvests signatures that drain the wallet.
3. Fake tokens — a token masquerading as USDC / SOL / a legitimate project gets listed, you buy it, you can’t sell.
4. Airdrop bait — unknown tokens appear in your wallet; interacting with them triggers a drain.
5. Social engineering — Discord DMs, Telegram impersonators, “Twitter support”.

Rug pulls (where a project exits with investor funds) are separate and more about token selection than wallet security; covered briefly below.

​

1. Seed-phrase theft

Your seed phrase (12 or 24 words, given to you once when you created the wallet) is the master key. Anyone with the phrase has full control of the wallet forever. Who asks for your seed phrase?

• Legitimate services: no one. Ever. Not Raydium support, not your wallet’s support, not “Anthropic”, not “Solana Foundation”. Full stop.
• Scammers: everyone, in many guises:
  • “Verify your wallet” modals on fake sites.
  • “Wallet Connect support” DMs.
  • “Anti-phishing team” emails.
  • “Migrate your wallet” tweets with a link.

Rules

• Write the phrase on paper during setup. Store it offline, in two physically distinct locations (e.g. home safe + bank deposit box).
• Do not photograph it, screenshot it, paste it into any app, email it, or type it in a “verification” field.
• The only place the phrase should ever be typed is when you choose to restore the wallet on a new device.
• If you think the phrase has been exposed, immediately create a new wallet and move all funds.

​

2. Phishing dApps

Scammers host sites that look exactly like raydium.io (or jup.ag, or a popular project). They buy Google ads for brand terms so the phishing site appears above the real one. What happens You click the ad, see the familiar UI, connect your wallet, approve what looks like a swap — but the transaction is a drain instruction. Fees and tokens disappear. Defenses

• Bookmark the real raydium.io. Always navigate via the bookmark; never via a search engine ad.
• Check the domain character-by-character. raydi︎um.io (with a lookalike character) vs raydium.io is indistinguishable without careful inspection.
• Look at the browser’s URL bar. HTTPS padlock alone is insufficient (phishers get certificates too); read the domain.
• When your wallet pops up a signing prompt, read it. If the transaction says “Transfer all your USDC to ABC…” instead of “Swap 1 SOL for USDC”, reject.
• Use wallets with transaction simulation. Most modern Solana wallets simulate the transaction and display the projected balance changes before you sign. If the simulation shows losses you didn’t expect, reject.

Specifically what a drain looks like A drain is often not a simple “send tokens” instruction. It’s usually:

• A malicious TokenProgram::Approve giving unlimited allowance to the scammer’s address.
• A signed off-chain message (not a transaction) that later lets the scammer signs transactions on your behalf — some Solana “permit”-style signatures.
• A batched set of instructions where one of them is a transfer to the scammer, buried among harmless ones.

If a signing prompt has more than 3–4 instructions and you don’t recognise the programs involved, reject it.

​

3. Fake tokens

Solana has permissionless token creation. Anyone can mint a token called “USDC” with any metadata they want. The Raydium UI guards against this with a verified-mint check — but if you paste a token address directly, the verified check does not apply. How it presents

• A token with symbol “USDC” appears in search results with a price of $0.99 — looks right.
• You swap into it, then try to swap out. The pool has been drained, fee configured at 99%, or the mint has a freeze authority that now freezes your account.
• You can’t recover the funds.

Defenses

• Always use the mint with the verified badge in the Raydium UI for any major token (USDC, USDT, SOL, BTC, ETH).
• Paste the mint address and cross-check it. Canonical mints:
  • USDC: EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v
  • USDT: Es9vMFrzaCERmJfrF4H2FYD4KCoNkY11McCe8BenwNYB
  • wSOL: So11111111111111111111111111111111111111112
  • RAY: 4k3Dyjzvzp8eMZWUXbBCjEvwSkkk59S5iCNLY3QrkX6R
• For memecoins, use the original launch source (usually pump.fun, LaunchLab, or the team’s official site). Do not trust random Telegram links.
• Check the mint authority. Legitimate tokens typically burn the mint authority post-launch — meaning no more tokens can be printed. A fake USDC will have a live mint authority. Solscan shows this on the mint page.

​

4. Airdrop bait

Unknown tokens sometimes appear in your wallet. You didn’t acquire them — someone sent them to you. How it works The token metadata often contains a URL (“Visit xyz-airdrop.com to claim!”). Visiting the site either:

• Phishes your seed phrase.
• Asks you to connect and sign what looks like a claim but is a drain.
• Embeds a malicious token program that charges a fee on every subsequent interaction.

Defenses

• Ignore unknown tokens. Do not click them, do not visit their websites, do not try to sell them.
• If the wallet UI allows, hide unknown tokens. Most Solana wallets ship a “hide spam tokens” or “hide unknown tokens” setting; turn it on.
• Do not interact with the token’s metadata URL even out of curiosity.
• Do not try to “send them back”. Interaction may trigger a malicious instruction.

Some users “close” airdrop token accounts to reclaim ~0.002 SOL of rent. This is safe if the token program is the standard SPL Token program — but Token-2022 tokens with transfer hooks can execute arbitrary code on close. Play safe and just leave them.

​

5. Social engineering

Almost all crypto scams have a human layer. Common patterns:

• “Raydium support” DMs on Discord or Telegram. Raydium does not DM users first. Support happens in public channels.
• “Helper” on X who responds to your panicked “my wallet is stuck” post with a fix. The fix is always to sign something.
• Fake partnership pitches asking you to connect your wallet to “sign a partnership agreement”.
• Impersonators of well-known Solana devs with a slightly modified handle.

Rules

• Never unprompted DMs. If anyone DMs you first claiming to be support, assume they’re a scammer.
• Close open support requests. If you posted “help” in a public channel, the replies in your DMs are the ones to ignore.
• Verify identities out-of-band. If someone claims to be an Anthropic employee / Raydium team member, check their X handle against the team page on the official site.

​

Rug pulls (different category)

A “rug pull” is when a project’s own team exits with investor funds. This is a token-selection problem, not a wallet-security problem. Defenses:

• Check the LP. Is the liquidity locked (Burn & Earn or an equivalent)? Unlocked LP = the team can pull liquidity any time.
• Check the mint authority. Is it burned? Live mint authorities = the team can print unlimited supply.
• Check concentration. If the top-10 holders own 80% of supply, one of them dumping kills the price.
• Prefer tokens that have graduated from LaunchLab — the mint authority is burned and the LP is in Burn & Earn by default.

Tools like Rugcheck, Birdeye’s holder views, and Solscan’s token page help surface these. See reference/glossary for more on “rug pull”, “honeypot”, and “LP lock” terminology.

​

If something goes wrong

​

Seed phrase may be exposed

1. Create a new wallet (different seed phrase).
2. Transfer all funds to the new wallet — SOL and any SPL tokens you care about.
3. Abandon the old wallet forever; do not reuse it even if it “looks fine”.

​

You signed a malicious transaction and funds are gone

1. Move any remaining funds to a new wallet immediately.
2. Report the scammer’s address to Raydium’s Discord and via the X report button for publicity.
3. Unfortunately, Solana transactions are final. Funds sent to a scammer are not recoverable absent law-enforcement action.

​

You approved unlimited token allowance

Visit revoke.cash (they support Solana) and revoke suspicious approvals. This stops future drain transactions but does not recover already-drained funds.

​

You see a transaction you didn’t authorise

Your wallet may be compromised. Move funds immediately; do not investigate first.

​

Quick self-audit

Before depositing serious money, check:

• Seed phrase is on paper, in a secure physical location. Not digital.
• raydium.io is bookmarked; you navigate via the bookmark.
• Your wallet simulates transactions before signing.
• For balances >$1000, you have a hardware wallet or plan to get one.
• You have a separate browser profile for crypto activity (fewer extensions).
• You know the canonical mint addresses for the tokens you care about.

If any of those are “no”, close this tab and fix them before proceeding.

​

Where to go next

• getting-started/first-swap — your first trade, safely.
• getting-started/faq — common questions.
• reference/glossary — terminology.