> ## Documentation Index
> Fetch the complete documentation index at: https://docs.raydium.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Trust & safety

> Stay safe while using Raydium and other dApps. How to prevent and detect scams that drains Solana Users.

<Info>
  **The single most important rule on Solana:** never share your seed phrase. Everything else on this page is secondary to that.
</Info>

# Safety basics

## Verify the URL

Always check you're on [`raydium.io`](https://raydium.io) before connecting your wallet. This is Raydium's only domain. Any variation you see on social media, video descriptions, or NFTs is a scam.

## Verify transactions

Always double-check what you're signing in your wallet — even on legitimate sites.

## Do your own research

Check the token address. Tickers and logos can be set by anyone. The mint address is the true identity of a token. Copy-paste contract addresses instead of typing tickers.

Read warnings. Slippage alerts, unknown token prompts, and confirmation dialogs exist for a reason.

Ask questions. Join Discord or Telegram for 24/7 support if you're unsure about something.

<Info>
  Before using Raydium, make sure you've read and understood the [`disclaimer`](https://raydium.io/docs/disclaimer/).
</Info>

## The taxonomy of Solana scams

Most losses fall into five buckets:

1. **Seed-phrase theft** — you hand over the 12/24 words, usually to a fake support agent or phishing site.
2. **Phishing dApps** — a pixel-perfect clone of Raydium (or another app) harvests signatures that drain the wallet.
3. **Fake tokens** — a token masquerading as USDC / SOL / a legitimate project gets listed, you buy it, you can't sell.
4. **Airdrop bait** — unknown tokens appear in your wallet; interacting with them triggers a drain.
5. **Social engineering** — Discord DMs, Telegram impersonators, "Twitter support".

Rug pulls (where a project exits with investor funds) are separate and more about **token selection** than **wallet security**; covered briefly below.

## 1. Seed-phrase theft

Your seed phrase (12 or 24 words, given to you once when you created the wallet) is the **master key**. Anyone with the phrase has full control of the wallet forever.

**Who asks for your seed phrase?**

* **Legitimate services:** no one. Ever. Not Raydium support, not your wallet's support, not "Anthropic", not "Solana Foundation". Full stop.
* **Scammers:** everyone, in many guises:
  * "Verify your wallet" modals on fake sites.
  * "Wallet Connect support" DMs.
  * "Anti-phishing team" emails.
  * "Migrate your wallet" tweets with a link.

**Rules**

* Write the phrase on paper during setup. Store it offline, in two physically distinct locations (e.g. home safe + bank deposit box).
* **Do not** photograph it, screenshot it, paste it into any app, email it, or type it in a "verification" field.
* The only place the phrase should ever be typed is when **you** choose to restore the wallet on a new device.
* If you think the phrase has been exposed, immediately create a new wallet and move all funds.

## 2. Phishing dApps

Scammers host sites that look exactly like raydium.io (or jup.ag, or a popular project). They buy Google ads for brand terms so the phishing site appears above the real one.

**What happens**

You click the ad, see the familiar UI, connect your wallet, approve what looks like a swap — but the transaction is a drain instruction. Fees and tokens disappear.

**Defenses**

* **Bookmark the real raydium.io**. Always navigate via the bookmark; never via a search engine ad.
* **Check the domain character-by-character.** `raydi︎um.io` (with a lookalike character) vs `raydium.io` is indistinguishable without careful inspection.
* **Look at the browser's URL bar.** HTTPS padlock alone is insufficient (phishers get certificates too); read the domain.
* **When your wallet pops up a signing prompt, read it.** If the transaction says "Transfer all your USDC to ABC..." instead of "Swap 1 SOL for USDC", reject.
* **Use wallets with transaction simulation.** Most modern Solana wallets simulate the transaction and display the projected balance changes before you sign. If the simulation shows losses you didn't expect, reject.

**Specifically what a drain looks like**

A drain is often **not** a simple "send tokens" instruction. It's usually:

* A malicious `TokenProgram::Approve` giving unlimited allowance to the scammer's address.
* A signed off-chain message (not a transaction) that later lets the scammer signs transactions on your behalf — some Solana "permit"-style signatures.
* A batched set of instructions where one of them is a transfer to the scammer, buried among harmless ones.

If a signing prompt has more than 3–4 instructions and you don't recognise the programs involved, reject it.

## 3. Fake tokens

Solana has permissionless token creation. Anyone can mint a token called "USDC" with any metadata they want. The Raydium UI guards against this with a **verified-mint check** — but if you paste a token address directly, the verified check does not apply.

**How it presents**

* A token with symbol "USDC" appears in search results with a price of \$0.99 — looks right.
* You swap into it, then try to swap out. The pool has been drained, fee configured at 99%, or the mint has a freeze authority that now freezes your account.
* You can't recover the funds.

**Defenses**

* **Always use the mint with the verified badge** in the Raydium UI for any major token (USDC, USDT, SOL, BTC, ETH).
* **Paste the mint address and cross-check it.** Canonical mints:
  * USDC: `EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v`
  * USDT: `Es9vMFrzaCERmJfrF4H2FYD4KCoNkY11McCe8BenwNYB`
  * wSOL: `So11111111111111111111111111111111111111112`
  * RAY: `4k3Dyjzvzp8eMZWUXbBCjEvwSkkk59S5iCNLY3QrkX6R`
* **For memecoins, use the original launch source** (usually pump.fun, LaunchLab, or the team's official site). Do not trust random Telegram links.
* **Check the mint authority.** Legitimate tokens typically burn the mint authority post-launch — meaning no more tokens can be printed. A fake USDC will have a live mint authority. Solscan shows this on the mint page.

## 4. Airdrop bait

Unknown tokens sometimes appear in your wallet. You didn't acquire them — someone sent them to you.

**How it works**

The token metadata often contains a URL ("Visit xyz-airdrop.com to claim!"). Visiting the site either:

* Phishes your seed phrase.
* Asks you to connect and sign what looks like a claim but is a drain.
* Embeds a malicious token program that charges a fee on every subsequent interaction.

**Defenses**

* **Ignore unknown tokens.** Do not click them, do not visit their websites, do not try to sell them.
* **If the wallet UI allows, hide unknown tokens.** Most Solana wallets ship a "hide spam tokens" or "hide unknown tokens" setting; turn it on.
* **Do not interact with the token's metadata URL** even out of curiosity.
* **Do not try to "send them back".** Interaction may trigger a malicious instruction.

Some users "close" airdrop token accounts to reclaim \~0.002 SOL of rent. This is safe if the token program is the standard SPL Token program — but Token-2022 tokens with transfer hooks can execute arbitrary code on close. Play safe and just leave them.

## 5. Social engineering

Almost all crypto scams have a human layer. Common patterns:

* **"Raydium support" DMs** on Discord or Telegram. Raydium does not DM users first. Support happens in public channels.
* **"Helper" on X** who responds to your panicked "my wallet is stuck" post with a fix. The fix is always to sign something.
* **Fake partnership pitches** asking you to connect your wallet to "sign a partnership agreement".
* **Impersonators** of well-known Solana devs with a slightly modified handle.

**Rules**

* **Never unprompted DMs.** If anyone DMs you first claiming to be support, assume they're a scammer.
* **Close open support requests.** If you posted "help" in a public channel, the replies in your DMs are the ones to ignore.
* **Verify identities out-of-band.** If someone claims to be an Anthropic employee / Raydium team member, check their X handle against the team page on the official site.

## Rug pulls (different category)

A "rug pull" is when a project's own team exits with investor funds. This is a **token-selection** problem, not a wallet-security problem. Defenses:

* **Check the LP.** Is the liquidity locked (Burn & Earn or an equivalent)? Unlocked LP = the team can pull liquidity any time.
* **Check the mint authority.** Is it burned? Live mint authorities = the team can print unlimited supply.
* **Check concentration.** If the top-10 holders own 80% of supply, one of them dumping kills the price.
* **Prefer tokens that have graduated from LaunchLab** — the mint authority is burned and the LP is in Burn & Earn by default.

Tools like Rugcheck, Birdeye's holder views, and Solscan's token page help surface these. See [`reference/glossary`](/reference/glossary) for more on "rug pull", "honeypot", and "LP lock" terminology.

## If something goes wrong

### Seed phrase may be exposed

1. Create a new wallet (different seed phrase).
2. Transfer all funds to the new wallet — SOL and any SPL tokens you care about.
3. Abandon the old wallet forever; do not reuse it even if it "looks fine".

### You signed a malicious transaction and funds are gone

1. Move any remaining funds to a new wallet immediately.
2. Report the scammer's address to Raydium's Discord and via the X report button for publicity.
3. Unfortunately, Solana transactions are final. Funds sent to a scammer are not recoverable absent law-enforcement action.

### You approved unlimited token allowance

Visit [revoke.cash](https://revoke.cash) (they support Solana) and revoke suspicious approvals. This stops future drain transactions but does not recover already-drained funds.

### You see a transaction you didn't authorise

Your wallet may be compromised. Move funds **immediately**; do not investigate first.

## Quick self-audit

Before depositing serious money, check:

* [ ] Seed phrase is on paper, in a secure physical location. Not digital.
* [ ] raydium.io is bookmarked; you navigate via the bookmark.
* [ ] Your wallet simulates transactions before signing.
* [ ] For balances >\$1000, you have a hardware wallet or plan to get one.
* [ ] You have a **separate browser profile** for crypto activity (fewer extensions).
* [ ] You know the canonical mint addresses for the tokens you care about.

If any of those are "no", close this tab and fix them before proceeding.

## Where to go next

* [`getting-started/first-swap`](/getting-started/first-swap) — your first trade, safely.
* [`getting-started/faq`](/getting-started/faq) — common questions.
* [`reference/glossary`](/reference/glossary) — terminology.
