Before you connect a wallet: five checks for fake DEX and QR-code requests

Before connecting a wallet, treat the page, QR code, and wallet request as separate things to verify. A cautious user should pause, check the source, compare the domain with official channels, read the request, and stop if the flow asks for sensitive access or creates pressure to act immediately.

This guide is prevention-focused. It can help reduce exposure to suspicious requests, but it cannot guarantee that a site is legitimate or reverse a completed blockchain transfer.

Use this five-step pause before connecting, signing, approving, or scanning a QR code connected to a crypto action:

1. Check where the link or QR code came from.
2. Compare the domain with the project’s official website or verified channels.
3. Read the wallet request before approving, signing, or sending.
4. Check token or contract details only against an official reference point.
5. Stop if anyone asks for a seed phrase, private key, wallet credentials, remote access, or an urgent payment.

Cybersecurity guidance from official bodies consistently emphasizes caution around suspicious links, impersonation, and attempts to make users act quickly. QR-code requests deserve the same skepticism as links because the user may not see the destination clearly before opening it.

Fake DEX-style pages may rely on impersonation, urgency, or lookalike interfaces. The safer habit is to verify first, then decide whether any wallet action is necessary.

Be more skeptical when a link or QR code arrives through an unsolicited message, pop-up, ad, social post, event flyer, or support chat. If the source is not independently verifiable, do not use a funded wallet to test it.

Open the project from a known official source instead of trusting the link in front of you. Watch for misspellings, extra words, shortened links, unusual subdomains, and pages that look correct but were not reached through an official route.

Do not treat every wallet pop-up as routine. Pause when the request is vague, hard to understand, broader than expected, or unrelated to the action you meant to take.

A blockchain explorer or token page is useful only when you have something official to compare against. Do not assume that a page is safe simply because it displays a contract address or transaction data.

Close the page if the flow asks for a seed phrase, private key, wallet password, remote access, “synchronization,” an upfront recovery payment, or urgent action to unlock funds. Those requests are not normal safety checks for a wallet user.

Reality: opening a wallet request should not end the verification process. The user still needs to check the source, the domain, and the action being requested.

Reality: a QR code should be treated like a link from a source that must be checked. If the destination is unclear or the source is not trusted, do not continue into a wallet flow.

Reality: removing unnecessary permissions may reduce future exposure, but it should not be presented as a way to reverse completed transfers or guarantee recovery.

A reader sees a QR code promising a limited-time crypto claim. The safer response is to avoid scanning from the ad or post, search for the project’s official channels separately, and ignore the flow if it cannot be confirmed there.

A reader lands on a swap or migration page from a social link. If the domain does not match the official project route, the safer action is to close the tab and reopen only from an independently verified source.

A reader is told to scan a QR code to validate, synchronize, or recover a wallet. If the process asks for secret wallet information, remote access, or payment under pressure, the safer action is to stop and preserve the messages.

Take harm-reduction steps calmly, without sharing wallet secrets or paying anyone who promises guaranteed recovery:

• Disconnect the suspicious site from the wallet interface if the wallet provides that option.
• Review recent wallet activity and note URLs, addresses, transaction hashes, messages, and screenshots that do not expose secrets.
• Move carefully: do not approve new requests from the same page, and seek help only through official support or reporting channels.
• Change related account passwords if the same device, email, or browser session may have been exposed.
• Preserve evidence before deleting messages or browser history.

These checks can reduce avoidable exposure to suspicious links, unclear QR-code destinations, impersonation, and pressure tactics. They cannot prove that every verified-looking page is legitimate, provide legal advice, or guarantee recovery after funds have moved.

Never share seed phrases, private keys, wallet credentials, or remote access with anyone offering help. If you need support, use official channels and keep sensitive wallet secrets out of screenshots, forms, chats, and email.

No. The risk depends on the source, domain, request, and whether the user can independently verify the action before approving it.

Only when the source and destination are trusted enough to verify. Treat a QR code as a link that may lead somewhere you did not intend to go.

Stop immediately. Do not type, paste, photograph, or send seed phrases, private keys, wallet passwords, or recovery credentials.

No. They are practical risk-reduction steps, not a guarantee that a page, request, or crypto transaction is safe.

• CERT Polska: cybersecurity alerts and warnings — https://cert.pl/ (Date checked: October 26, 2023)
• NASK: cybersecurity information — https://www.nask.pl/ (Date checked: October 26, 2023)
• “A Targeting Attack by Dynamic Fake QR Code Using Invisible Laser Irradiation,” SCITEPRESS — https://doi.org/10.5220/0013102500003899 (Date checked: October 26, 2023)
• MetaMask: User Guide — https://metamask.io/user-guide/ (Date checked: October 26, 2023)
• WalletConnect: Docs — https://docs.walletconnect.com/ (Date checked: October 26, 2023)