# Common Crypto Scams
ELLIPAL is a self-custody cold wallet. This means only you control your wallet, seed phrase, and private keys. ELLIPAL cannot access, freeze, cancel, or reverse blockchain transactions.
***
### Common Scams Targeting ELLIPAL Users
#### Fake Customer Support Scams
{% columns %}
{% column %}
{% endcolumn %}
{% column %}
{% endcolumn %}
{% column %}
{% endcolumn %}
{% endcolumns %}
**How It Works:**\
Scammers pretend to be ELLIPAL support staff on Telegram, Discord, X, Facebook, email, or other platforms. They may claim your wallet has a problem and ask for your seed phrase, private key, PIN, or Passphrase.
**How to Stay Safe:**\
ELLIPAL will never ask for your seed phrase, private key, PIN, or Passphrase. Do not share them with anyone.
***
#### Fake ELLIPAL Phishing Email Scams
{% columns %}
{% column width="58.333333333333336%" %}
{% endcolumn %}
{% column width="41.666666666666664%" %}
{% endcolumn %}
{% endcolumns %}
**How It Works:**\
Scammers may send emails pretending to be ELLIPAL. Some emails use fake or misspelled domains. More advanced emails may look like they come from a real ELLIPAL domain, but are sent through a third-party email platform.
These emails may ask you to verify, sync, secure, restore, or upgrade your wallet. They may include fake links, buttons, attachments, or QR codes.
**How to Stay Safe:**\
Do not trust an email only because it looks like it comes from ELLIPAL. Check the real sender address, domain, reply-to address, and links carefully.
Do not click suspicious links, download attachments, or scan QR codes from emails. ELLIPAL will never ask for your seed phrase, private key, PIN, or Passphrase by email.
***
#### Fake ELLIPAL App Scams
{% columns %}
{% column width="33.33333333333333%" %}
{% endcolumn %}
{% column width="33.33333333333333%" %}
{% endcolumn %}
{% column width="33.33333333333333%" %}
{% endcolumn %}
{% endcolumns %}
**How It Works:**\
Scammers create fake ELLIPAL apps or APK files and share them through search ads, social media, or unofficial websites. These fake apps may ask users to enter their seed phrase.
**How to Stay Safe:**\
Only download the ELLIPAL App from the official ELLIPAL website, Apple App Store, or Google Play Store. Do not install apps from unknown links or third-party APK websites.
***
#### Fake Website / Phishing Website Scams
{% columns %}
{% column %}
{% endcolumn %}
{% column %}
{% endcolumn %}
{% column %}
{% endcolumn %}
{% endcolumns %}
**How It Works:**\
Scammers create websites that look like the official ELLIPAL website. These sites may ask users to “verify,” “sync,” “restore,” “secure,” or “fix” their wallet.
Fake website domains may look related to ELLIPAL, but they are not official. They may include extra words such as “resolver,” “fix,” “dapps,” “desktop,” “support,” “secure,” “sync,” or “restore.”
The only official ELLIPAL website is:
```
https://www.ellipal.com/
```
**How to Stay Safe:**\
Always check the website domain carefully before clicking links, downloading apps, or following any wallet instructions.
Do not trust websites just because the domain contains “ELLIPAL.” Scammers may add ELLIPAL-related words to make fake websites look official.
Never enter your seed phrase, private key, PIN, or Passphrase into any website. Any website asking for this information is a scam.
***
#### Seed Phrase Verification Scams
{% columns %}
{% column width="66.66666666666666%" %}
{% endcolumn %}
{% column width="33.33333333333334%" %}
{% endcolumn %}
{% endcolumns %}
**How It Works:**\
Scammers claim your wallet is at risk, your account is frozen, or your device needs verification. They then ask you to provide your seed phrase.
**How to Stay Safe:**\
Your seed phrase is the key to your assets. Anyone who has it can move your funds. Never type it into any website, app, form, or chat.
***
#### Fake Airdrop / NFT / Reward Scams
{% columns %}
{% column %}
{% endcolumn %}
{% column width="33.33333333333333%" %}
{% endcolumn %}
{% column width="33.33333333333333%" %}
{% endcolumn %}
{% endcolumns %}
**How It Works:**\
Scammers send links claiming that you can receive free tokens, NFTs, rewards, or special ELLIPAL benefits. These links may ask you to connect your wallet or sign a transaction.
**How to Stay Safe:**\
Do not connect your wallet to unknown websites. Do not sign transactions you do not fully understand.
***
#### Malicious DApp / Wallet Drainer Scams
{% columns %}
{% column width="50%" %}
{% endcolumn %}
{% column width="50%" %}
{% endcolumn %}
{% endcolumns %}
**How It Works:**\
Fake websites may look like real DeFi platforms, staking websites, swap services, or airdrop pages. Once users connect their wallet or approve a transaction, the scammer may gain permission to move assets.
**How to Stay Safe:**\
Be careful with token approvals. Avoid unknown DApps and suspicious links. Do not approve transactions unless you fully understand them.
***
#### Zero Transfer Scam / Address Poisoning / Dusting Attack
**How It Works:**\
Scammers send a zero-value transaction or a very small amount of crypto to your wallet. This may make a scam address appear in your transaction history. The scam address may look similar to one of your real addresses. If you copy the wrong address, you may send funds to the scammer.
**How to Stay Safe:**\
Do not copy addresses from transaction history without checking them. Always verify the full receiving address on your ELLIPAL hardware wallet screen before signing.
Do not interact with unknown small tokens, suspicious NFTs, or strange transactions. Do not visit websites shown in token names, NFT descriptions, or transaction notes.
To better manage these transactions visually in the ELLIPAL App, you can use the **Hide small amount** feature. This helps hide dust-like deposits from your view.
***
#### Fake Investment / High-Yield Scams
**How It Works:**\
Scammers promise guaranteed profits, daily income, mining rewards, trading bots, or “risk-free” investment opportunities. They may ask users to send crypto to a platform or wallet controlled by the scammer.
**How to Stay Safe:**\
Be careful with anyone promising guaranteed returns. ELLIPAL protects your private keys, but it cannot recover funds that you willingly send to a scam address.
***
#### QR Code Wallet Creation Scam
**How It Works:**\
Scammers may pretend to be an exchange, customer support, or a wallet service provider. They may ask users to install the ELLIPAL App and scan QR codes they provide to “create,” “connect,” “activate,” or “receive funds.”
In reality, these QR codes may import wallets that were already created by the scammer. This means the scammer may already have the seed phrase or private keys for those wallets.
If the user transfers funds to the wallet address shown after scanning the QR code, the funds are sent to a wallet controlled by the scammer. The user may see the wallet in the app, but they do not truly control it.
**How to Stay Safe:**\
Never scan QR codes from another person to create or import a wallet.
A real ELLIPAL wallet must be created directly by you on your own ELLIPAL hardware wallet. You should only recover a wallet using your own seed phrase.
ELLIPAL will never ask you to scan QR codes from another person, exchange, or support agent to create, import, activate, or receive funds.
If someone asks you to scan their QR code and then transfer crypto to the wallet address shown in the app, it is a scam.
***
### What to Do If You Encounter a Scam
1. Stop communicating with the scammer immediately.
2. Do not scan any more QR codes or click any links.
3. Do not enter your seed phrase, private key, PIN, or Passphrase anywhere.
4. Save all evidence, including:
* Transaction ID
* Wallet address
* Screenshots
* QR code image
* Website link
* Email address
* Chat history
5. Report the case to your local police or cybercrime department.
6. If your seed phrase, private key, or Passphrase was exposed, create a new wallet immediately and transfer any remaining assets to the new wallet.
***
### FAQ
Can ELLIPAL recover my stolen funds?
No. ELLIPAL cannot recover stolen funds.
Blockchain transactions are irreversible once confirmed. Since ELLIPAL is a self-custody wallet, ELLIPAL does not have access to your wallet, private keys, or seed phrase. This means ELLIPAL cannot move, freeze, cancel, or reverse any transaction.
If your funds were sent to a scammer, please report the case to your local police or cybercrime department and provide the transaction ID.
Can ELLIPAL freeze the scammer’s wallet?
No. ELLIPAL cannot freeze any wallet address.
Blockchain addresses are controlled by private keys. ELLIPAL does not control user wallets, third-party wallets, or scammer wallets.
Can ELLIPAL cancel or reverse a transaction?
No. Once a transaction is confirmed on the blockchain, it cannot be canceled or reversed.
Before signing any transaction, always check the receiving address, amount, network, and transaction details carefully on your ELLIPAL hardware wallet screen.
Can ELLIPAL track the scammer?
ELLIPAL cannot directly identify the owner of a blockchain address.
However, blockchain transactions are public. You can save the transaction ID and wallet address, then provide them to local police, cybercrime authorities, or the exchange involved if the funds were sent to an exchange address.
What should I do if I shared my seed phrase?
If you shared your seed phrase, private key, or Passphrase, your wallet is no longer safe.
You should:
1. Create a new wallet on your own ELLIPAL hardware device.
2. Back up the new seed phrase securely.
3. Transfer any remaining assets from the old wallet to the new wallet as soon as possible.
4. Stop using the exposed wallet permanently.
Do not reuse a leaked seed phrase.
What is the most important safety rule?
Never share your seed phrase, private key, PIN, or Passphrase with anyone.
Never enter them into any website, app, online form, social media message, or customer support chat.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://support.ellipal.com/docs/features-and-advanced-usage/security-and-backup/common-crypto-scams.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.