Skip to Content
DocumentationCrypto BasicsStaying Safe

Staying Safe

Crypto is irreversible and self-custodial, which is exactly why scammers target it: there’s no bank to reverse a fraudulent transfer. The good news is that almost every theft comes down to a few repeatable tricks, and a handful of habits defeat all of them.

The golden rules

  1. Never share or type your recovery phrase. Not into a website, a “support agent” chat, a wallet-import box, or an app. No legitimate person or tool ever needs it. This single rule stops the majority of thefts. (Why →)
  2. Verify every address and amount on the device screen. Your computer can be lying; the KeepKey screen cannot be changed remotely. Read the whole address, not just the ends. (How →)
  3. Buy your device from official sources and let it verify genuine, signed firmware on first boot. (Why →)
  4. Keep firmware current. Updates close known issues, and KeepKey only installs firmware cryptographically signed by KeepKey. (How →)

Scams to recognize

  • Phishing sites & emails — fake “KeepKey” or “wallet” pages that ask you to “validate” or “import” your recovery phrase. Real setup shows the phrase on the device; it never asks you to type it into a browser.
  • Fake support — someone in a chat, DM, or search ad posing as support, steering you toward entering your phrase or installing software. Real support will never ask for your phrase.
  • Address poisoning — an attacker sends you a tiny transaction from an address that looks like one you’ve used, hoping you’ll copy it from your history later. Always pull addresses from the source, and verify on-device.
  • Clipboard malware — software that swaps a copied address for the attacker’s the instant you paste. On-device verification catches this every time.
  • Fake firmware / apps — altered downloads. KeepKey’s bootloader refuses any firmware not signed by KeepKey, so this fails on a genuine device.
  • “Send 1, get 2 back” / giveaway scams — there is no free money. Anyone promising returns for a deposit is stealing it.

Why a KeepKey helps

A hardware wallet doesn’t make you immune — you are still the last line of defense — but it removes the easy attacks. Keys never leave the device, so remote malware can’t read them. Every transfer needs a physical button press, so nothing moves silently. And the device’s own screen is a source of truth your compromised computer can’t fake.

On your KeepKey

  • The full, honest threat model and the fixes for every disclosed issue: Security.
  • The verification habit that defeats clipboard malware and address poisoning: Verifying Transactions.
  • Quick answers to “did I mess up?” moments: FAQ.
Last updated on
PIN & PassphraseGlossary