Why not just use text-message (SMS) codes for 2FA?

Because a SIM swap can move your phone number to an attacker's SIM, and then the text codes arrive on their phone. An authenticator app keeps the codes on your device, where a SIM swap can't reach them.

A 'wallet sync' screen is asking for my seed phrase. Is that normal?

No. A real wallet shows you the seed once when you first set it up and never asks for it again. Any app, site, or chat that asks you to type your seed phrase is trying to take your money.

Can an app really mine crypto on my phone?

Not in any way that pays you. Apps that claim to mine on a phone usually just show ads and a fake balance. Real mining of major coins needs special hardware, not a phone.

I sent crypto to the wrong address. Can I get it back?

Almost never. Blockchain transactions can't be reversed and there is no chargeback, so checking the address before you send is the only real protection.

🧭 Guide 🔰 Beginner 🪜 Step by step

🛡️ How to Avoid Crypto Scams on Your Phone Avoid Mobile Scams

Set up your phone once so a scammer can't drain your crypto, then keep a few habits every time you send.

Most people keep their crypto on a phone, so that's where attackers look. A blockchain transfer can't be reversed and there is no chargeback, so the whole game is stopping a theft before it happens. The eight steps below are the routine, in order.

1Install crypto apps only from official sources

Open the company's official website and tap its download link, instead of typing the name into the app store and trusting the top result. Fake copies of exchange and wallet apps sit in stores to steal your login or seed phrase. In 2018, fake versions of one exchange's app appeared on Google Play before the real launch.

Before installing, check the developer name, the download count, and the reviews. Be wary of both a wall of scam complaints and a suspicious wall of perfect five-star reviews.

Never sideload APK files or pirated apps. That's the main way clipboard-swapping malware gets onto a phone.
2Turn on 2FA with an app or hardware key, not SMS

Use two-factor authentication, but pick the right kind. An authenticator app (Google Authenticator, Authy, Aegis) keeps the codes on your device. A hardware key (YubiKey, Google Titan) goes one further and checks that you're on the real site.

Avoid text-message (SMS) codes. They travel on old phone-network plumbing and can be stolen through a SIM swap, which is the next step's problem.
3Lock down your phone carrier account

A SIM swap is when someone talks your carrier into moving your number to their SIM, then catches the codes meant for you. Most cases are social engineering, not technical hacking. Call your carrier and add a port-out PIN or passcode, or ask that number changes be done in person only.
4Protect your seed phrase and private keys

Your seed phrase is the master backup for your wallet. A real wallet shows it to you once at setup and never asks again. So treat any later request to type it (a "validation," "sync," or "migration" screen) as theft.

Write it on paper and keep it offline. For larger amounts, a hardware wallet keeps the keys off the phone entirely.
5Verify the whole address and send a test amount

Before every send, read the entire recipient address, not just the first and last few characters. Two attacks count on you skipping this: clipboard malware quietly swaps the address you copied, and address poisoning plants a look-alike address in your history hoping you reuse it.

Sending to a new address? Send a tiny test amount first, confirm it arrives, then send the rest.
6Read every transaction prompt before signing

When an app asks you to sign or approve something, read it. A drainer works by getting you to approve spending your tokens, so reject any "approve" or token-allowance request you didn't expect. From time to time, open your wallet's approvals list and revoke old ones you no longer use.
7Keep your phone updated and watch for cryptojacking

Keep your phone's operating system and apps updated, since patches close the holes attackers use. If your phone suddenly runs hot or the battery drains fast, an app may be secretly mining in the background. Find the culprit and remove it.
8Avoid public WiFi for crypto

Open public WiFi can expose what you do on it, so don't sign in to an exchange or move funds on it. Use your mobile data or a trusted VPN instead.

⚠️ Common mistakes that get people drained

📲 Trusting the top app-store result instead of the official-site link
📩 Leaving 2FA on SMS, or reusing one phone number to recover everything
🔑 Typing the seed phrase into a "sync" or "validation" screen
✍️ Blind-signing transactions and unlimited token approvals
⛏️ Believing a phone app can "mine" or hand out free crypto
📡 Doing crypto on public WiFi, or ignoring a phone that runs hot
📣 Bragging online about how much crypto you hold

If a message pushes you to act fast (a giveaway, a "double your crypto" offer, an "update or lose funds" warning), slow down. When unsure, do nothing.

❓ FAQ

Why not just use text-message (SMS) codes for 2FA?: Because a SIM swap can move your phone number to an attacker's SIM, and then the text codes arrive on their phone. An authenticator app keeps the codes on your device, where a SIM swap can't reach them.
A 'wallet sync' screen is asking for my seed phrase. Is that normal?: No. A real wallet shows you the seed once when you first set it up and never asks for it again. Any app, site, or chat that asks you to type your seed phrase is trying to take your money.
Can an app really mine crypto on my phone?: Not in any way that pays you. Apps that claim to mine on a phone usually just show ads and a fake balance. Real mining of major coins needs special hardware, not a phone.
I sent crypto to the wrong address. Can I get it back?: Almost never. Blockchain transactions can't be reversed and there is no chargeback, so checking the address before you send is the only real protection.

⚠️ Common mistakes that get people drained

❓ FAQ

🔗 Related