Security Is Your Responsibility in Web3

In traditional finance, banks and institutions can reverse fraudulent transactions and recover your account if you lose access. In Web3, you are your own bank — which means security is entirely your responsibility. There are no chargebacks, no customer support that can recover stolen funds, and no second chances after a compromised seed phrase.

This guide covers the most important security practices for Pera Wallet and Algorand users.

The Golden Rule: Protect Your Seed Phrase

Your 25-word seed phrase (also called a recovery phrase or mnemonic) is the master key to your wallet. Whoever has it controls your funds — permanently and irrevocably.

What You Should ALWAYS Do

  • Write it down by hand on paper immediately after creating your wallet
  • Store it in a physically secure location (e.g., a safe, a lockbox)
  • Consider making a second physical copy stored in a different location
  • Use a metal backup solution for fire/water resistance if your holdings are significant

What You Should NEVER Do

  • Never take a screenshot of your seed phrase
  • Never store it in cloud storage (Google Drive, iCloud, Dropbox)
  • Never type it into any website, dApp, or form — legitimate services will never ask for it
  • Never share it with anyone, including "support staff" or "Pera representatives" online
  • Never store it in a notes app, email, or messaging platform

Recognizing Common Crypto Scams

1. Fake Support Scams

Scammers frequently pose as wallet support staff in Discord, Telegram, or Twitter DMs. They'll claim your wallet has an issue and ask you to "verify" it by entering your seed phrase on a fake website. No legitimate support team will ever ask for your seed phrase.

2. Phishing Websites

Fake websites that mimic Pera Wallet, Tinyman, or other Algorand dApps are designed to steal your credentials. Always:

  • Double-check the URL before connecting your wallet
  • Bookmark official sites and use those bookmarks — don't click links in DMs or emails
  • Look for slight misspellings (e.g., "perawalllet.app" vs "perawallet.app")

3. Airdrop Scams

If you receive unexpected tokens in your wallet promising large rewards for "claiming" them — be very cautious. Interacting with malicious smart contracts linked to scam tokens can drain your wallet. Do not interact with unsolicited token airdrops.

4. Social Media Impersonation

Fake accounts impersonating Pera, Algorand Foundation, or prominent community members will often promote fake giveaways ("send 1 ALGO, receive 10 back"). These are always scams.

Best Practices for Daily Wallet Use

  • Use a PIN or biometrics to lock your Pera Wallet app
  • Review transaction details carefully before approving — check amounts, addresses, and the requesting dApp
  • Revoke unused dApp connections regularly in WalletConnect settings
  • Keep the app updated to receive the latest security fixes
  • Use a hardware wallet (e.g., Ledger via Pera Web) for large holdings

What to Do If You've Been Compromised

If you believe your seed phrase has been exposed, act immediately:

  1. Create a brand new wallet with a fresh seed phrase
  2. Transfer all assets to the new wallet as quickly as possible
  3. Do not reuse the compromised wallet
  4. Report scam sites/accounts to the relevant platforms

Speed is critical — once an attacker has your seed phrase, they can act at any time.