Need a crypto wallet that gives you full control of your assets? You can download Exodus here.
Only download Exodus from the official website: https://www.exodus.com/download.
In this article:
How do I make sure I install the official Exodus app?
To keep your crypto safe, only download the official Exodus app and avoid downloading a fake app that could put your funds at risk.
When installing Exodus, always download it from our official website: https://www.exodus.com/download.
In this article, we'll review the steps you can take to verify that you are installing the official Exodus Mobile, Exodus Desktop, or Exodus Web3 Wallet app.
Mobile
To ensure you're installing the official Exodus Mobile app, only download Exodus from the official listing in the Apple App Store or Google Play.
You can find the official links on the Exodus download page, or use the links below:
iOS: Exodus on the App Store
Android: Exodus on the Google Play Store.
Never download Exodus Mobile from unofficial websites or app stores, and watch out for fake Exodus websites or app store listings.
Desktop
Keybase is a third-party platform that is not affiliated with Exodus. As such, Exodus cannot guarantee the performance of its products/services or that the steps shown and the information provided will always be accurate.
What are release hashes?
The release hash is a fingerprint generated from the contents of an installer file. Two installers will only share the same release hash if the files are identical.
By comparing the release hash of the Exodus installer you downloaded with the official list of release hashes published on our website, you can confirm that the installer is authentic and has not been tampered with.
The official list of release hashes is also signed with a PGP signature, so you can also verify that Exodus created and published the list.
In addition, every Exodus installer is digitally signed with our official developer signature. This lets you check that the file came from Exodus.
In the sections below, we'll review how to verify the developer signature and the release hashes for Exodus Desktop on macOS, Windows, and Linux.
MacOS
Mac users benefit from a built-in system called Gatekeeper that checks app signatures.
Unless Gatekeeper has been disabled, it automatically verifies an app’s developer signature each time you open it.
When opening Exodus, if macOS warns you that the application is from an unidentified developer, do not open it. You may have downloaded an unsigned or illegitimate copy of Exodus.
If you would rather verify the Exodus installer manually, here's how:
Once you have downloaded the Exodus installer, open the Terminal app in macOS and type the following command, but don't press Enter.
codesign -dv --verbose=4 PATH_TO_EXODUS_INSTALLER
ReplacePATH_TO_EXODUS_INSTALLERwith the location of your downloaded Exodus installer. To fill in the path, drag and drop your installer into Terminal to fill in the path.
Here's an example of what the command might look like:
Please note that Terminal might ask for permission to access the folder where your installer is stored.
Press Enter. Terminal should print out the developer certification information. Look specifically for the lines shown below and make sure your certificate matches that exactly:
Authority=Developer ID Application: Exodus Movement Inc (VK5Q293EVL)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
For an additional check, you can verify the installer's SHA256 release hash.
To do that, in the Terminal app, enter the following command, but don't press Enter.
openssl dgst -sha256 PATH_TO_EXODUS_INSTALLER
ReplacePATH_TO_EXODUS_INSTALLERwith the location of your downloaded Exodus installer. Drag and drop your installer into Terminal to fill out the path.
Here's an example of what the command might look like:
Press Enter. Exodus will show you the release hash of your installer.
To verify this is an authentic release hash, go to the Exodus download page and click Release Hashes.
The SHA256 hash you saw in the Terminal in step 4 should match the release hash for the exact macOS installer you downloaded.
Once you are sure the SHA256 hash matches, you can also verify that the list of release hashes itself is authentic. To do that, copy all of the text.
Go to the website https://keybase.io/verify and a) paste the text, then b) click Verify.
If the list of release hashes is authentic, you will see the message Signed by exodusmovement.
Windows
Once you have downloaded the Exodus installer, find the install file, a) right-click on it, and click b) Properties.
a) Select the Digital Signatures tab. b) Click on the Exodus signature to view more details. c) If the installer is authentic, you should see Exodus Movement, Inc. as the signer.
For an additional advanced check, you can verify the installer's SHA256 release hash.
To do that, open the Command Prompt app in Windows, and type the following command, but don't press Enter.
certutil -hashfile PATH_TO_EXODUS_INSTALLER sha256
ReplacePATH_TO_EXODUS_INSTALLERwith the location of your downloaded Exodus installer. To fill in the path, find your installer and drag and drop it into the Command Prompt to fill out the path.
Before you press Enter, make sure thatsha256is attached at the end of the command.
Here's an example of what the command might look like:
Press Enter. Exodus will show you the release hash of your installer.
To verify this is an authentic release hash, go to the Exodus download page and click Release Hashes.
The SHA256 hash you saw in the Command Prompt in step 4 should match the official release hash for the .exe installer that is published on the Exodus website.
Once you are sure the SHA256 hash matches, you can also verify that the list of release hashes itself is authentic. To do that, copy all of the text.
Go to the website https://keybase.io/verify and a) paste the text, then b) click Verify.
If the list of release hashes is authentic, you will see the message Signed by exodusmovement.
Linux
Linux users with GnuPG and Curl installed can verify the authenticity of a downloaded Exodus installer with a simple two-line script. Here's how:
Once you have downloaded the Exodus installer, go to the Exodus download page https://www.exodus.com/download and click Release Hashes.
Copy the URL.
Open the Terminal app in Linux. And enter the following command, but don't press Enter.
curl -s URL_TO_RELEASE_HASHES grep linux ; shasum -a 256 PATH_TO_EXODUS_INSTALLER
Modify the following parts of the command:URL_TO_RELEASE_HASHES: Replace this with the URL you copied in step 2.
PATH_TO_EXODUS_INSTALLER: Replace this with the location of your downloaded Exodus installer. To fill in the path, find your installer and drag and drop it into the Terminal to fill out the path.
Here's an example of what the command might look like:
After entering the command, press Enter. The Terminal will show three hashes.
a) The first two are the official release hashes for the Linux .deb and .zip installers published on the Exodus website.
b) The third is the release hash of your Exodus installer. If your installer is authentic, it should match exactly one of the first two official release hashes, depending on whether you installed the .deb or .zip installer.
Web3 Wallet
To ensure you're installing the official browser extension, only download Exodus Web3 Wallet from the official Chrome Web Store listing.
You can find the link on the Exodus download page. For the steps on how to install, visit the guide:
Never download Exodus Web3 Wallet from any unofficial websites or app stores, and watch out for fake Exodus websites or app store listings.
What standard does Exodus use for the version numbers?
Exodus uses a date-based system for the version numbers.
Exodus version numbers are formatted as YY.M.D:
YY = the year
M = the month
D = the day of the month
For example, the Exodus version 26.1.14 was released on January 14, 2026.