Skip to main content

I received an email from Exodus asking me to provide my 12-word secret key/password

Be careful of scammers and phishing emails that claim to be from Exodus Support.

If you have received an email that claims to be from Exodus Support asking you to provide your 12-word secret key (also known as a 12-word secret recovery phrase), it is a phishing attempt by scammers trying to steal your crypto.

Be careful, as scammers might try to trick you by using a spoofed email address, making it appear as if the email comes from an @exodus.com or @exodus.io email address.

Exodus does not send unsolicited emails. Exodus staff will never ask you for sensitive information like passwords, private keys, or secret key.

In this article:

Lee este artículo en Español | Read this article in Spanish

What is a phishing email?

A phishing email seems like it's coming from a legitimate platform, but it isn't. It's an attack to get you to click on a link, fill out a form, or download an attachment.

The attacker is trying to install malware on your device or get access to your information to steal your money or crypto.

Be careful, as scammers might try to trick you using a spoofed email address, making it appear like the email comes from support teams like Exodus Support.

Phishing emails often contain links to other websites or request a reply to a different email from the one you see as a sender. These emails may also ask you to send funds to a certain wallet as part of a "backup procedure" or enter your 12-word secret key as part of a "verification process." Never do this! It is a scam.

Never click links or follow instructions in unsolicited emails. Attackers aim for you to share private details such as your 12-word secret key or private keys so they can steal your crypto or pressure you into sending funds to a wallet they control.

Exodus will never ask any of our customers to provide their passwords, private keys, or 12-word secret key, no matter the situation.

Any email you receive asking for such information is an attempt to steal your funds by tricking you into thinking the email is coming from Exodus.

If you receive a scam or phishing email claiming to be from Exodus, please let us know by emailing us at [email protected] or by visiting the messenger (purple chat icon in the bottom-right corner) to start a chat. We take scams and phishing attempts extremely seriously and deeply appreciate any community reporting on attempts to harm our customers.

What should I do if I receive a phishing email?

If you receive a phishing email in your inbox, here are a few actions you can take:

  • Do not open it. It’s best practice never to open unsolicited or suspicious emails.

  • Delete it. Remove the email from your inbox to prevent yourself from accidentally opening the message in the future.

  • Do not click on any links. Links embedded within phishing messages direct you to fake or fraudulent websites that trick you into entering private information.

  • Do not open or download attachments. Attachments in phishing emails may contain malware such as viruses, worms, or spyware that can be installed on your system when opened.

  • Never share your private keys or 12-word secret key with anyone. Anyone with your private keys or 12-word secret key can steal your crypto.

  • Do not send funds. Transactions confirmed on the blockchain are irreversible, so if you send funds to a scammer, retrieving them is not possible.

  • Do not reply. Ignore any requests from the sender, and do not call phone numbers provided in the message.

  • Report it. If you have been sent a phishing email, write to us at [email protected] or visit the messenger (purple chat icon in the bottom-right corner) to start a chat.

How do I protect myself from phishing emails?

Here are a few things you can do to protect yourself from phishing emails:

  • Use a strong spam filter

    • Depending on your mail provider, setting your spam filters a little stronger may make the difference between a message landing in spam versus your inbox.

    • Use services like Gmail's Priority Inbox or Apple's VIP, which figure out the important people for you. However, you'll still get an email if an important person is spoofed, meaning your filters are not 100% reliable.

  • Learn how to spot a phishing email

    • Check and review the header and the sender’s email address. Note that email addresses can easily be spoofed, so they might look completely legitimate.

    • Look out for spelling mistakes.

    • Watch for urgent or suspicious requests. Often, phishing emails will make requests and claim they are urgent to scare the receiver into clicking a link or sharing personal information.

    • Never click on links and don’t open or download attachments from unfamiliar or unverified emails.

    • If an email seems suspicious, you can analyze the message headers to identify the real sender behind a spoofed address. To learn more, visit Google’s security guide: Trace an email with its full headers.

  • Keep your device's anti-virus and security settings updated

    • Regular anti-virus checks and security updates can help maintain a secondary line of defense if something gets past your spam filters.

  • Improve your awareness of scams and good security practices

    • Understanding the risk of phishing attacks and scams goes a long way to keeping you and your funds secure. Awareness of the most common scams and phishing attacks in the crypto space significantly impacts your ability to avoid them. You can check out these articles to learn more:

Related Articles
How do I sync my Exodus wallet to a different device?
How do I contact Exodus Support?
Which domains does Exodus use?
What crypto scams should I watch out for?
How do I protect myself from Jaxx wallet and website scams?
Did this answer your question?