Topic: scammers using Exodus wallet fake email (Read 323 times)
It's important I posted about Exodus wallet fake emails. Exodus Wallet didn't send emails asking for seeds or passwords. Telling ppl about the fake emails was important so it's done I'll lock the thread.
I don't know how it is now, especially when they offer a third-party built-in exchange on the wallet. I dont if its still there.
I am guessing they offer some sort of instant swaps like many other wallets that have built-in exchanges. Instant exchanges are custodial. Some services like ChangeNOW like to falsely claim they are non-custodial or "free of custody" as they say. They are not. You need to deposit your coins into their addresses, and they hold the keys. Not only that, but your crypto could get frozen, and you could be asked to undergo KYC, explain the source of funds, explain how you got them, etc., etc. If we were talking about non-custodial services, you could then recover your coins, show them the middle-finger, and go elsewhere. But you can't. 
which makes me think that Exodus was once a custodial service.
I always thought that they are because of this recovery process. I don't know how it is now, especially when they offer a third-party built-in exchange on the wallet. I dont if its still there. I don't know, it is sent to the user's email after creating a wallet, only if the user input an email for the recovery purpose[1]
This seems to be an old recovery feature that you could use to regain access to your Exodus wallet if you installed the software on a different computer, for example, or if it stopped working on your current one. But if you have your seed, the email recovery feature isn't needed. They don't mention that you need a wallet file for successful recovery, which makes me think that Exodus was once a custodial service. 
I've received fake emails from scammers pretending they're from Metamask. All they're after is for seeds or passwords to steal your money. I remember it had phishing links so I reported it. I should've put that info in a thread as a warning. Your idea for bookmarking official sites should protect users from risks so we should be doing it.
Yes add all scamming attempt faced by you to aware Bitcointalk family. actually scammers using different techniques and as a crypto user we should know every tricked they use to cheat people. I think Google should also now work on verified mail sign just like twitter to make it secure somehow. This verification sign should be given to only big company used for funding and business.
Bookmarking all big projects, exchanges ,wallets official site is very necessary because google will show promotional ads on the top and 99% are phising sites which will clean your wallet after connecting. sometimes we directed to these sites in hurry which cause big loss.
I've received fake emails from scammers pretending they're from Metamask. All they're after is for seeds or passwords to steal your money. I remember it had phishing links so I reported it. I should've put that info in a thread as a warning. Your idea for bookmarking official sites should protect users from risks so we should be doing it.
If you receive the same email don't click or you'll be diverted to a scam site. You'll be threatened with funds being seized if you don't deliver your Exodus Wallet private key. They're scaring people with lies so if you've received it delete it. Don't worry nothing will happen as long as you don't click.
One of the common and old attempt of the scammers to scam people. I also recieved mails from fake Metamask email to update my Metamask because old Metamask has malware. when I clicked on this site , its asking for paraphrase which is clear scam. Thanks for sharing here to keep aware Bitcointalk community and i hope no one will be fool to trust on these mails.
we should always download app from official store and also bookmark official sites, official Twitter account and should not believe on any mail, sms or any attempt which is not related to official one.
If you receive the same email don't click or you'll be diverted to a scam site. You'll be threatened with funds being seized if you don't deliver your Exodus Wallet private key. They're scaring people with lies so if you've received it delete it. Don't worry nothing will happen as long as you don't click.
One of the common and old attempt of the scammers to scam people. I also recieved mails from fake Metamask email to update my Metamask because old Metamask has malware. when I clicked on this site , its asking for paraphrase which is clear scam. Thanks for sharing here to keep aware Bitcointalk community and i hope no one will be fool to trust on these mails.
we should always download app from official store and also bookmark official sites, official Twitter account and should not believe on any mail, sms or any attempt which is not related to official one.
If you receive the same email don't click or you'll be diverted to a scam site. You'll be threatened with funds being seized if you don't deliver your Exodus Wallet private key. They're scaring people with lies so if you've received it delete it. Don't worry nothing will happen as long as you don't click.
One of the common and old attempt of the scammers to scam people. I also recieved mails from fake Metamask email to update my Metamask because old Metamask has malware. when I clicked on this site , its asking for paraphrase which is clear scam. Thanks for sharing here to keep aware Bitcointalk community and i hope no one will be fool to trust on these mails.
we should always download app from official store and also bookmark official sites, official Twitter account and should not believe on any mail, sms or any attempt which is not related to official one.
I don't use Exodus wallet so didn't know how their users restore wallets. Users giving emails addresses to wallet providers isn't safe that option shouldn't be available. Scammers are attempting to extract seeds from users from phishing links. They're sending bulk emails with expectations of catching Exodus users to entrap.
Yes Exidos wallet is a non-custodial wallet so this email is meaningless, as long as you have control of your keys there is no fear.
Of course, trolls try to scare people who think that something may have happened to the wallet, so they may visit the phishing link out of curiosity to see what is going on.
But the point I would make in general is why people put their coins into a wallet that requires login or email or KYC or any of those things, the wallet should be fully decentralized.
Of course, trolls try to scare people who think that something may have happened to the wallet, so they may visit the phishing link out of curiosity to see what is going on.
But the point I would make in general is why people put their coins into a wallet that requires login or email or KYC or any of those things, the wallet should be fully decentralized.
But the point I would make in general is why people put their coins into a wallet that requires login or email or KYC or any of those things, the wallet should be fully decentralized.
Exchanges are often described as centralized or decentralized, as you need a third party to exchange betwwen crypto and crypto to fiat.wallets are described as closed source, open source, or non-custodial, custodial, but if the wallet is central (you need to connect to a central node), it is still safe if your private key generated in true random entropy and in clean opensource OS, the only problem here is privacy.
People use Exodus wallet because of the paid articles that appear when you search using keywords like BEST BITCOIN WALLET OR MILTICRYPTO WALLET and it's attractive but after a while you'll notice that its fees are high, it's closed source, and has no privacy.
It is used as an email backup for recovery purposes. Using a non-custodial open source wallet is the most recommended one. No email required, no need to rely on the company/developers knowledge for recovery/installation, just your secured device for it to install and use.
Do you know this for a fact or is it an educated guess? Exodus is a closed-source wallet but it's non-custodial.You control your keys, so what kind of sensitive information would they be storing and sending via email for recovery?
I don't know, it is sent to the user's email after creating a wallet, only if the user input an email for the recovery purpose[1][1] https://www.exodus.com/support/article/39-how-do-i-restore-from-email-backup#
I relay the most on trustwallet.
Your choice of wallet isn't much better either. If you are using it as a multicoin mobile wallet, then ok. You don't really have many good alternatives. If you store bitcoins in it, then you could do much better. It is used as an email backup for recovery purposes. Using a non-custodial open source wallet is the most recommended one. No email required, no need to rely on the company/developers knowledge for recovery/installation, just your secured device for it to install and use.
Do you know this for a fact or is it an educated guess? Exodus is a closed-source wallet but it's non-custodial. You control your keys, so what kind of sensitive information would they be storing and sending via email for recovery?And the other thing at the end of this message is that they say that they can block the account of users who avoided doing what they sent them and seize all their funds. Exodus cannot, and nobody can't do this because Exodus Wallet does not store personal information, and any user has full control over his wallet and its security. "Your keys, your crypto"
In theory, yes, they shouldn't have any way to do that. But like with any other closed-source wallet, no one but the developers know. 
Yes Exidos wallet is a non-custodial wallet so this email is meaningless, as long as you have control of your keys there is no fear.
Of course, trolls try to scare people who think that something may have happened to the wallet, so they may visit the phishing link out of curiosity to see what is going on.
But the point I would make in general is why people put their coins into a wallet that requires login or email or KYC or any of those things, the wallet should be fully decentralized.
Of course, trolls try to scare people who think that something may have happened to the wallet, so they may visit the phishing link out of curiosity to see what is going on.
But the point I would make in general is why people put their coins into a wallet that requires login or email or KYC or any of those things, the wallet should be fully decentralized.
We've seen scammers using spoof emails they won't stop so I've stopped clicking links in emails. That's how malware spreads. I'll paste the link address to Tor only if I'm concerned or else I don't waste energy leaving it in the spam folder.
Only a centralized and custodial-based wallet, will send you an email about updates but you're not going to receive it when it's a non-custodial wallet, when I was using Exodus, all updates are on the wallet you'll get a notification within the wallet, They've spoofed it with fake email I'm sure it isn't theirs it's a company brand they're stealing.
Even if they are sent to you from [email protected], you should be careful not to trust the links listed.The only time I communicated with the Exodus team is when I faced an issue, after the issue on their third-party exchange I shifted to a more secure wallet and hardware wallet, they may have a lot of features and keeps adding more but their being A close source is something to worry about, you can use it for a fast transaction but never as storage.
It is unfortunate that newbies are the preys falling victim of these nefarious act by scammers. Since they are new to the system, they would be desperate coupled with fear of missing out and without their consciousness get trapped in situations like this and before they can realise themselves, it's already late and the deed has been done.
One needs to be careful these days the way they open and click links because you clicking a link you have no idea about makes you curious to know about what you have clicked and in so doing that, you just might get hooked up in the process. Possibly if not access to your wallet, your details might be stolen through your saved password through your web browser.
Scammers are every where online looking for loopholes to carry out their dirty acts and as such, one needs to be careful. Avoid links you have no knowledge about and if you must click it do some research on it as it would cost you nothing to be on the safe side rather than being a victim.
Well done for this exposure OP.
One needs to be careful these days the way they open and click links because you clicking a link you have no idea about makes you curious to know about what you have clicked and in so doing that, you just might get hooked up in the process. Possibly if not access to your wallet, your details might be stolen through your saved password through your web browser.
Scammers are every where online looking for loopholes to carry out their dirty acts and as such, one needs to be careful. Avoid links you have no knowledge about and if you must click it do some research on it as it would cost you nothing to be on the safe side rather than being a victim.
Well done for this exposure OP.
We've seen scammers using spoof emails they won't stop so I've stopped clicking links in emails. That's how malware spreads. I'll paste the link address to Tor only if I'm concerned or else I don't waste energy leaving it in the spam folder.
They've spoofed it with fake email I'm sure it isn't theirs it's a company brand they're stealing.
Even if they are sent to you from [email protected], you should be careful not to trust the links listed.
They've spoofed it with fake email I'm sure it isn't theirs it's a company brand they're stealing.
Even if they are sent to you from [email protected], you should be careful not to trust the links listed.After news of Atomic wallet hack I wouldn't stop with Exodus wallet I'd advise eyes open before sending cryptocurrency to wallets.
I don't understand your point, you mean a closed source wallet correct? or just use an open source well reviewed wallet.
These wallets are an option for beginners because of the attractive UI, in addition to the paid articles, as if you search for keywords such as BEST BITCOIN WALLET, you will find many articles recommending you to use the Exodus wallet.
It's a closed source wallet, nevertheless if you have used Exodus before, you know that their fees are not fair as it is very high so that is another turn off for this wallet. As for the the emails, for sure it was harvested or could come from other hacks that is related to crypto and that's why people here are receiving such emails. In any case we should be aware that this is an obvious scam attempts and we shouldn't click any link from unknown sources.
They've spoofed it with fake email I'm sure it isn't theirs it's a company brand they're stealing.
Even if they are sent to you from [email protected], you should be careful not to trust the links listed.After news of Atomic wallet hack I wouldn't stop with Exodus wallet I'd advise eyes open before sending cryptocurrency to wallets.
I don't understand your point, you mean a closed source wallet correct? or just use an open source well reviewed wallet.
These wallets are an option for beginners because of the attractive UI, in addition to the paid articles, as if you search for keywords such as BEST BITCOIN WALLET, you will find many articles recommending you to use the Exodus wallet.
It would be nice if you can tell us from which address this email came from.
They've spoofed it with fake email I'm sure it isn't theirs it's a company brand they're stealing. The link's to figsworld.com but the emails from "Exodus Support" <[email protected]>Avoid Exodus wallet.
After news of Atomic wallet hack I wouldn't stop with Exodus wallet I'd advise eyes open before sending cryptocurrency to wallets.
The idea that there is a bulit in exchange within the platform and to the extent that it facilitates a lot of things, it is harmful for beginners as you send your money to a third party application that will freeze it according to the terms of use. The wallet is not responsible for any fraud that happens to you, in addition to the great damage to privacy and the possibility of being exposed to phishing attacks.
All this leads us to the idea that the wallet is closed source and has control over the synchronization of addresses, with the ease of cracking the PIN.
Here a blogger proves how hackers can easily extract the private key from Exodus wallet.
https://www.upsightsecurity.com/post/hot-wallets-during-crypto-winter
Avoid Exodus wallet.
All this leads us to the idea that the wallet is closed source and has control over the synchronization of addresses, with the ease of cracking the PIN.
Here a blogger proves how hackers can easily extract the private key from Exodus wallet.
https://www.upsightsecurity.com/post/hot-wallets-during-crypto-winter
Avoid Exodus wallet.
I don't even understand why would a "wallet" collect users emails or names. Luckily I never used this exudes wallet. I relay the most on trustwallet.
It was the old backup method they used (before version 19.2.1)[1] seems to have been removed now.Actually it doesn't matter if you are an exodus user or not, scammer spam attacks are usually sent randomly. And don't think that they couldn't possibly send you a similar email on behalf of Trustwallet if you ever reveal your email.
1. https://www.exodus.com/support/article/39-how-do-i-restore-from-email-backup
If you receive the same email don't click or you'll be diverted to a scam site. You'll be threatened with funds being seized if you don't deliver your Exodus Wallet private key. They're scaring people with lies so if you've received it delete it. Don't worry nothing will happen as long as you don't click.
Quote from: exodus.com link=topic=https://www.exodus.com/support/article/37-how-do-i-get-started-with-exodus
As a non-custodial wallet, Exodus gives you the power to control your digital wealth. This is why we do not store any of your personal information, or your wallet files, on our servers. This way nobody will ever be able to freeze, seize, or access your funds.
The solution is to ignore these messages and move them on to the junk. 
I don't even understand why would a "wallet" collect users emails or names. Luckily I never used this exudes wallet. I relay the most on trustwallet.
Emails can be collected from anywhere, especially scam exchanges and airdrop sites and then used to send out this phishing linksThey have issued several warnings about this happenings, I guess some newbies still fall for the scams
If you have received an email from [email protected], [email protected], or any other @exodus.io email, asking you to provide your secret 12-word secret recovery phrase or password, you can be 100% certain that this is a phishing attempt and someone is trying to steal your cryptocurrency. Exodus does not send unsolicited emails requesting to verify accounts. Exodus is a self-custodial wallet that does not have accounts. Exodus has no control over your funds or your access to them. You are in full control.
What should I do if I receive a phishing email?
If you receive a phishing email in your inbox, here are a few actions you can take:
1. Do not open it. In some cases, the act of opening the phishing email may cause you to compromise your security.
2. Do not send any funds. Transactions confirmed on the blockchain are irreversible, so if you send funds to a scammer, you wouldn’t be able to retrieve your funds.
3. Delete it immediately to prevent yourself from accidentally opening the message in the future.
4. Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware.
5. Never click links that appear in the message. Links embedded within phishing messages direct you to fraudulent websites.
6. Do not reply to the sender. Ignore any requests the sender may solicit, and do not call phone numbers provided in the message.
7. Report it. Let us know if you have been sent a phishing email by writing to us at [email protected].
8. Send us the .eml or .txt file. This might help us put a stop to the scammers. Here is an article that can help: How do I export an email as an EML file?
If you receive a phishing email in your inbox, here are a few actions you can take:
1. Do not open it. In some cases, the act of opening the phishing email may cause you to compromise your security.
2. Do not send any funds. Transactions confirmed on the blockchain are irreversible, so if you send funds to a scammer, you wouldn’t be able to retrieve your funds.
3. Delete it immediately to prevent yourself from accidentally opening the message in the future.
4. Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware.
5. Never click links that appear in the message. Links embedded within phishing messages direct you to fraudulent websites.
6. Do not reply to the sender. Ignore any requests the sender may solicit, and do not call phone numbers provided in the message.
7. Report it. Let us know if you have been sent a phishing email by writing to us at [email protected].
8. Send us the .eml or .txt file. This might help us put a stop to the scammers. Here is an article that can help: How do I export an email as an EML file?
If you receive the same email don't click or you'll be diverted to a scam site. You'll be threatened with funds being seized if you don't deliver your Exodus Wallet private key. They're scaring people with lies so if you've received it delete it. Don't worry nothing will happen as long as you don't click.
It would be nice if you can tell us from which address this email came from.
I don't even understand why would a "wallet" collect users emails or names. Luckily I never used this exudes wallet. I relay the most on trustwallet.
The email and the case OP presented have nothing to do with the Exodus wallet and it doesn't make the Exodus wallet untrustworthy.
A similar type of scam used to happen in Binance P2P where the scammer send the paying details through an email that isn't from the Binance and ask them to release the funds before the transaction actually happen. (this does not make Binance untrustworthy too).
Two months ago, one of their staff did affirm they were receiving more phishing reports so there's a good chance more people are receiving/received phishing emails. But I guess you could also say more people were merely reporting. Food for thought lol.
In any case, if you have time, you could try to report the email to Exodus because they're encouraging people to do so. Perhaps they're trying to take down scam domains or something.
See:
In any case, if you have time, you could try to report the email to Exodus because they're encouraging people to do so. Perhaps they're trying to take down scam domains or something.
See:
Hey there! We have seen an uptick in reports of phishing emails recently. If you could forward these emails to [email protected], we can take action against them. Thanks!
Although trustwallet seems to be self custodian too, I think you don’t need to actually rely on them because they aren’t open source. And with multiple reports that it was/has been acquired by Binance which is a centralized platform then it is a thing of concern. Also there was trustwallet had issues early this year where they lost people’s funds although there were refunded, but still I wouldn’t trust them. The best thing is to follow PX-Z advice
I don't even understand why would a "wallet" collect users emails or names. Luckily I never used this exudes wallet. I relay the most on trustwallet.
I don't even understand why would a "wallet" collect users emails or names. Luckily I never used this exudes wallet. I relay the most on trustwallet.
It is used as an email backup for recovery purposes. Using a non-custodial open source wallet is the most recommended one. No email required, no need to rely on the company/developers knowledge for recovery/installation, just your secured device for it to install and use. 
You did not mention the email address but I'm sure it will not come from the official email of Exodus I always check the source of the email if the extension comes from the domain, like [email protected], and besides legit wallets will not send a link to open your wallet, they will ask you to open your wallet on your own, I never receive emails coming from Exodus and I don't use their exchange or send them a support ticket.
This is an old trick and something that will not go away because scammers are still getting victims to this kind of scheme.
This is an old trick and something that will not go away because scammers are still getting victims to this kind of scheme.
Exodus wallet isn't safe if the source code can't be analysed you can't recommend it to friends but the email isn't from them. The email's sent by scammers attempting to scare people to surrender their key. They don't know who's using Exodus Wallet they're spamming with emails.
That said, exodus is a close source wallet but people supposed to be using open source wallet.
I don't even understand why would a "wallet" collect users emails or names. Luckily I never used this exudes wallet. I relay the most on trustwallet.
If you just use Exodus for receiving and sending coins, you do not need email. If you want to buy coins, you wilh need to get verified by the third party site that you want to use. Maybe that is how the email is known and they are careless about it. That said, exodus is a close source wallet but people supposed to be using open source wallet.
I don't even understand why would a "wallet" collect users emails or names. Luckily I never used this exudes wallet. I relay the most on trustwallet.
If you just use Exodus for receiving and sending coins, you do not need email. If you want to buy coins, you wilh need to get verified by the third party site that you want to use. Maybe that is how the email is known and they are careless about it. That said, exodus is a close source wallet but people supposed to be using open source wallet.
I don't even understand why would a "wallet" collect users emails or names. Luckily I never used this exudes wallet. I relay the most on trustwallet.
If you receive the same email don't click or you'll be diverted to a scam site. You'll be threatened with funds being seized if you don't deliver your Exodus Wallet private key. They're scaring people with lies so if you've received it delete it. Don't worry nothing will happen as long as you don't click.
Jump to: