Most ENS scams come down to three attacks: a malicious transaction you approve in your wallet, a recovery phrase you type into a fake login, or funds you send to the wrong address. Six rules block almost all of them.
Good to know
Never share your 12- or 24-word recovery phrase. ENS will never ask, and neither will any real wallet.
ENS has no active airdrops. The only one ended May 2022.
Official ENS sites are under
ens.domains.ens.devandens.xyzare used for testing and supporting tools.ENS support will never DM you first. Anyone who reaches out claiming to be ENS support isn't.
The six rules that catch most scams
Rule | What it blocks |
Read every wallet pop-up before you approve. The transaction details have to match what you're trying to do. | Fake mints · approval traps · "claim airdrop" pages |
Never share your recovery phrase. No real wallet or support agent will ask. | Fake login screens · DM phishing · fake "wallet update" prompts |
Check the URL before you connect. The ENS App lives at | Lookalike domains · homoglyph names |
Ignore unsolicited tokens and NFTs. | Dust tokens · scam NFTs that drain on swap |
Send to ENS names, not hex addresses copied from your transaction history. | Address poisoning · lookalike-address swap |
Real verification never means sending funds — and don't add | Fake-verification scams · live-call pressure |
The sections below show what each scam looks like in practice.
Fake mints and approval traps
A page that looks like an NFT project. You connect your wallet, click "Mint", and approve a transaction. The transaction either transfers your NFTs straight to the attacker, or grants their contract a sweeping approval — often setApprovalForAll — that lets them move everything in your wallet later.
The fix is in the wallet pop-up. Before you approve, read what the transaction actually does. If it says "Set approval for all" on a contract you don't recognise, or transfers an NFT you weren't expecting to send, reject it.
Important: The action shown in your wallet has to match what you clicked on the site. If it doesn't, reject the transaction.
Fake login screens and seed-phrase phishing
A page that looks like MetaMask (or another wallet) asks for your recovery phrase to "unlock" or "verify". Real MetaMask only asks for your password.
The same pattern crops up as fake browser pop-ups, "wallet update" prompts, and DMs from people claiming to be ENS support. If anything asks for your 12- or 24-word phrase, it's a phish.
Important: Never type your recovery phrase into a website, chat agent, or pop-up. ENS will never ask for it.
Fake airdrops
Pages telling you to claim "your $ENS" by connecting your wallet. They harvest approvals, they don't send tokens. ENS has no current airdrop and none planned — the only airdrop ended May 2022.
Important: ENS has no current or planned airdrops. Any site claiming otherwise is a scam.
Dust tokens and unsolicited NFTs
Random tokens or NFTs appearing in your wallet. The swap or sell contract is malicious — interacting with it drains your other tokens. Don't click, don't swap, don't try to sell.
Important: Don't interact with tokens or NFTs you didn't request.
Address poisoning
Scammers can plant fake addresses in your wallet's history. They send you a zero-value transaction from an address whose first and last few characters match one you've already used. Copy the fake address next time, and your funds go to the attacker.
Send to ENS names instead. A memorable, human-readable name like friend.eth points at one wallet, set by its owner — a lookalike address can't claim it.
Important: Send to ENS names, not addresses copy-pasted from your transaction history.
Fake verification scams
Anyone can register an ENS name that copies any 0x address with .eth on the end. The name can point to any address — whoever owns it picks. Scammers register a name copying your address, point it at their wallet, and — counting on you not knowing what ENS does — tell you to append .eth to your address to "verify" by sending funds. The funds go to them.
Don't add .eth to your own address.
Important: No real process asks you to send funds to "verify" anything.
If you've already approved something dodgy
Move fast.
If you approved a bad transaction: revoke the approval before the attacker uses it. See How do I revoke token approvals?
If a .eth name is in a wallet you no longer trust: see How do I recover a .eth name from a compromised wallet?
If your recovery phrase leaked: assume the wallet is compromised. Move everything you can to a new one.
What's next?