Skip to Content
GuidesSecurity & Safety

Security & Safety

Staying safe in crypto is essential. This guide covers how to protect yourself when using CYRUS and the TON ecosystem.

Wallet Security

Your Recovery Phrase is Everything

Your 24-word recovery phrase is your wallet. Anyone who has it has full control of your funds — forever.

DoDon’t
Write it on paperScreenshot it
Store in a fireproof safeSave in a notes app
Make a second backup in a separate locationStore in cloud storage (Google Drive, iCloud)
Verify it works by restoring on a second deviceEmail it to yourself
Keep it private — tell no oneShare it with “support” or “admins”

There is no “reset password” in crypto. If you lose your recovery phrase and your device, your funds are gone permanently. If someone else gets your phrase, your funds are gone permanently. Treat it like the deed to your house.

Device Security

  • Lock your phone with a strong PIN, fingerprint, or face recognition
  • Lock your wallet app with a separate PIN or biometric — Tonkeeper supports this
  • Keep your wallet app updated — updates include security patches
  • Don’t jailbreak/root your phone — this weakens device-level security protections
  • Consider a hardware wallet (SafePal, Ledger) for holdings over $5,000

Multiple Wallets

Consider using separate wallets for different purposes:

  • Main wallet — Your primary CYRUS holdings and governance stake
  • Spending wallet — Small amounts for transactions and experimentation
  • Cold storage — Large holdings on a hardware wallet or offline device

Common Scams

Fake Support Messages

The most common scam in crypto. Scammers pose as support agents, admins, or team members and DM you offering to “help.”

Rules:

  • CYRUS team will never DM you first
  • We will never ask for your recovery phrase or private key
  • Official support only happens in public community channels
  • If someone claims to be from CYRUS support and DMs you, block and report them

Fake Websites (Phishing)

Scammers create websites that look identical to cyrus.gold but have a slightly different URL (e.g., cyrus-gold.com, cyrusg0ld.com, cyrus.gold.xyz).

How to protect yourself:

  • Bookmark the real site: cyrus.gold
  • Bookmark the real docs: docs.cyrus.gold
  • Always check the URL bar before connecting your wallet
  • Never click links from DMs, random Telegram messages, or suspicious emails
  • If a link looks suspicious, type the URL manually instead

Fake Tokens

Anyone can create a Jetton on TON with any name. Scammers create tokens called “CYRUS” with different contract addresses.

How to verify:

  • The official CYRUS Jetton contract address is published on cyrus.gold 
  • Always verify the contract address when adding a token manually
  • If someone sends you unexpected tokens, do not interact with them — some scam tokens contain malicious contract logic
  • Use tonviewer.com  to verify any contract before interacting

”Double Your Crypto” Scams

  • There is no airdrop requiring you to send TON first
  • There is no “double your CYRUS” promotion — ever
  • There is no “limited time bonus” from team members
  • CYRUS is not an investment — anyone promising returns is lying

Approval Scams

When you connect your wallet to a dApp, be careful what you approve:

  • Read the transaction details before confirming — your wallet will show what the dApp is requesting
  • Revoke approvals you no longer use — old approvals can be exploited if a dApp is compromised
  • Only connect to known sites — cyrus.gold, dedust.io, ston.fi, etc.
  • If a site asks you to sign a transaction you don’t understand, reject it

Smart Contract Safety

Verified Contracts

  • All CYRUS contracts are open-source and published on GitHub
  • Contract code is verified on TON explorers — anyone can inspect the bytecode matches the published source
  • Contract addresses are published on cyrus.gold 

Before You Transact

  1. Verify the contract address matches what’s published on the official site
  2. Review the transaction in your wallet before confirming — check the amount, recipient, and what you’re approving
  3. Start small — try a small test transaction first, especially when using a new dApp or contract
  4. Check the explorer — after the transaction, verify it on tonviewer.com  or tonscan.org 

Bonding Curve Security

The bonding curve contract has the following safety properties:

  • No admin keys — once deployed, no one can change the pricing formula
  • No pause function — the contract cannot be stopped arbitrarily
  • Slippage protection — your transaction reverts if the price moves beyond your tolerance
  • Direct-to-wallet — tokens go straight to your wallet, no intermediary

Telegram Safety

Since CYRUS is deeply integrated with Telegram, be extra careful in Telegram groups:

Official Channels Only

  • Official Telegram community: @cyrusgold 
  • Never trust links posted by random users in group chats
  • Admins are clearly marked — verify usernames against the official list

Telegram-Specific Scams

  • Fake groups — Scammers create copycat Telegram groups with similar names and logos
  • “Admin” DMs — Real admins will never DM you first
  • QR code scams — Never scan a QR code from a stranger claiming it will “give you tokens”
  • Mini App phishing — Only use Mini Apps linked from official CYRUS channels

If Something Goes Wrong

You sent TON to the wrong address

  • On-chain transactions are irreversible. If you sent to the wrong address, the funds cannot be recovered.
  • Always double-check addresses before confirming.
  • Use Tonkeeper’s address book feature to save verified addresses.

You think your wallet is compromised

  1. Immediately create a new wallet (new recovery phrase)
  2. Transfer all remaining funds to the new wallet
  3. Do not use the compromised wallet again for any purpose
  4. Review what happened — did you share your phrase? Click a suspicious link? Connect to a fake site?

You spotted a scam

  • Report it in the official Telegram community 
  • Do not engage with the scammer
  • Warn others — share what happened so the community can be aware
  • If it’s a fake website or token, report it to the relevant platform (Telegram, Google Safe Browsing, etc.)

Security Checklist

  • Recovery phrase stored securely offline (paper, safe)
  • Backup copy in a second secure location
  • Wallet app PIN / biometric enabled
  • Phone lock screen enabled
  • cyrus.gold bookmarked in browser
  • Never shared recovery phrase with anyone
  • Only connected wallet to official sites
  • Verified CYRUS contract address before interacting
Last updated on
TreasuryOverview