# Security Security is one of the core principles of Astra Terminal. Astra Terminal is built as a **non-custodial interface** for interacting with DEX through Telegram. This means that you retain full control over your wallet, assets, and signed transactions. We aim to provide a convenient and secure interface. However, in the world of DeFi, blockchain, and self-custody, the final responsibility for the safety of assets always lies with the wallet owner. Please carefully review the security rules below. Following them helps reduce the risk of losing funds, account compromise, phishing, and accidental mistakes. *** ### 1. The Main Security Principle Your wallet is your personal access to your funds. Astra Terminal: * does not custody your funds; * does not have access to your wallet; * does not store your private keys; * does not store your seed phrase; * cannot sign transactions on your behalf; * cannot restore your wallet; * cannot cancel a signed transaction; * cannot return funds if they were sent to the wrong address or stolen by attackers. All wallet actions are performed only by you. If you sign a transaction, you confirm it yourself. Always check exactly what you are confirming before signing anything. *** ### 2. Protecting Your Seed Phrase and Private Key A seed phrase is the main key to your wallet. It usually consists of 12 or 24 words. Anyone who obtains your seed phrase or private key may gain full access to your funds. #### Never do the following: * do not send your seed phrase in Telegram; * do not send your seed phrase to support; * do not enter your seed phrase on websites opened from message links; * do not store your seed phrase in phone notes; * do not store your seed phrase in the cloud; * do not send your seed phrase to yourself; * do not take screenshots of your seed phrase; * do not store your seed phrase in messengers; * do not enter your seed phrase into Google Forms, Telegram bots, “support” websites, or “verification” pages. #### Recommended: * store your seed phrase offline; * write it down on paper or a metal backup; * keep a copy in a secure place; * do not show it to anyone; * do not photograph it; * do not enter it anywhere except the official interface of your wallet when restoring access. Astra Terminal never asks for your seed phrase, private key, or recovery phrase. If anyone asks you to send your seed phrase, they are a scammer. *** ### 3. Checking Signatures and Transactions When using Astra Terminal, you may sign messages, orders, permissions, or transactions through your wallet. Before every signature, carefully check: * which wallet is connected; * which network you are using; * which asset is being used; * the transaction amount; * the trading pair; * position size; * trade direction; * leverage; * fee; * destination address; * wallet permissions; * order parameters; * liquidation risk. Do not sign a transaction if you do not understand what it means. If a signature window looks suspicious, contains unclear data, an unknown address, or an unexpected action, cancel the operation and check everything again. The User independently grants wallet permissions and bears full responsibility for all signed transactions. *** ### 4. Wallet Permissions and Approvals Some applications may request permissions to interact with your assets. Before granting any permission, always check: * which address or contract you are giving access to; * which asset the permission applies to; * whether there is a permission limit; * whether the permission is unlimited; * whether this action is actually necessary; * whether the request looks suspicious. Excessive permissions can be dangerous. If an attacker gains access to a contract or if you grant permission to a malicious service, your funds may be lost. It is recommended to regularly check and revoke unnecessary approvals using trusted wallet permission management tools. *** ### 5. Checking Official Links Scammers often create fake websites, Telegram bots, channels, Mini Apps, and support pages that visually resemble the original. Before using anything, always check: * that the link is correct; * that the Telegram username is correct; * that the source is official; * that there are no extra characters in the domain; * that there are no suspicious shortened links; * that the link matches Astra Terminal’s official channels. Do not open links from direct messages sent by strangers. Do not connect your wallet to websites unless you are sure they are official. Do not sign transactions on websites opened from random messages, comments, ads, or suspicious channels. *** ### 6. Rules for Communicating With Support Remember the three main Astra Terminal rules: #### We never message you first in direct messages. If someone messages you first on Telegram and claims to be an Astra Terminal employee, administrator, moderator, support agent, manager, or technical specialist, they are most likely a scammer. #### We never ask for your seed phrase, private key, or password. No real Astra Terminal representative will ever ask you for: * seed phrase; * private key; * wallet password; * Telegram password; * two-factor authentication code; * SMS code; * device access; * remote screen access. #### We never ask you to transfer funds to a “safe,” “verification,” or “protective” address. If someone says that you need to send funds for: * account unlocking; * wallet protection; * security verification; * fund recovery; * withdrawal activation; * verification; * ownership confirmation; * compensation participation; * access recovery, this is a scam. Official support operates only through the channels listed in Astra Terminal’s official sections. *** ### 7. Telegram Security Because Astra Terminal operates inside Telegram, the security of your Telegram account is extremely important. Recommended actions: * enable two-factor authentication in Telegram; * use a strong 2FA password; * never share Telegram login codes; * do not show your screen to strangers; * do not install suspicious applications; * do not open links from direct messages; * check active Telegram sessions; * terminate unknown sessions; * do not use Telegram on someone else’s device; * do not store passwords in unsafe places. If your Telegram account is compromised, attackers may try to trick you into signing malicious actions or opening phishing links. Astra Terminal cannot restore access to your Telegram account and does not control Telegram security. *** ### 8. Device Protection Your device is an important part of your security. If your computer or phone is infected with malware, attackers may intercept data, replace addresses, read your clipboard, and access your browser, Telegram, or wallet. Recommended actions: * use the latest version of your operating system; * install security updates; * do not install suspicious software; * do not download files from unknown sources; * use antivirus or built-in system protection; * protect your device with a password, Face ID, or Touch ID; * do not give remote access to strangers; * do not use pirated software; * do not store seed phrases on your device; * regularly check browser extensions. Be especially careful with programs that request access to your screen, keyboard, browser, Telegram, or wallet. *** ### 9. Phishing and Social Engineering Phishing is one of the most common reasons people lose funds in crypto. Scammers may pretend to be: * Astra Terminal support; * Telegram chat administrators; * DEX employees; * Pocket Exchange representatives; * moderators; * investors; * partners; * other traders; * community members. They may use scenarios such as: * “Your wallet is at risk, connect immediately through this link”; * “You need to complete verification”; * “You are eligible for compensation”; * “Your account will be blocked”; * “Sign this transaction for protection”; * “Send funds to a safe address”; * “Connect your wallet to the new website”; * “Enter your seed phrase for recovery”; * “Install this support application.” Do not trust urgent messages, threats, compensation promises, guaranteed profit claims, or requests to perform wallet actions. If a message creates panic or demands urgent action, stop and verify the information through official channels. *** ### 10. Security When Using Pocket Exchange Astra Terminal may include a button redirecting to the third-party service Pocket Exchange for buying or selling USDC. Important points: * Astra Terminal does not own Pocket Exchange; * Astra Terminal does not operate Pocket Exchange; * Astra Terminal does not control Pocket Exchange; * Astra Terminal does not process bank cards; * Astra Terminal does not accept fiat payments; * Astra Terminal does not buy or sell USDC; * Astra Terminal is not responsible for operations inside Pocket Exchange. Before using Pocket Exchange, independently check: * that the link is correct; * the service terms; * fees; * limits; * processing times; * refund rules; * KYC/AML requirements; * the wallet address for receiving funds. If you access Pocket Exchange, you are interacting with an independent third-party service. Astra Terminal cannot cancel, speed up, verify, or guarantee operations performed by Pocket Exchange. *** ### 11. AI Assistant Security Astra Terminal may provide the AI assistant for analytics, technical analysis, and informational support. AI does not require access to your private keys, seed phrase, or funds. Never send the AI assistant: * seed phrase; * private key; * passwords; * verification codes; * documents; * banking data; * personal confidential information. AI may be wrong and is not a financial advisor. Any decisions made after using AI analytics are made by you independently. *** ### 12. What to Do If You Suspect a Compromise If you suspect that your wallet, Telegram, or device has been compromised, act quickly. Recommended actions: 1. Immediately stop signing any transactions. 2. Disconnect from suspicious websites. 3. Check active Telegram sessions. 4. Terminate unknown Telegram sessions. 5. Scan your device for malware. 6. Check wallet approvals and permissions. 7. Revoke suspicious permissions. 8. If necessary, move remaining funds to a new secure wallet. 9. Do not send your seed phrase to anyone. 10. Contact official Astra Terminal support only through official channels. If your private key or seed phrase has already been exposed, that wallet should be considered unsafe. Astra Terminal cannot restore a compromised wallet or return stolen funds. *** ### 13. How to Recognize a Scammer Someone is most likely a scammer if they: * message you first; * rush you; * ask for your seed phrase; * ask for your private key; * ask for a Telegram code; * ask you to install software; * ask you to share your screen; * ask you to transfer funds; * promise guaranteed profit; * offer to “recover stolen funds”; * send a suspicious link; * use a similar but unofficial username; * ask you to “confirm your wallet” through an unknown website; * say your account will be blocked unless you urgently follow instructions. Real Astra Terminal support will not ask you to perform actions that give access to your funds. *** ### 14. What Astra Terminal Never Does Astra Terminal never: * asks for your seed phrase; * asks for your private key; * asks for your wallet password; * asks for your Telegram password; * asks for your 2FA code; * asks for an SMS code; * asks you to transfer funds to a “verification” address; * asks you to install unknown software; * asks you to provide remote access; * guarantees recovery of stolen funds; * promises guaranteed profit; * asks you to pay for “account unlocking”; * asks you to pay for “withdrawal activation”; * messages you first in direct messages. If someone does any of the above on behalf of Astra Terminal, they are a scammer. *** ### 15. User’s Personal Responsibility Astra Terminal provides an interface but does not control your wallet and does not manage your funds. You are solely responsible for: * keeping your seed phrase safe; * keeping your private keys safe; * Telegram security; * device security; * checking links; * checking transactions before signing; * granted approvals; * wallet actions; * trading decisions; * using third-party services; * consequences of mistaken actions. If you lose access to your wallet, disclose your seed phrase, suffer device compromise, fall for phishing, sign an incorrect transaction, or send funds to the wrong address, Astra Terminal may have no technical ability to restore access or return funds. *** ### 16. Short Security Checklist Before using Astra Terminal, make sure that: * you are using the official Telegram bot or Mini App; * you have checked the link; * Telegram two-factor authentication is enabled; * you do not store your seed phrase digitally; * you have not shared your private key with anyone; * you understand what transaction you are signing; * you have checked addresses and amounts; * you have not opened suspicious links; * you are not talking to “support” that messaged you first; * you understand the risks of trading and DeFi. *** ### 17. Final Security Warning Security in DeFi starts with the user. Astra Terminal does not custody your funds and does not have access to your wallet. This gives you full control over your assets, but it also means that you are responsible for protecting access, verifying transactions, and being careful when interacting with external services. Never rush when signing transactions. Never share your seed phrase. Never trust direct messages from people claiming to be support. Use only official Astra Terminal links and channels. If you are unsure, stop, verify the information, and contact support only through official channels. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://astra-terminal.gitbook.io/docs/english/other/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.