The next phase of IOTA’s development includes a token migration from the old network to the new Chrysalis network with the help of the Firefly wallet (read about and try out the beta version here). This article provides a brief guide on how to safely maneuver through Cryptoland and avoid social engineering attacks and phishing attempts.

The official start date of the Chrysalis network migration is Wednesday 21April 2021. The migration period will allow users, exchanges and custodians to prepare their token migration ahead of the network upgrade. The network upgrade itself will happen on Wednesday 28 April 2021. Users are not required to migrate their tokens ahead of the network update and will be able to do so at least until IOTA's "Coordicide", estimated to occur later this year. IOTA tokens stored on exchanges will be migrated by the exchanges on behalf of their users.

Following the rabbit hole into Cryptoland opens up endless possibilities in technical, financial, and professional terms.

Unfortunately, part of this "most interesting industry in the world" is that newcomers not rarely fall into the grips of criminal actors who use impersonification and social engineering, disguised as trying to be helpful, to obtain funds and personal information of inexperienced users.

While the paradigm shift represented by decentralization has enormous potential for financial self-determination and inexhaustible room for innovation, it also brings with it a level of self-responsibility that, ideally, can lead to witnessing this ecosystem at its best, but at worst, can lead to being robbed right at the beginning of the journey.

"Be your own bank" has been the mantra since DLT began innovating the world, and especially in periods of rising valuations, the financial incentives for fraudsters are increasing proportionally.

Decentralization dictates that once a transaction is finalized, it can never be reversed. This means that stolen funds cannot be recovered.

Particularly in times of the token migration for the Chrysalis update, it is likely that members in need of help with the transition process will be targeted by scammers.

To provide some guidance for our community and users, we have prepared a list of easy-to-follow best practices that should be adhered to under all circumstances to protect themselves from malicious actors.


a) Never share personal information regarding the number of tokens you own, their type, or where and how you keep them, secure them including passwords, recovery passphrases, and user names of wallet accounts or exchanges. Don’t share that information with anyone - including members of the IOTA Foundation.

b) Never share the seed, private key, Ledger passphrase with 24 words or address to your tokens with anyone - including members of the IOTA Foundation.

c) IOTA Foundation members and moderators will never ask for your seed, your private keys, or your Ledger passphrase of 24 words. “Never” really means “never”. There are no exceptions, ever.

d) If you are actively being approached by alleged IOTA Foundation members or moderators on the IOTA Discord, they are most definitely not members of the IOTA Foundation but malicious actors impersonating IF members. Unfortunately, on Discord, it is incredibly easy through paid subscriptions to convincingly impersonate other users, moderators, or even staff members.

What to do in case you need help:

e) If you run into obstacles migrating your tokens, you can seek community support in our official Discord. Once signed up, visit the #help channel, read the instructions and follow it. The best way to ask for help is doing it publicly in that channel: as long as your conversation is public and not in private messages, there's less risk because everyone can see whether a scammer attempts to scam you and let you know about it.

f) If you want to ask someone for help through a private message on Discord, make sure YOU are the one initiating the conversation: Choosing someone official to talk to from the sidebar and starting the conversation yourself is without risk as impersonators can not be displayed as green-colored official IOTA Foundation members in the sidebar. Starting a conversation by selecting someone official from the sidebar is therefore safe. Accepting a direct message from someone only having the same name as someone in the sidebar is not safe. It could be an impersonator that just has the same name as the official staff members displayed in the sidebar.

g) Download software from trusted sources only (usually websites that end with To ensure that you use said trusted applications only, it’s a good start to search for links in our official blog posts.

h) Never click on random links provided by alleged members or alleged moderators of an IOTA-related social media channel as they pose a high risk of containing malicious software that might hijack your system.

Example of a scamming attempt:

Following are a few examples of users talking to someone pretending to be Dave De Fijter from the IOTA Foundation.

The above examples are only exemplary and not exhaustive. As the oldest cryptocurrency in existence, Bitcoin has compiled a more extensive list of examples of how to avoid common traps of social engineering and scams, which generally apply to any cryptocurrency.

Share this article with your friends, enjoy Chrysalis, and stay safe!

For all the latest information about Chrysalis, visit:

Follow us on our official channels to stay tuned with all the steps of the migration!

Discord | Twitter | LinkedIn | Instagram | YouTube

Follow us on our official channels for the latest updates:
Discord | Twitter | LinkedIn | Instagram | YouTube | CoinMarketCap


IOTA Foundation

Official posts from the IOTA Foundation, and migrated posts from old platforms.

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.