Most wallet losses come from a small set of mistakes. This page covers the ones that matter on Arkena. None of these are theoretical — every item is something an attacker has used to steal from someone, somewhere.
The recovery phrase is the wallet
Whoever holds your 24 words controls every asset in your wallet. Treat the phrase the way you'd treat a stack of bearer cash that can't be replaced.
If you're worried about losing the paper, store two paper copies in two physical locations. Don't store one digital "backup" — that's the failure mode.
The password is local, the phrase is universal
The password you set on this device only protects this browser. Forgetting it means recovering with your phrase on a fresh setup. It does not mean losing your assets.
The phrase, by contrast, works anywhere the Arkena extension runs. That's the asymmetry to internalise: a leaked password is mildly bad. A leaked phrase is fatal.
Read every signing prompt
Before you confirm any transaction, the wallet shows you a summary card — who's the recipient, how much, what fee. Read it. Especially read the origin line at the top of the prompt: it tells you which website asked the wallet to sign.
This is the URL you bookmarked
If the origin doesn't match the site you think you're using, reject. The
most common attack is a malicious page in a hidden tab triggering a signing
request that looks like the one you expect from arkena.io but isn't.
Phishing — the official URL is arkena.io
The Arkena wallet never asks for your seed phrase after the initial setup. Anyone — anywhere, including someone claiming to be Arkena support — asking you to type your phrase is trying to steal it. There are no exceptions.
The official URL is arkena.io. Look-alikes (arkena.app, arkena-wallet.io,
Cyrillic substitutes) appear regularly. Bookmark the real one and use the
bookmark.
Enable auto-lock
The extension has an auto-lock setting in Settings → Security. Set it to 5 or 15 minutes. After the timer expires, the wallet asks for your password to view balances or sign anything — useful when you walk away from your desk.
If you suspect compromise
Move fast.
- Transfer your assets to a brand-new wallet with a fresh recovery phrase. Use a different machine if you suspect the device itself is compromised.
- Stop using the suspect phrase entirely. Do not move it, do not "rotate" it, do not store it in any new way. It's burned.
- Report it to Arkena through the Discord support channel so we can help you investigate and warn others if there's a pattern.
What's next
- Recover your wallet if you need to migrate to a fresh device.
- Self-custody on Arkena explains the model that makes these rules load-bearing.