The one program ID
Cloak runs on exactly one Solana program:Official links
| Surface | Official address |
|---|---|
| App | cloak.ag |
| Docs | docs.cloak.ag |
| GitHub | github.com/cloak-ag |
| npm | @cloak.dev/sdk |
| X | @cloak_ag |
How to verify before you interact
Check the program ID. Before you approve any transaction, your wallet shows which program it calls. Compare it against the ID above — every character. You can also paste the ID into any Solana explorer (Solscan, Solana Explorer, and others) to confirm you are looking at the real pool before you send anything to it. Check the domain spelling. Phishing sites rely on near-misses: an extra letter, a swapped character, a different ending than.ag. Read the address bar character by character, and reach the app through your own bookmark rather than links from search ads, DMs, or group chats.
What Cloak will never do
- Cloak will never DM you first. No support agent, admin, or team member will ever reach out to you unprompted. Anyone who does is an impersonator.
- Cloak will never ask for your backup file, seed phrase, or private keys. Your backup file is the money — anyone holding it can take your private balance. No legitimate support flow needs it, ever.
- Cloak will never ask you to “validate” or “sync” your wallet. The real app asks your wallet to sign exactly two things, both on cloak.ag: its sign-in message and your own shield (deposit) transactions. Anyone asking you to sign anything else, or to connect your wallet on another site, is an impersonator.
Where next
Honest FAQ
Straight answers to the questions people actually ask before using Cloak.
Security and what Cloak cannot do
The audit status, the threat model, and the limits we publish on purpose.