> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cloak.ag/llms.txt
> Use this file to discover all available pages before exploring further.

# Verified addresses and official links

> Cloak's canonical program ID, official links, and how to spot impersonators

Privacy tools attract impersonators: lookalike domains, fake tokens, "support agents" in your DMs. This page is the canonical reference. Bookmark it, and check anything that claims to be Cloak against it.

## The one program ID

Cloak runs on exactly one Solana program:

```text theme={null}
zh1eLd6rSphLejbFfJEneUwzHRfMKxgzrgkfwA6qRkW
```

This is the only Cloak program — if a site, token, or DM points you anywhere else, it is not Cloak. There is no "v2 contract," no migration address, and no Cloak token. Anything selling you one is a scam.

## Official links

| Surface | Official address                                                 |
| ------- | ---------------------------------------------------------------- |
| App     | [cloak.ag](https://cloak.ag)                                     |
| Docs    | [docs.cloak.ag](https://docs.cloak.ag)                           |
| GitHub  | [github.com/cloak-ag](https://github.com/cloak-ag)               |
| npm     | [`@cloak.dev/sdk`](https://www.npmjs.com/package/@cloak.dev/sdk) |
| X       | [@cloak\_ag](https://x.com/cloak_ag)                             |

If a link is not on this list, treat it as untrusted — including mirror sites, "official" community admins, and handles that differ from the real ones by a single character.

## How to verify before you interact

**Check the program ID.** Before you approve any transaction, your wallet shows which program it calls. Compare it against the ID above — every character. You can also paste the ID into any Solana explorer (Solscan, Solana Explorer, and others) to confirm you are looking at the real pool before you send anything to it.

**Check the domain spelling.** Phishing sites rely on near-misses: an extra letter, a swapped character, a different ending than `.ag`. Read the address bar character by character, and reach the app through your own bookmark rather than links from search ads, DMs, or group chats.

<Tip>
  Bookmark [cloak.ag](https://cloak.ag) and [docs.cloak.ag](https://docs.cloak.ag) now, while you are on the real site. A bookmark you made yourself beats any link someone sends you later.
</Tip>

## What Cloak will never do

* **Cloak will never DM you first.** No support agent, admin, or team member will ever reach out to you unprompted. Anyone who does is an impersonator.
* **Cloak will never ask for your backup file, seed phrase, or private keys.** Your backup file is the money — anyone holding it can take your private balance. No legitimate support flow needs it, ever.
* **Cloak will never ask you to "validate" or "sync" your wallet.** The real app asks your wallet to sign exactly two things, both on cloak.ag: its sign-in message and your own shield (deposit) transactions. Anyone asking you to sign anything else, or to connect your wallet on another site, is an impersonator.

If someone claiming to be Cloak does any of these, disconnect and report it privately to the team via [contact@cloak.ag](mailto:contact@cloak.ag).

## Where next

<CardGroup cols={2}>
  <Card title="Honest FAQ" icon="circle-question" href="/guide/faq">
    Straight answers to the questions people actually ask before using Cloak.
  </Card>

  <Card title="Security and what Cloak cannot do" icon="shield-halved" href="/guide/security">
    The audit status, the threat model, and the limits we publish on purpose.
  </Card>
</CardGroup>
