Someone claiming to be a project support team or admin DMs asking if a question you posted in the channel was ever answered. Regardless of your answer, they will find some pretext to say you need to validate your wallet, and will send you a link to do so. The link is to a phishing site, and will most often ask you to enter your wallet seed phrase.

The particular approach used in this scam usually comes after a project makes some big announcement, and takes advantage of people asking questions about it. In this case, the SmartCoin team announced it was the last day to request a wallet reputation transfer to a new wallet, but the initial wording was a bit confusing, leading to a lot of questions in the channel.

Here, the scammer forwarded my question into a DM to give themselves a little more credibility. When I said that my question had in fact been answered, they changed tactics and asked if I was participating in the “airdrop bonus”. So, I played along.

They asked me to send my wallet address to “get me through on their data base system”, a phrase which I assume made sense to them. In reality, they probably just wanted to see how much they’d be able to steal from me, so I grabbed the address of some random whale and sent it along.

Obviously satisfied, I was then sent a link, and instructions on how to validate my wallet.

The site they sent me to looked generic enough, until I clicked on “Get Started” and was immediately asked for my seed phrase.

Another common approach to this scam is via email, where the message will come in from an account pretending to be a popular wallet service (Metamask, TrustWallet, etc). The message will usually say your wallet or account is going to be locked soon unless you take action, and ask you to follow a link to “verify your wallet”. As with the example above, the site they link will either try to trick you into giving up your seed phrase, or ask you to connect to a malicious contract that will drain your funds. Your email spam filter will most likely catch these kinds of emails, but sometimes they slip through. Suffice to say, no wallet service will ever email, DM, or otherwise contact you directly asking you to “verify” yourself or your wallet.

No matter who is asking or how they dress up the request, you should never, under any circumstances, give out your wallet’s seed phrase. It will never be needed for troubleshooting, tech support, connecting to websites/dapps, entering giveaways, or anything else involving another person. Similarly, when connecting your wallet to a site or dapp, pay close attention to the permissions being asked - they should never include unlimited spending, and making transactions without notifying you.

Have a question, comment, tip, inside info, or anything else? Email KnowYourCrook@ProtonMail.com

Someone claiming to be a project support team or admin DMs asking if a question you posted in the channel was ever answered. Regardless of your answer, they will find some pretext to say you need to validate your wallet, and will send you a link to do so. The link is to a phishing site, and will most often ask you to enter your wallet seed phrase.

The particular approach used in this scam usually comes after a project makes some big announcement, and takes advantage of people asking questions about it. In this case, the SmartCoin team announced it was the last day to request a wallet reputation transfer to a new wallet, but the initial wording was a bit confusing, leading to a lot of questions in the channel.

Here, the scammer forwarded my question into a DM to give themselves a little more credibility. When I said that my question had in fact been answered, they changed tactics and asked if I was participating in the “airdrop bonus”. So, I played along.

They asked me to send my wallet address to “get me through on their data base system”, a phrase which I assume made sense to them. In reality, they probably just wanted to see how much they’d be able to steal from me, so I grabbed the address of some random whale and sent it along.

Obviously satisfied, I was then sent a link, and instructions on how to validate my wallet.

The site they sent me to looked generic enough, until I clicked on “Get Started” and was immediately asked for my seed phrase.

Another common approach to this scam is via email, where the message will come in from an account pretending to be a popular wallet service (Metamask, TrustWallet, etc). The message will usually say your wallet or account is going to be locked soon unless you take action, and ask you to follow a link to “verify your wallet”. As with the example above, the site they link will either try to trick you into giving up your seed phrase, or ask you to connect to a malicious contract that will drain your funds. Your email spam filter will most likely catch these kinds of emails, but sometimes they slip through. Suffice to say, no wallet service will ever email, DM, or otherwise contact you directly asking you to “verify” yourself or your wallet.

No matter who is asking or how they dress up the request, you should never, under any circumstances, give out your wallet’s seed phrase. It will never be needed for troubleshooting, tech support, connecting to websites/dapps, entering giveaways, or anything else involving another person. Similarly, when connecting your wallet to a site or dapp, pay close attention to the permissions being asked - they should never include unlimited spending, and making transactions without notifying you.

Have a question, comment, tip, inside info, or anything else? Email KnowYourCrook@ProtonMail.com