As AI technology becomes more and more popular, we are facing new security threats while enjoying its convenience. Recently, we found that criminals have taken advantage of users’ trust in AI to induce users to visit phishing websites and then steal their assets.
Information Pitfalls of AI Search
At present, some users may be accustomed to using AI to search information, including querying websites, market trends, project introductions, technical analysis, etc.
It should be noted that the information generated by AI depends on its training data and algorithms, and it does not have the ability to distinguish the authenticity of information in real time.
If the training data contains false information or is contaminated, AI may provide false or outdated information in a seemingly authoritative tone. The information currently provided by AI has the following problems:
- Infiltration of false information: Some phishing websites use techniques like SEO to boost their search rankings, misleading AI into treating them as credible sources and indexing their content.
- Outdated Information: Due to the fast-paced nature of blockchain and cryptocurrency, AI often lags behind real-time updates from project teams. For instance, if a project modifies its website or upgrades its token contract, AI may still reference outdated or obsolete information
Recently, the security team SlowMist highlighted on Twitter that some AI tools, after testing, mistakenly recommend fraudulent links that impersonate official websites. These tools may "confidently lie" when generating content—especially if they rely on unverified data sources—leading to the promotion of fake links or incorrect tutorials.
As shown in the image below, when asked for the official website of imToken, the AI tool responded with https://www.imtoken.app, which is a scam site. Please note: the correct official website of imToken is https://token.im/.
Information Pollution on Social Platforms
Social platforms like Twitter and Telegram have become key channels for accessing cryptocurrency information. Many users rely on following official project accounts, joining communities, and keeping up with influential figures in the industry.
However, the low publishing threshold and algorithm-driven content recommendations have made these platforms hotspots for scammers spreading false information. Platform algorithms tend to prioritize highly engaging content, often without rigorous checks on its authenticity.
Some scammers impersonate officials or create fake accounts on social platforms. They often repost official content or pose as educators sharing security tips—only to later promote false investment opportunities or trick users into downloading fake wallets, ultimately stealing their assets.
Recently, several users reported fake accounts impersonating imToken on rednote. Please be aware: imToken has no official account on this platform.
One user, Mike, was misled by someone posing as "official customer support" and downloaded a fraudulent wallet app. Trusting the instructions, he created a new address and transferred his assets into it.
Hours later, Mike discovered his assets had been drained to an unknown address. Actually, the app was a fake wallet designed to steal his mnemonic.
PSA:
- Please download the genuine imToken wallet only from our official website: https://token.im.
- Avoid clicking on unfamiliar download links shared on social platforms.
- When using AI tools to search for wallet security information, do not blindly trust the recommended content. Always verify any links or tutorials through official sources.
-
imToken official channels:
- Weibo: https://weibo.com/imToken
- Twitter (X): https://x.com/imTokenOfficial
- Discord: https://discord.com/invite/imToken
imToken Is Always Protecting Your Token Security
In March, imToken marked a total of 12018 risky tokens, banned 441 risky DApp websites and marked 7268 risky addresses.
In addition, if you find any suspiciously risky tokens or DApps, please contact us:support@token.im to help more users avoid token losses.
Closing Thoughts
Scams are constantly evolving, it is indeed challenging for average users to fully prevent them. imToken is committed to rapidly detecting issues and finding solutions,providing timely messages to the community, and educating users about various types of scams to protect them from losses.
We encourage you to read and share imToken Wallet Security Monthly Report and join hands with imToken to safeguard your token security.