We’ve recently identified a wave of secondary scams targeting users who previously suffered losses from pyramid scheme investment platforms.
Scammers are illegally obtaining users’ email addresses and wallet information, then posing as official customer support. Through phishing emails, they trick users into downloading fake wallet apps under the pretense of “asset recovery,” ultimately stealing more funds.
We have repeatedly cautioned that fraudsters use tactics like “arbitrage trading” and “on-chain mining” to lure users into high-return pyramid schemes. These scams often collect sensitive data such as wallet and email addresses, which are now being exploited for follow-up fraud. By leveraging victims' urgency to recover losses, scammers set new traps that deepen the damage.
James previously fell victim to a pyramid scheme, exposing his email and wallet address. Days later, he received a phishing email disguised as an official notice titled “Assistance in Recovering Defrauded Assets”, which claimed:
“Thank you for supporting imToken and helping us combat fraud… Please download the wallet app and deposit 2,000 USDT. We will return your defrauded funds within 3 working days.”
This is a classic secondary scam. Trusting the email, James followed the instructions—he downloaded the counterfeit wallet app, created a new wallet, and transferred tokens into it. The scammers immediately drained the funds, and James was defrauded a second time.
Common Traits of Secondary Scam Emails
-
Leaked Personal Data
Scammers exploit stolen data—such as email addresses, wallet addresses, and on-chain activity—from previous fraud cases to precisely target victims.
-
Fake Recovery Procedures
They use official-sounding language and fake “freeze-and-return” procedures to appear credible and deceive users.
-
False Urgency
Phishing emails frequently use high-pressure language like "many victims in queue" and enforce strict deadlines (e.g., "three working days") to rush recipients into immediate action, bypassing critical security verification.
- Malicious App Links
These emails include links to counterfeit wallet apps. Once installed, these fake apps are used to steal users’ crypto assets.
Security Alert: The official imToken team never contacts users via email, on-chain memos, or other channels to solicit transfers or offer "asset recovery." Such requests are scams.
Decentralized wallets like imToken require no personal info (phone, email, ID). Always download from https://token.im and seek support only through support@token.im.
imToken Is Always Protecting Your Token Security
In April, imToken marked a total of 4363 risky tokens, banned 608 risky DApp websites and marked 947 risky addresses.
In addition, if you find any suspiciously risky tokens or DApps, please contact us: support@token.im to help more users avoid token losses.
Closing Thoughts
Scams are constantly evolving, it is indeed challenging for average users to fully prevent them. imToken is committed to rapidly detecting issues and finding solutions,providing timely messages to the community, and educating users about various types of scams to protect them from losses.
We encourage you to read and share imToken Wallet Security Monthly Report and join hands with imToken to safeguard your token security.