Recently, a scam account called @Ronny1Eth has been spamming replies under tweets from industry figures, always using the same line: “You need to clear this phishing signature from your wallet!”
Kristen noticed a comment from @Ronny1Eth under a tweet and became suspicious. When she checked the profile, the bio read: “I am a blockchain expert with deep expertise in smart contract security, risk management, and decentralized technologies.”
Out of curiosity, Kristen decided to send a direct message. The scammer responded: “Your wallet has interacted with a phishing contract. If you don’t fix it immediately, your funds could be stolen.” To “help,” he instructed her to enter her seed phrase into a fake “risk repair tool“.
At first, Kristen hesitated, but the scammer kept pressuring her: “This is the only way—otherwise your tokens will disappear within 24 hours.” Overwhelmed by fear and urgency, Kristen finally entered her seed phrase. Within just three minutes, her wallet was drained of 2.3 ETH and 1,500 USDT, transferred to another wallet.
On-chain analysis shows that this account alone has stolen assets from more than 50 wallets over the past two months, totaling around $180,000.
How Does the Scam Work?
Scammers prey on users’ fears about asset security and their blind trust in so-called “experts.” The entire process is carefully orchestrated, step by step.
Lurking in the Comments
Scammers often lurk in tweet replies to well-known figures in crypto. Posts mentioning wallets, transactions, or projects quickly draw their replies: “We detected risks in your wallet, please contact me for help.”
Posing as Experts
These accounts present themselves as professionals. Their bios feature titles like “Blockchain Security” or “Anti-Phishing Expert,” and they post fake audit screenshots or so-called “detection tools” to seem credible.
Moving to Private Messages
Once someone takes the bait, the scammer moves to DMs. They start by creating panic: “Your wallet has authorized a malicious contract, and your funds could be stolen anytime.” Then they offer a “solution”—a fake tool link or a request for the victim’s private key or seed phrase.
Draining the Wallet
As soon as the victim shares their private key or seed phrase, the scammer drains the wallet.
PSA:
Impersonation scams are nothing new in crypto. Stay safe with these four tips:
- Never share your private keys: Your private key and seed phrase are the keys to your assets. Anyone who asks for them is a scammer—block them immediately.
- Think before you click: Unfamiliar links—especially fake “risk check” or “repair tools”—are usually phishing traps. Don’t click. Don’t authorize. Don’t enter anything.
- Trust only official sources: Watch out for “experts” who contact you on social media or via DMs. Always seek help through official support channels.
- Check your approvals: Use tools like Revoke regularly to review and cancel your token approvals.
imToken Is Always Protecting Your Token Security
In August, imToken marked a total of 11,315 risky tokens, banned 712 risky DApp websites and marked 1,906 risky addresses.
In addition, if you find any suspiciously risky tokens or DApps, please contact us: support@token.im to help more users avoid token losses.
Closing Thoughts
Scams are constantly evolving, it is indeed challenging for average users to fully prevent them. imToken is committed to rapidly detecting issues and finding solutions,providing timely messages to the community, and educating users about various types of scams to protect them from losses.
We encourage you to read and share imToken Wallet Security Monthly Report and join hands with imToken to safeguard your token security.