Recently, scammers impersonated official staff on platforms such as Xiaohongshu and Telegram, promoting fake “exclusive campaigns” for long-time users or bogus staking/mining offers.
By doing so, they trick users into depositing funds or granting token approvals — often resulting in significant asset losses.
Case Study
Nick received a message on Telegram from someone claiming to be a community member recommending an “official mining campaign for loyal users.”
The scammer’s pitch:
“Limited spots! Deposit 600 USDT to buy a miner and automatically mine official tokens daily — with an estimated annual yield of up to 120%!”
Tempted, Nick transferred 600 USDT to the website and soon saw his “earnings” increasing. When he tried to withdraw, a fake support agent told him to perform an on-chain to complete an on-chain step to activate the payout.
After he connected his wallet and signed as instructed, no payout came — instead, all his USDT and other tokens were drained from his wallet.
How Do Scammers Make It Look Legitimate?
1. Impersonating Official Channels to Build Trust
Visual imitation: scammers mimic official websites by copying domains, logos, color schemes, and layouts almost perfectly — making them highly deceptive.
Fake endorsements: they fabricate “official incentive programs,” “exchange listing announcements,” and fake market data, and even create bogus support accounts to appear legitimate and professional.
2. Making You Feel Rushed to Take Action
Manufacturing urgency: phrases such as “exclusive for existing users,” “limited spots,” or “countdown” make it feel like a rare chance, prompting you to act before verifying.
Inducing deposits and approvals: scammers push users to transfer funds or sign approvals, leading to theft.
How the Scam Works
These scams usually play out in two stages:
1. Baiting deposits — scammers promise high returns through staking or mining, but their real goal is to steal your principal.
2. Obscuring approvals — they disguise risky token-approval requests as harmless actions such as “claim rewards,” “activate account,” or “verify eligibility.” It looks like a simple confirmation, but in fact you’re giving them permission to move tokens out of your wallet. Once signed, they can instantly drain every token you’ve approved.
What Is Approval?
Giving an approval in your wallet isn’t the same as simply logging in or confirming. In reality, it means you’re granting a specific contract permission to move tokens from your wallet — at any time and without further notice.
That’s why, once scammers obtain that approval, they can drain your wallet immediately.
Approval itself is just a blockchain mechanism — it’s neither good nor bad. What matters is who you approve.
In legitimate use cases, approvals are a necessary step when interacting on-chain with decentralized applications (DApps). For example, on a DEX like Uniswap, if you want to swap USDT for ETH, you must first approve the Uniswap smart contract to take the USDT from your wallet.
Once the contract receives your USDT, it automatically sends the equivalent amount of ETH back to your wallet — completing the swap securely and transparently.
The key difference is this:
In legitimate cases, the contract you approve belongs to a well-known, security-audited DApp like Uniswap, and its purpose is to help you complete a valid transaction — such as swapping tokens.
In a scam, however, the contract you approve is unknown and malicious, created with the sole intent of stealing your funds.
Learn more about token approvals:
- My USDT was sent out from my wallet without my consent. How did that happen?
- Beware of Data Authorization Scams!
- Permit Signature Security Challenges and Solutions
- What is Permit2?
PSA:
-
Be cautious with third-party websites.
The wallet’s built-in browser lets you access various DApps, but this doesn’t mean imToken has any partnership or endorsement with them.
Always review the site carefully and assess its risk before connecting your wallet. -
Review and revoke approvals regularly.
Use trusted tools like Revoke.cash to check and remove unused or suspicious token approvals, helping reduce potential security risks. -
Never trust unsolicited messages.
The imToken team will never contact you directly or ask you to join any campaign via DM. If you receive such messages, ignore and block the sender immediately.
imToken Is Always Protecting Your Token Security
In September, imToken marked a total of 114,306 risky tokens, banned 704 risky DApp websites and marked 757 risky addresses.
In addition, if you find any suspiciously risky tokens or DApps, please contact us: support@token.im to help more users avoid token losses.
Closing Thoughts
Scams are constantly evolving, it is indeed challenging for average users to fully prevent them. imToken is committed to rapidly detecting issues and finding solutions,providing timely messages to the community, and educating users about various types of scams to protect them from losses.
We encourage you to read and share imToken Wallet Security Monthly Report and join hands with imToken to safeguard your token security.