Recently, Telegram has seen a surge in scams impersonating “official bots” or “wallet assistants.” Scammers pose as official support, promote fake reward campaigns, and trick users into granting token approvals—resulting in direct asset loss.
Case Example
A user saw an “official red-packet giveaway” in a Telegram group claiming a 700 USDT reward. After opening the bot page and clicking Claim, he was told to bind his wallet first. Once he entered his wallet address, the bot stated that the address had less than 500 USDT and could not be bound.
To meet the requirement, the user transferred USDT into his wallet and tried again. A prompt then appeared asking him to “Pay 0.691714 to complete address-ownership verification,” guiding him to sign in his wallet. In reality, this was a disguised USDT approval: once signed, the attacker could call the approval-enabled contract and transfer all USDT from the wallet.
Fortunately, the user noticed red flags before signing: the bot lacked any official verification badge, and the signature page showed an unlimited token allowance. He declined the signature request and avoided any loss.
How the Scam Works
1. Impersonating official accounts to build trust
- Account names contain terms like “Official Bot,” “XXX Support,” etc.
- Avatars, bios, and posters mimic the official brand.
- Scammers DM users while claiming to be official support or community staff.
2. Using “rewards” or “red packets” to lure clicks
A typical flow is:
Claim reward → Withdraw → Verification required → Connect wallet → Sign
It appears to be a normal security check for a giveaway, but each step is designed to push users toward a malicious approval.
3. Disguising malicious approvals as “verification,” “binding,” or “activation”
Common tricks include:
- Binding your wallet requires a balance ≥ 100 USDT.
- Withdrawal requires signature verification.
- Security activation required to protect your funds.
The real purpose is to make users deposit more tokens and eventually sign an approval that allows attackers to steal them.
In practice, users are guided to connect their wallet and approve an unknown address. Once the approval is granted, scammers monitor it closely and, when new funds enter the wallet, immediately call a malicious contract to transfer all USDT.
Learn more about token approvals:
- My USDT was sent out from my wallet without my consent. How did that happen?
- Beware of Data Authorization Scams!
- Permit Signature Security Challenges and Solutions
- What is Permit2?
PSA:
- Use official channels: imToken has no Telegram groups or bots. Ignore and block anyone contacting you as “support,” “admin,” or “community staff.”
- Be careful with signatures: Before signing any transaction, check the signature details carefully. Unknown address + token approval + unlimited allowance = high-risk signal.
- Use tools such as Revoke.cash to review and revoke unused or suspicious approvals and reduce potential risks.
imToken Is Always Protecting Your Token Security
In October, imToken marked a total of 342,012 risky tokens, banned 896 risky DApp websites and marked 556 risky addresses.
In addition, if you find any suspiciously risky tokens or DApps, please contact us: support@token.im to help more users avoid token losses.
Closing Thoughts
Scams are constantly evolving, it is indeed challenging for average users to fully prevent them. imToken is committed to rapidly detecting issues and finding solutions,providing timely messages to the community, and educating users about various types of scams to protect them from losses.
We encourage you to read and share imToken Wallet Security Monthly Report and join hands with imToken to safeguard your token security.