Recently, some users have reported that scammers are opening fake stores on certain e-commerce and second-hand platforms, repackaging originally free official apps as “paid downloads” or “installation services” and selling them to users.
Their goal is to trick users into installing fake apps, then obtain the user’s mnemonic phrase or private key and steal their assets.
Case Study
A user, Nick, was downloading a wallet app from the official website when his mobile browser displayed a “risk warning.” Unsure how to proceed, he searched for “xxx wallet download” on a popular e-commerce platform and found a store advertising “official installation, fast setup, full version support” for 8.8 RMB.
Believing the platform to be reliable, Nick thought paying a small fee to have a “professional” install the app would be safer.
After placing the order, the seller sent him a cloud storage download link via private message, which contained an installation package. Following the seller’s instructions, Nick installed the app, created a wallet, and transferred tokens into it.
However, shortly afterward, all the tokens in his wallet were transferred out, and the losses could not be recovered.
How These Scams Work
1. Exploiting the False Sense of Trust in Platforms
Many users assume that products listed on e-commerce platforms have already been reviewed and are therefore trustworthy. In reality, scammers often exploit review delays by briefly listing products before detection, frequently changing store names or keywords to evade platform risk controls.
They disguise illegal download links as “technical services.”
In addition, due to the nature of the crypto industry and the difficulty of providing evidence, victims often struggle to seek compensation after being scammed.
2. Sending Download Links via Private Messages to Bypass Official Channels
In these scams, fraudsters typically send cloud storage links, QR codes, or installation instructions through private messages.
While this may seem convenient—saving you the effort of finding official download links or figuring out the installation process—the source and authenticity of the installation package cannot be verified, making it easy to install a fake app.
For iOS users, scammers may also trick victims into installing configuration profiles or trusting enterprise certificates or test versions, allowing unauthorized apps to run without App Store review.
3. Ultimately Stealing Your Mnemonic Phrase or Private Key
Regardless of the excuse used—such as “creating a wallet,” “restoring a wallet,” or “verification required for a version upgrade”—the final goal is always the same: to guide you to create a wallet in a fake app or enter your mnemonic phrase or private key.
Once your mnemonic phrase or private key is exposed, you lose control of your wallet assets, and theft becomes only a matter of time.
Be cautious if you encounter any of the following:
- Asking you to pay for “official downloads,” “installation services,” “virus-free versions,” or “fast-review versions.”
- Sending download links or QR codes under the pretext of buying or selling USDT or receiving payments for goods
- Claiming to be community members, technical staff, or investment experts and guiding you to install wallet apps, back up wallets, or change wallet settings
- Any request to provide or enter your mnemonic phrase or private key (including screenshots, copy-paste, or screen recordings)
PSA:
1. Download Only from Official Channels
Only trust the official website: https://token.im (please manually enter the URL in your browser).
During the download and installation process, your phone browser or device manufacturer may display risk warnings or block the download. This does not necessarily mean the app is unsafe—it is often part of the device’s security policy.
After confirming that the download link is correct, you can try switching browsers (such as Edge, Firefox, or Chrome) and manually entering the official website address.
2. Verify the Official Developer Information in App Stores
When downloading from the App Store or Google Play, always confirm that the developer name is the official entity: IMTOKEN PTE. LTD.If you see a message such as “This app is not available in your country or region,” it means the region associated with your Apple ID (for example, Mainland China) may not currently support the app.
In this case, you can try switching to an Apple ID registered in another region or contact official support for assistance.
3. Your Mnemonic Phrase / Private Key Is the Ultimate Line of Defense
Your mnemonic phrase or private key represents full control of your assets. Please back it up offline and store it securely (for example, write it down on paper or use a dedicated mnemonic storage device).
- Do not take screenshots
- Do not take photos
- Do not store it online
Never disclose it to anyone, and never import it into unknown apps or websites.
imToken Is Always Protecting Your Token Security
In January, imToken marked a total of 308,522 risky tokens, banned 551 risky DApp websites and marked 489 risky addresses.
If you encounter any suspicious tokens or DApps, please report them to us at support@token.im to help protect other users.
Closing Thoughts
Scams are constantly evolving, and it can be difficult for everyday users to stay fully protected. imToken is committed to detecting threats quickly, developing solutions, and keeping the community informed through timely alerts and education—so we can reduce losses and improve overall crypto safety.
We invite you to read and share the imToken Wallet Security Monthly Report, and work with imToken to keep every token safe.