Recently, we‘ve received multiple reports of scams involving fake stablecoins. In these cases, scammers created fake tokens with names that closely resemble USDT and used claims such as “discounted USDT” or “stablecoins from special channels” to lure users into trades, ultimately leading to financial losses.
What makes this type of scam deceptive is that scammers send fake tokens to users through on-chain transfers that appear to be withdrawals from exchanges. By exploiting users’ trust in exchange-related addresses, they mislead users into believing the tokens are genuine stablecoins, lowering their defenses and completing the trade.
Case Study
A user named Mike met an OTC dealer in a community group who claimed to offer a “stablecoin payment channel.” During the OTC trade, the dealer showed Mike a token transfer record from an exchange hot wallet. Because the token name and icon looked very similar to USDT, Mike mistakenly believed he had received genuine USDT withdrawn from an exchange and paid the dealer an equivalent amount of assets.
After further verification, the token was found to be not genuine USDT, but a fake token with a similar name and no meaningful liquidity or underlying value. Although it could be transferred on-chain, it was not a real stablecoin and held no actual value.
How Do These Scams Work?
1. Using “discounted USDT” as bait while actually selling fake tokens
Scammers often package fake tokens as USDT, stablecoins, special-channel assets, or discounted USDT, claiming that they can be offered below the market price. This creates an expectation of arbitrage and makes users more likely to proceed with the trade. If users only focus on “the amount they received,” “balance screenshots,” or “where the transaction came from,” they may overlook the most important verification detail.
To determine whether a token is an official USDT, the key information to check is not the balance screenshot or the sending address, but the token contract address. For example, the official USDT contract address on the TRON network is :TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t
If the contract address is different, it is not the same token.
2. Using exchange hot wallet labels to create the illusion of “exchange endorsement”
Scammers may first deposit fake tokens into an exchange, then send them to users through certain exchange withdrawal flows, such as withdrawing non-tradable assets. As a result, when users check the transaction in a block explorer, they may see an on-chain record showing “Exchange Hot Wallet → user address.”
Many users may mistakenly believe that if a token was sent from an exchange, it must be a real asset or has even been recognized by the exchange. This assumption is wrong. An exchange hot wallet label only means that the transfer passed through an exchange-related address. It does not mean the exchange supports, lists, or endorses the token.
In other words, the fact that a token can be transferred on-chain, deposited into an exchange, or sent from an exchange-related address does not mean it is genuine USDT, nor does it mean the token has real liquidity.
3. Using similar names and icons to confuse users
Scammers may give tokens names and icons that closely resemble USDT, such as USTD, Tether USD, USDT Pro, or USDTX, making users think they are official stablecoins.
Some fake tokens may also have had a small amount of liquidity added on a decentralized exchange (DEX), or may have interacted with addresses related to well-known DEXs or aggregators. Scammers may use this to claim that the token “has on-chain records,” “can be swapped on a DEX,” or “is not fake.”
However, token names and icons can be forged. DApp interaction records do not equal official verification, nor do they prove that the token has real liquidity. Even if a token can be transferred or interacted with on-chain, it may still have no real buyers, no reliable price, or no normal way to be swapped for mainstream tokens. The most important basis for verifying a token’s identity is always the contract address.
PSA:
- Verify the contract address: Before accepting unfamiliar tokens, participating in OTC trades, community trades, or offline payments, always verify the token contract address first. Do not judge whether a token is real based only on its name, icon, balance screenshot, received transaction record, DEX interaction records, or block explorer labels.
- Do not blindly trust the source: Even if a token appears to come from an exchange hot wallet on-chain, it does not mean the token is recognized by the exchange, has real value, or can be swapped normally.
- Watch for warning signs: If a token is marked as a non-tradable asset on an exchange, or cannot enter the normal tradable balance, treat it as a risk signal rather than proof that “trading will be enabled later.”
- Stop trading immediately if you suspect a scam: If you encounter a suspicious token, keep evidence such as the transaction hash, token contract address, and chat records. Do not proceed with any further transactions.
imToken Is Always Protecting Your Token Security
In May, imToken marked a total of 22,401 risky tokens, banned 489 risky DApp websites and flagged 361 risky addresses.
If you encounter any suspicious tokens or DApps, please report them to us at support@token.im to help protect other users.
Closing Thoughts
Scams are constantly evolving, and it can be difficult for everyday users to stay fully protected. imToken is committed to detecting threats quickly, developing solutions, and keeping the community informed through timely alerts and education—so we can reduce losses and improve overall crypto safety.
We invite you to read and share the imToken Wallet Security Monthly Report, and work with imToken to keep every token safe.