Cryptocurrency wallets play a vital role in allowing crypto holders to buy, sell, and exchange currencies and tokens. There are many different types of wallets, both on and offline, that provide different levels of flexibility and protection. Even when wallets are secure against a wide range of potential attacks, scammers are still finding ways to take control and steal their victims’ holdings.
WalletConnect is a protocol that allows users to connect cryptocurrency wallets to various applications securely. Users can create a wallet through WalletConnect, which then facilitates sending and receiving cryptocurrencies while keeping their private keys safe. WalletConnect isn’t holding cryptocurrencies for its users. It’s serving as a tool to manage their wallet.
Recent scams are targeting a weak link in this secure system, the users themselves. Users secure their WalletConnect accounts, and access their wallets, with a series of wallet seed words. This provides users a way to recover access to their wallets if they lose their 256-bit private key. The 12-word phrase should be guarded just as closely as the private key.
Scammers have been using spoofed websites to retrieve this sensitive information from their victims. The process works the same as many other types of phishing scams. The fake website is designed to look like a legitimate WalletConnect website, and the victim is prompted to enter their 12-word phrase to recover their wallet. However, they’re sending that information directly to the scammers.
With the 12-word phrase, the scammers now have complete control over the victim’s wallet. They quickly transfer everything out and move on to their next potential victim. By the time the user realizes what happened, it’s too late, and their crypto holdings are simply gone.
The scammers spread links to their fake websites through a variety of different platforms. Many use pop-up ads. WalletConnect browser add-ons that let users interact with decentralized apps on web pages. A pop-up can be designed to mimic the look of these add-ons and convince users that they need to recover their accounts.
Scammers also send both SMS and email messages regarding an account issue. These practices have been in use for a long time, targeting bank accounts or other services that would give access to a victim’s funds. Today, these standard scam techniques are causing countless crypto enthusiasts to lose the entire contents of their wallets.
Trust Wallet Scams
Trust Wallet is another non-custodial wallet option that lets cryptocurrency holders maintain complete control over their holdings. Unfortunately, scammers are still able to find ways to get their victims to hand over that control.
Much like WalletConnect, Trust Wallet relies on a recovery phrase to allow users to regain access to their wallets. Many of the same tactics are being used to target Trust Wallet users. Scammers are directing them toward fake websites that look like Trust Wallet’s actual website. The pages ask for the recovery phrase and send it to the scammers when the victim provides it.
Many of the Trust Wallet scams are based on one specific aspect of cryptocurrency regulation. In the US and other countries, money service businesses are required to put know your customer (KYC) measures in place. That means collecting personal information to link individuals to their accounts. Many cryptocurrency exchanges are now required to do this.
Non-custodial wallets like Trust Wallet do not currently have any KYC requirements. However, rules change all the time. Scammers know this and send out emails claiming that Trust Wallet will soon have KYC requirements. The email says that the user’s assets will be frozen on an approaching date and that they need to update their account. The link then sends them to the fake website.
The fake website then collects a wide range of personal information, not just the recovery phrase. This opens the door to scammers carrying out additional identity theft and compromising other accounts. It’s worth pointing out that there are some services like latest Quantum AI which is sometimes presented as a type of wallet. However, a quick search for Quantum AI review reveals a different story altogether.
Avoiding Crypto Wallet Scams
There are some simple steps that can be taken to avoid non-custodial cryptocurrency wallet scams. The most important is to never give out your recovery phrase to anyone. The only time it should be used is when accessing your wallet through the WalletConnect or Trust Wallet website or app. Do not follow links to those websites, as they may redirect to copycat websites. If you have business with your non-custodial wallet, always go directly to their website to cut scammers out of the loop.