Security specialists have reported an increase in fraudulent Telegram channels that present themselves as support groups for crypto wallet services. These channels use names that appear legitimate and often copy branding elements associated with well-known platforms. Their operators encourage users to seek technical help and then direct them to links or instructions that trigger malicious activity. The aim is to obtain wallet access and move assets to attacker-controlled accounts. Researchers described these channels as widespread and noted that some use automated bots to inflate membership numbers and create the appearance of credibility.
Investigators stated that the channels direct users to connect their wallets or install software that is presented as a diagnostic tool. Once the user complies, the attacker can initiate transactions that transfer assets out of the wallet. Because blockchain transactions are irreversible, the funds cannot be retrieved once moved. The activity is linked to malware known as a drainer, which is designed to obtain approval for transfers without the victim’s knowledge. Some drainers are offered as subscription-based tools that allow different groups to conduct similar attacks under a shared framework.
The scammers often claim that users must verify their wallets to resolve issues such as failed transfers or blocked accounts. They may also refer to supposed airdrops or compensation programmes to encourage victims to sign transactions. These social engineering methods are intended to convey urgency and prevent users from verifying the claims through official channels. Researchers noted that the design of drainer tools enables rapid movement of funds and that the attackers often route assets through several wallets to complicate tracing.
Specialists said that these schemes exploit common misunderstandings about how decentralised finance systems operate. Wallet providers do not request private keys or require users to approve transactions through public messaging platforms. They also do not direct customers to install software that lacks verification through recognised app stores. Any request that does not originate from an official support page should be treated with caution. Users who joined the fraudulent channels often reported that the contact began with simple queries before escalating to requests that exposed their wallets.
Security analysts recommend that cryptocurrency users avoid interacting with Telegram support channels that are not verified by the relevant wallet provider. Official support is generally offered through websites with secure communication systems rather than public group chats. Users should also refrain from approving wallet connect prompts that are not initiated through trusted applications. Regularly reviewing wallet permissions can reduce exposure to malicious contracts. Cold storage solutions or multi-factor authentication provide additional safeguards where available.
Researchers emphasise the importance of user awareness because the fraudulent channels are designed to exploit trust rather than technical vulnerabilities. They advise users to confirm any support-related instructions through official websites and to avoid engaging with channels that request sensitive information. Reporting suspicious accounts to Telegram can assist in limiting further activity. The growing presence of coordinated drainer schemes across messaging platforms highlights the need for caution when handling crypto wallet issues outside of recognised support environments.