Public Service Announcement: Scammers are actively trying to steal Chia (XCH) by pretending to be "support" on various platforms, I ran into one today, here is that example

Lately there seems to be an increase of scammers trying to steal your Chia, this often comes in three forms including but not limited to… (its not the old give me your secret keys exploits anymore)

  • Private Direct Messages on the social media platforms you posted issues to like Facebook, Twitter, Reddit, Discord, Chiaforum (Chiaforum is NOT an official Chia Network Inc website and is riddled with DM scammers), etc.
  • Discord invites to “Support Tickets” or “Ticket Time” or “Chia Support” or some other assistive sounding title masquerading as official support, redirecting you to a private server
  • Links to websites where they get you to install software that opens up your computer to exploit or runs scripts that drain your wallet by sending transactions to them

The goal is to isolate you out of public view, because others would try to stop them and point out you are falling for a scam, so if anyone tries to pull you into someplace private, ITS A TRAP!

Sometimes the person will message you first in public, suggesting they ran into a similar issue and have a solution but want you to private message them or to follow a link they give, ITS A TRAP!

Depending on the platform, they may use official sounding usernames like “Support” or “Admin” to assuage fears about being illegitimate (Most platforms let you pick any username, ITS A TRAP!)

Once they separate you from others they may ask you to describe the problem and then pretend they identified a problem, sometimes going so far as to “check” something themselves, ITS A TRAP!

Ultimately they need a way to gain access to your keys, or run a script on your wallet, or software to remotely access your machine, they often send you to another website to get it, ITS A TRAP!

I talked with one scammer to get an idea of what a fake “support” conversation may look like to give everyone an example, the photo below is someone who redirected me to their “Ticket Tool” Discord to get me into a one on one conversation, I removed my comments so you can see the act.

You can see they use the name of a common software service, but, as you guessed it, ITS A TRAP.

You can see they want a wallet address, not to help, but to know how much you might have, possibly to prioritize you above others they are actively scamming (thousands on that Discord).

They get me to describe the issue, then pretend an attempt to resolve it, they come back saying they identified the issue and it requires some additional steps to correct it, for that, they want me to visit a website and download some software. (after they caught on I was faking the issue, they removed the website name, but don’t worry, I got a screen shot of that too, see below.)

DO NOT VISIT THAT WEBSITE, ITS ENTIRE PURPOSE IS TO SCAM YOU. Since I visited it for you, I can tell you they are trying to scam ANY crypto you have, they would not stop at just Chia.

Whats more shocking, that domain name was created TODAY, hours ago, thats how quick the scams rotate to new domain names as soon as enough people get scammed and file complaints.

So what can you do to avoid scams like this?

  • Get to know the REAL support methods, like the Chia Discord Chia Network (Some will try to fake the Discord name but its difficult to fake that link) or you can utilize the Chia Github GitHub - Chia-Network/chia-blockchain: Chia blockchain python implementation (full node, farmer, harvester, timelord, and wallet) to post about issues in public view (This Reddit has a public support thread, use it in public view, don’t get isolated in private messages)
  • Verify any links you click go to the actual source you want, yes, even the links I just posted you should validate, people have and WILL continue trying to fake them https://www.chia.net/
  • Keep issues in public view where many others are able to see and engage with you, this has numerous benefits, more who can assist in public and less chance a scammer survives
  • STOP DOWNLOADING SOLUTIONS, if there is a software issue, an update will be on Chia’s website as the code is updated, or there will be a limited amount of manual steps you can try, like shutting down the node to restart the computer, or reset the wallet database, or edit the config (none of which needs third party programs and you can do on your own)
  • STOP RUNNING RANDOM SCRIPTS, sometimes the easier way to steal coins is to get people to execute code in power shell or a command line under the guise it will resolve their problem with “bad peers” or “fix a slow database sync” and sometimes it may initially do that but also now have access to your wallet to execute a transaction draining it
  • Do not use “Wallet Connect” to connect to someone looking to “support” you, all they want to do is drain your wallet by getting you to connect to them and get rugged with a transaction

Please add any other helpful tips that I may have missed, its hard to stay ahead of scammers but I felt it was important to share some of this information as I run into scammers on a daily basis due to my frequent daily participation on multiple platforms, so I wanted to give a glimpse of that experience so people may be better prepared to spot and identify scammers, or avoid them altogether.

5 Likes

Great post.

I’ve had these messages twice on here recently, and posted on the forum to raise attention both times. I’m aware of one person that mentioned they’d opened a ticket, but it seems they got out early enough after I warned them.

1 Like

Thanks for sharing this vital info!

Here are some examples from Discord showing the types of messages you may get from the scammers, suggesting they experienced something similar, have a solution and want to link you to it, either directing you to their Discord to isolate you, or directly to the malware downloads.


Never go into private messages, stay in public because not only can others help, but they will be more likely to call out the scammers for telling you to get things that will compromise your machine.

Sometimes they will say its too complicated to explain, but its easy to copy/paste data of their solution on another website, but then they couldn’t isolate you to get you to download the malware.

Often the websites they send you to, have NOTHING to do with your problem or Chia, they will just be generic sites with something to download software claiming to magically resolve your problems.

P.S. The domain name and website in my original post, created roughly 24 hours ago, is already gone, thats how quick they move from site to site so nobody can google to see if its a scam.

2 Likes

Here’s a couple of more examples, these are from this forum. The second one was sent to me, twice by the same scam artist, even though I told them what I thought of them the first time, they then edited the message, thinking they could hide what they wrote.

4 Likes

Thats exactly what they did with the website URL on the “Ticket Tool” Discord they used (see photo in original message), they clearly know what they are doing is wrong, so its not innocent call center people being tricked into scamming people, its people actively knowing and participating in the scam.

2 Likes

@dchuk perhaps you can ban the users in question, or perhaps ban their IP address from this forum?

See the private message attachments used by the scammers on this forum, provided above.

Unfortunately I doubt that will work, it’s so easy to use a different IP address etc.

On another note, whilst the self moderation style of the forum sort of works for forum thread postings, it’s useless for private messages.

They should still be banned.

Force the scammers to jump through more hoops. Keep frustrating them.

I agree, but it would be a relentless job, new users shouldn’t be allowed to send private messages until they’ve reached a certain level.

1 Like

Do not give our host a reason to throw in the towel.

Agreed. And I thought that new users were unable to send (or, I should say, initiate) private messages? I thought that privilege was already restricted to users that have earned a somewhat higher trust level?

If they do have to earn a higher trust level, then that means that the scammers have to spend time and effort to work their scam. All the more reason to ban them. They will have wasted time and effort elevating to the higher trust level.

I don’t think they ever had the towel, they last visited September 2023, last post I think was in May.

Unfortunately it seems pretty trivial to get to the level required to send private messages.

Scammer.

https://chiaforum.com/badges/1/basic

Make an account, wait a few days, click a few posts, done, private message scamming access granted.

This absolutely needs to be increased as you mentioned, otherwise it never slows down, if its like the other social media sites, they already have dozens or hundreds of accounts ready to go as they get shutdown one by one, because there is no pain in repeating the process, classic easy button.

One of the biggest issues with this site, missing moderation, they could easily grab a couple of you as moderators or reach out to other communities where people would be more than happy to volunteer, but they just don’t seem interested in creating a safe community actively addressing these issues.

New scammer accounts spotted on ChiaForum, be aware their goal is to get you isolated in DMs or redirect you to another website, rather than actually assist you in public view, thats key to the scam.

Notice the similar names, similar messages, they likely have many scam accounts by now.

Please review the original message to be better informed on this issue of scammers posing as “support” in order to steal any coins you have, they will steal anything, not just Chia (XCH).

3 Likes