Public Service Announcement: Scammers are actively trying to steal Chia (XCH) by pretending to be "support" on various platforms, I ran into one today, here is that example

Support
1

Lately there seems to be an increase of scammers trying to steal your Chia, this often comes in three forms including but not limited to… (its not the old give me your secret keys exploits anymore)

  • Private Direct Messages on the social media platforms you posted issues to like Facebook, Twitter, Reddit, Discord, Chiaforum (Chiaforum is NOT an official Chia Network Inc website and is riddled with DM scammers), etc.
  • Discord invites to “Support Tickets” or “Ticket Time” or “Chia Support” or some other assistive sounding title masquerading as official support, redirecting you to a private server
  • Links to websites where they get you to install software that opens up your computer to exploit or runs scripts that drain your wallet by sending transactions to them

The goal is to isolate you out of public view, because others would try to stop them and point out you are falling for a scam, so if anyone tries to pull you into someplace private, ITS A TRAP!

Screenshot (1454)
Screenshot (1454)733×414 55.3 KB

Sometimes the person will message you first in public, suggesting they ran into a similar issue and have a solution but want you to private message them or to follow a link they give, ITS A TRAP!

Depending on the platform, they may use official sounding usernames like “Support” or “Admin” to assuage fears about being illegitimate (Most platforms let you pick any username, ITS A TRAP!)

Once they separate you from others they may ask you to describe the problem and then pretend they identified a problem, sometimes going so far as to “check” something themselves, ITS A TRAP!

Ultimately they need a way to gain access to your keys, or run a script on your wallet, or software to remotely access your machine, they often send you to another website to get it, ITS A TRAP!

I talked with one scammer to get an idea of what a fake “support” conversation may look like to give everyone an example, the photo below is someone who redirected me to their “Ticket Tool” Discord to get me into a one on one conversation, I removed my comments so you can see the act.

Screenshot (1452)
Screenshot (1452)2201×1114 165 KB

You can see they use the name of a common software service, but, as you guessed it, ITS A TRAP.

You can see they want a wallet address, not to help, but to know how much you might have, possibly to prioritize you above others they are actively scamming (thousands on that Discord).

They get me to describe the issue, then pretend an attempt to resolve it, they come back saying they identified the issue and it requires some additional steps to correct it, for that, they want me to visit a website and download some software. (after they caught on I was faking the issue, they removed the website name, but don’t worry, I got a screen shot of that too, see below.)

Screenshot_1450
Screenshot_14501611×442 86.8 KB

DO NOT VISIT THAT WEBSITE, ITS ENTIRE PURPOSE IS TO SCAM YOU. Since I visited it for you, I can tell you they are trying to scam ANY crypto you have, they would not stop at just Chia.

Whats more shocking, that domain name was created TODAY, hours ago, thats how quick the scams rotate to new domain names as soon as enough people get scammed and file complaints.

Screenshot (1455)
Screenshot (1455)1444×653 194 KB

So what can you do to avoid scams like this?

  • Get to know the REAL support methods, like the Chia Discord Chia Network (Some will try to fake the Discord name but its difficult to fake that link) or you can utilize the Chia Github GitHub - Chia-Network/chia-blockchain: Chia blockchain python implementation (full node, farmer, harvester, timelord, and wallet) to post about issues in public view (This Reddit has a public support thread, use it in public view, don’t get isolated in private messages)
  • Verify any links you click go to the actual source you want, yes, even the links I just posted you should validate, people have and WILL continue trying to fake them https://www.chia.net/
  • Keep issues in public view where many others are able to see and engage with you, this has numerous benefits, more who can assist in public and less chance a scammer survives
  • STOP DOWNLOADING SOLUTIONS, if there is a software issue, an update will be on Chia’s website as the code is updated, or there will be a limited amount of manual steps you can try, like shutting down the node to restart the computer, or reset the wallet database, or edit the config (none of which needs third party programs and you can do on your own)
  • STOP RUNNING RANDOM SCRIPTS, sometimes the easier way to steal coins is to get people to execute code in power shell or a command line under the guise it will resolve their problem with “bad peers” or “fix a slow database sync” and sometimes it may initially do that but also now have access to your wallet to execute a transaction draining it
  • Do not use “Wallet Connect” to connect to someone looking to “support” you, all they want to do is drain your wallet by getting you to connect to them and get rugged with a transaction

Please add any other helpful tips that I may have missed, its hard to stay ahead of scammers but I felt it was important to share some of this information as I run into scammers on a daily basis due to my frequent daily participation on multiple platforms, so I wanted to give a glimpse of that experience so people may be better prepared to spot and identify scammers, or avoid them altogether.

5 Likes
2

Great post.

I’ve had these messages twice on here recently, and posted on the forum to raise attention both times. I’m aware of one person that mentioned they’d opened a ticket, but it seems they got out early enough after I warned them.

1 Like
3

Thanks for sharing this vital info!

4

Here are some examples from Discord showing the types of messages you may get from the scammers, suggesting they experienced something similar, have a solution and want to link you to it, either directing you to their Discord to isolate you, or directly to the malware downloads.

Support Channel Scammer Message 1
Support Channel Scammer Message 11631×204 34.1 KB

Support Channel Scammer Message 2
Support Channel Scammer Message 21579×217 29.8 KB

Never go into private messages, stay in public because not only can others help, but they will be more likely to call out the scammers for telling you to get things that will compromise your machine.

Sometimes they will say its too complicated to explain, but its easy to copy/paste data of their solution on another website, but then they couldn’t isolate you to get you to download the malware.

Often the websites they send you to, have NOTHING to do with your problem or Chia, they will just be generic sites with something to download software claiming to magically resolve your problems.

P.S. The domain name and website in my original post, created roughly 24 hours ago, is already gone, thats how quick they move from site to site so nobody can google to see if its a scam.

2 Likes
5

Here’s a couple of more examples, these are from this forum. The second one was sent to me, twice by the same scam artist, even though I told them what I thought of them the first time, they then edited the message, thinking they could hide what they wrote.

image
image1465×479 99.5 KB

image
image992×307 27 KB

4 Likes
6

Thats exactly what they did with the website URL on the “Ticket Tool” Discord they used (see photo in original message), they clearly know what they are doing is wrong, so its not innocent call center people being tricked into scamming people, its people actively knowing and participating in the scam.

2 Likes
7

@dchuk perhaps you can ban the users in question, or perhaps ban their IP address from this forum?

See the private message attachments used by the scammers on this forum, provided above.

8

Unfortunately I doubt that will work, it’s so easy to use a different IP address etc.

On another note, whilst the self moderation style of the forum sort of works for forum thread postings, it’s useless for private messages.

9

They should still be banned.

Force the scammers to jump through more hoops. Keep frustrating them.

10

I agree, but it would be a relentless job, new users shouldn’t be allowed to send private messages until they’ve reached a certain level.

1 Like
11

Do not give our host a reason to throw in the towel.

Agreed. And I thought that new users were unable to send (or, I should say, initiate) private messages? I thought that privilege was already restricted to users that have earned a somewhat higher trust level?

If they do have to earn a higher trust level, then that means that the scammers have to spend time and effort to work their scam. All the more reason to ban them. They will have wasted time and effort elevating to the higher trust level.

12

I don’t think they ever had the towel, they last visited September 2023, last post I think was in May.

Unfortunately it seems pretty trivial to get to the level required to send private messages.

Scammer.

13

https://chiaforum.com/badges/1/basic

Make an account, wait a few days, click a few posts, done, private message scamming access granted.

This absolutely needs to be increased as you mentioned, otherwise it never slows down, if its like the other social media sites, they already have dozens or hundreds of accounts ready to go as they get shutdown one by one, because there is no pain in repeating the process, classic easy button.

One of the biggest issues with this site, missing moderation, they could easily grab a couple of you as moderators or reach out to other communities where people would be more than happy to volunteer, but they just don’t seem interested in creating a safe community actively addressing these issues.

14

New scammer accounts spotted on ChiaForum, be aware their goal is to get you isolated in DMs or redirect you to another website, rather than actually assist you in public view, thats key to the scam.

jamesprog chiaforum scammer
jamesprog chiaforum scammer1263×923 89.2 KB

jeffprog chiaforum scammer
jeffprog chiaforum scammer1254×598 56.9 KB

chiaforum scammer pichardo
chiaforum scammer pichardo1275×614 57.8 KB

Notice the similar names, similar messages, they likely have many scam accounts by now.

Please review the original message to be better informed on this issue of scammers posing as “support” in order to steal any coins you have, they will steal anything, not just Chia (XCH).

3 Likes
15

It seems both of the accounts you caught are still active as of today, months later still scamming, one as recent as an hour ago was seen on this website according to their profile summary…

This is a reminder to everyone, ChiaForum is NOT an official Chia website, scammers are posing as support using private messages to isolate you from others who would call out the scam in public, never take help from someone in private messages because they want to steal your coins.

2 Likes
16

I have been just approached by @jamesProg offering help (as he did to others before). After dragging him for a bit, the fuck offered me to contact ‘Chia live support’.

The website he provided is part of the scam they run. Actually, they are using googledomains.com as their name servers and markmonitor.com as domain registrar, so maybe contacting google would knock off that page for a few minutes.

Looks like there is an easy way to report that to google - send email to registrar-abuse@google.com. I will do it shortly. Maybe those folks that got similar thing can also email google about that.

Here is the end of that thread:

Jacek

13m

deleting those transactions, deleting wallet db, rebooting, reinstalling.

Reply

jamesProg

7m

**hello sorry for the inconvenience kindly reach out to Chia live support for help on the issues ticket ID Ch43099 @Jacek

Jacek

2m

what do i do on that page? where do i enter that ticked ID?

Reply

jamesProg

1m

on the bottom right corner click on the chat icon to open a chat with a live support and explain for them so they can fix the error for you @Jacek

@dchuk Is it really that hard to ban those scammers?

1 Like
17

When I looked at the link they provided to you connectsupports.web.app its seems they are using a service called web.app which redirects to firebase.google.com/products/hosting/ which allows them to create a subdomain off the web.app domain name, so the best bet would be to contact that service and let them know malicious people are sharing malware and stealing crypto via their service, provide your screen shots and any other evidence you can.

(link to report malware to Firebase below)

18

I have already reported it to abuse at googledomains.com. I will let them worry how scammers are using their service whether directly or indirectly.

I mean, I knew from the very first post that scoundrel made what he was up to. I was just dragging him to provide more info.

1 Like
19

Here’s another:

Capture
Capture787×476 45.1 KB

Capture2
Capture2824×358 19.2 KB

2 Likes