Lately there seems to be an increase of scammers trying to steal your Chia, this often comes in three forms including but not limited to… (its not the old give me your secret keys exploits anymore)
- Private Direct Messages on the social media platforms you posted issues to like Facebook, Twitter, Reddit, Discord, Chiaforum (Chiaforum is NOT an official Chia Network Inc website and is riddled with DM scammers), etc.
- Discord invites to “Support Tickets” or “Ticket Time” or “Chia Support” or some other assistive sounding title masquerading as official support, redirecting you to a private server
- Links to websites where they get you to install software that opens up your computer to exploit or runs scripts that drain your wallet by sending transactions to them
The goal is to isolate you out of public view, because others would try to stop them and point out you are falling for a scam, so if anyone tries to pull you into someplace private, ITS A TRAP!
Sometimes the person will message you first in public, suggesting they ran into a similar issue and have a solution but want you to private message them or to follow a link they give, ITS A TRAP!
Depending on the platform, they may use official sounding usernames like “Support” or “Admin” to assuage fears about being illegitimate (Most platforms let you pick any username, ITS A TRAP!)
Once they separate you from others they may ask you to describe the problem and then pretend they identified a problem, sometimes going so far as to “check” something themselves, ITS A TRAP!
Ultimately they need a way to gain access to your keys, or run a script on your wallet, or software to remotely access your machine, they often send you to another website to get it, ITS A TRAP!
I talked with one scammer to get an idea of what a fake “support” conversation may look like to give everyone an example, the photo below is someone who redirected me to their “Ticket Tool” Discord to get me into a one on one conversation, I removed my comments so you can see the act.
You can see they use the name of a common software service, but, as you guessed it, ITS A TRAP.
You can see they want a wallet address, not to help, but to know how much you might have, possibly to prioritize you above others they are actively scamming (thousands on that Discord).
They get me to describe the issue, then pretend an attempt to resolve it, they come back saying they identified the issue and it requires some additional steps to correct it, for that, they want me to visit a website and download some software. (after they caught on I was faking the issue, they removed the website name, but don’t worry, I got a screen shot of that too, see below.)
DO NOT VISIT THAT WEBSITE, ITS ENTIRE PURPOSE IS TO SCAM YOU. Since I visited it for you, I can tell you they are trying to scam ANY crypto you have, they would not stop at just Chia.
Whats more shocking, that domain name was created TODAY, hours ago, thats how quick the scams rotate to new domain names as soon as enough people get scammed and file complaints.
So what can you do to avoid scams like this?
- Get to know the REAL support methods, like the Chia Discord Chia Network (Some will try to fake the Discord name but its difficult to fake that link) or you can utilize the Chia Github GitHub - Chia-Network/chia-blockchain: Chia blockchain python implementation (full node, farmer, harvester, timelord, and wallet) to post about issues in public view (This Reddit has a public support thread, use it in public view, don’t get isolated in private messages)
- Verify any links you click go to the actual source you want, yes, even the links I just posted you should validate, people have and WILL continue trying to fake them https://www.chia.net/
- Keep issues in public view where many others are able to see and engage with you, this has numerous benefits, more who can assist in public and less chance a scammer survives
- STOP DOWNLOADING SOLUTIONS, if there is a software issue, an update will be on Chia’s website as the code is updated, or there will be a limited amount of manual steps you can try, like shutting down the node to restart the computer, or reset the wallet database, or edit the config (none of which needs third party programs and you can do on your own)
- STOP RUNNING RANDOM SCRIPTS, sometimes the easier way to steal coins is to get people to execute code in power shell or a command line under the guise it will resolve their problem with “bad peers” or “fix a slow database sync” and sometimes it may initially do that but also now have access to your wallet to execute a transaction draining it
- Do not use “Wallet Connect” to connect to someone looking to “support” you, all they want to do is drain your wallet by getting you to connect to them and get rugged with a transaction
Please add any other helpful tips that I may have missed, its hard to stay ahead of scammers but I felt it was important to share some of this information as I run into scammers on a daily basis due to my frequent daily participation on multiple platforms, so I wanted to give a glimpse of that experience so people may be better prepared to spot and identify scammers, or avoid them altogether.