Beware of crypto wallet-draining 'support channels' on Telegram
Crypto security researchers warn of hundreds of fake crypto-related support channels on Telegram that are designed to spread wallet drainers.

By Cybernews.
Crypto security researchers warn of hundreds of fake crypto-related support channels on Telegram that are designed to spread wallet drainers.
Developer and cybersecurity researcher Tim Sh said he stumbled upon a fake "Official Support" group with botted members and strange-looking instructions for users seeking help by accident, while a deeper months-long investigation together with other researchers revealed a network of fake support chats connected via admins, users, and malicious instructions. Among the uncovered drainers, the team also found a few instances of the infamous Inferno Drainer.
According to the researcher, in most cases, these fake channels are old chats that were bought, stolen, or perhaps created a long time ago. Moreover, Telegram is being criticized for the lack of verification and the fuzzy matching of search terms. The criminals are constantly refilling these fake channels with bots so Telegram doesn't detect botted accounts. Then the phishing begins by "answering" questions from users and trying to trick them into clicking on malicious links.
"In total, I collected 100+ unique websites from the 80 Telegram chats messages (and a lot more after that in cooperation with SEAL[, an alliance of crypto security experts]), with the most popular ones occurring 300-800 times (sic!)," Tim said, noting that these websites are using a very primitive scam technique, simply asking victims to enter their codes to their wallets and cryptoassets - seed words or private keys.
A scam network visualisation: important connections between the chats, their admins, and users. Source: timsh.org
Meanwhile, SEAL added that the criminals are using Telegram bots to open “a ticket,” while also claiming that channel administrators will not message users to make their channels look more credible.
However, in more advanced cases, where Inferno Drainer is used, a fake signature-signing module is incorporated.
"In this scenario, the user is asked to sign a permit signature, which in turn allows an attacker-controlled address to transfer all funds from the user's wallet," SEAL said, noting that even if the most popular ethereum (ETH) wallet, MetaMask, can detect a crypto drainer, "there are numerous examples where attackers are able to bypass this protection."
The researchers recommend that crypto teams list all official communication channels on every public-facing platform they use, and try to register similar handles and channels on various platforms, while cryptoasset users must double-check to ensure they are actually landing on the official support channel.
"DO NOT take the history of past conversations as a positive signal regarding the channel's validity. The impersonations we observed were often high-quality and difficult to distinguish from legitimate Telegram groups," SEAL warned, urging users to report suspicious channels or websites to @seal_tips_bot on Telegram.
Unlock more exclusive Cybernews content on YouTube.