Scammers are leveraging a sophisticated mix of fake X (formerly Twitter) accounts, phony Telegram channels, and malicious verification bots to steal cryptocurrency, blockchain security firm Scam Sniffer has warned.
In a Dec. 10 X post, Scam Sniffer detailed how scammers impersonate popular crypto influencers on X, luring victims into fake Telegram groups under the guise of offering investment insights. Once inside the group, users are pressured to verify their identity using a fake bot named “OfficiaISafeguardBot.”
The bot creates a sense of urgency with short verification windows, then injects malicious PowerShell code into victims’ systems. This malware enables scammers to steal private keys and crypto wallets.
A Growing and Sophisticated Threat
Scam Sniffer told Cointelegraph that while malware distribution through Telegram isn’t new, this is the first time such a coordinated effort has combined fake X accounts, Telegram channels, and malicious bots.
“It’s currently unclear if there are other malicious bots. However, it’s obviously simple for them to impersonate others as well,” the firm explained.
The infrastructure behind such scams has become more advanced, evolving into “scam-as-a-service” operations. Much like crypto wallet-draining software, malicious tools are now being rented to scammers, amplifying their reach.
Rising Impersonation and Phishing Cases
The trend of impersonation scams is accelerating at an alarming rate. According to Scam Sniffer:
- An average of 300 impersonator accounts are detected daily on X in December, nearly double November’s average of 160.
- At least two victims have lost over $3 million by clicking malicious links and signing fraudulent transactions from fake accounts.
The surge coincides with Cado Security Labs reporting targeted attacks on Web3 workers. Scammers are using fake meeting apps to inject malware, stealing credentials for websites, applications, and crypto wallets.
Phishing Surge Expected During Holidays
Web3 security platform Cyvers has also raised concerns about a phishing attack spike in December. As online transactions increase during the holiday season, hackers are exploiting the uptick to target unsuspecting users.
Cyvers and Scam Sniffer both highlight that heightened vigilance is essential. Scammers rely on social engineering, creating urgency and false authority to trick victims into compromising their assets.
The emergence of scams combining fake X accounts, Telegram bots, and malware marks a dangerous escalation in crypto-targeted attacks. With impersonation scams doubling and high-value thefts becoming more frequent, both regular users and Web3 professionals must remain cautious. As the holiday season approaches, awareness and robust security practices are more crucial than ever.
Bitcoin 
Ethereum 
XRP 
Tether 
BNB 
Solana 
Dogecoin 
USDC 
Lido Staked Ether 
Cardano