coinedition.com
India’s cybercrime agency has warned of rising scams targeting Trust Wallet users. The alert follows a surge in fraud complaints reported nationwide. Attackers use fake verification steps to gain access and drain funds.
Spike in Crypto Fraud Cases
The Indian Cyber Crime Coordination Center (I4C) has issued a formal advisory after detecting a rise in crypto fraud. The agency said the increase was observed through complaints filed on the national cybercrime reporting portal, cybercrime.gov.in.
The advisory points to a growing trend of “wallet drainer” attacks. These scams target retail cryptocurrency users who rely on self-custody wallets.
How the Scam Operates
Scammers first approach potential victims on peer-to-peer trading platforms such as Binance. Once contact is established, conversations move to private messaging platforms like WhatsApp or Telegram. The aim is to reduce the chances of detection or intervention by platform operators.
The attackers then introduce a fabricated requirement described as “crypto asset verification”. Victims are told this step is mandatory to complete a transaction, a tactic that creates urgency and increases compliance.
Users are directed to fraudulent websites that mimic legitimate blockchain services. These sites prompt users to connect their wallets. Once connected, victims unknowingly approve malicious smart contract permissions.
Instant Wallet Draining Mechanism
Authorities said the key risk lies in the permissions granted during the process. Once approved, attackers gain programmatic control over the wallet.
The transfer process is automated and near-instant. No additional confirmation from the victim is required after the initial approval. This makes the attack difficult to stop once it begins.
Because blockchain networks operate without central oversight, transactions cannot be easily reversed. This leaves victims with limited options for recovery.
Warnings and Safety Measures
The I4C urged users to take immediate precautions. It advised users to disconnect all unknown or suspicious decentralized applications from their wallet settings.
The agency also warned against sharing seed phrases. These phrases provide full access to a wallet and should never be disclosed.
Trust Wallet includes a built-in “Critical Risk Alert” feature. This alert appears when users attempt to connect to flagged domains. However, officials said scammers often pressure victims into ignoring these warnings.
Users are encouraged to remain cautious when interacting with unknown links or urgent requests involving digital assets.
Related: India Cracks Down on Trafficking Ring Behind Crypto Scam Parks