OpenBlock helps you understand crypto before you act.

Appearance
EN
Weekly Briefing
OpenBlock
Scam Watch

Fake support chats are still one of the easiest crypto scams to miss

These scams do not usually begin with greed. They begin with stress, confusion, and a message that sounds like help.

By Nina Park April 5, 2026 6 min read
SecurityScam WatchWallets

Key points

Scam Watch
  • A believable problem is enough to start the scam.
  • Private chat is a warning sign, not proof of support.
  • If sensitive data was shared, move from doubt to containment immediately.
OpenBlock security illustration
Why this matters

The scam works by moving you away from official channels and into a private conversation where urgency can do the work.

A believable problem is often more effective than an unbelievable promise.

That is why fake support scams keep catching people who were only trying to fix an issue.

If support finds you first, the interaction is already off the normal path.

How the playbook starts

You post about a transfer problem, search for help, or receive a warning about a wallet or exchange account. Soon after, a “support agent” appears in replies, direct messages, or paid search results.

A common entry point is a post on X, a Telegram question, a Discord help request, or a paid Google result that sits above the real domain. The account name often borrows the exchange or wallet brand closely enough that the first glance feels familiar.

This works because the victim already has a problem to solve: a delayed withdrawal, a failed swap, a bridge screen that looks frozen, or a warning about account activity. The scammer is stepping into a conversation that stress already opened.

What the scammer is trying to control

The goal is not only to get information. It is to get you away from public context, comparison, and time to think. Private chat removes the friction that might have saved you.

Once the private chat starts, the attacker usually narrows your field of view. They ask you to leave the public thread, avoid opening a ticket, and follow one small instruction at a time: send a screenshot, confirm your balance, reconnect the wallet, or paste a code.

That sequencing matters. By the time a wallet popup or a transfer request appears, the dangerous step no longer feels like the beginning of a scam. It feels like the next checkbox in a support workflow you have already been trained to obey.

What to do if the chat already started

End the conversation, verify the platform from a link you typed yourself, and do not keep negotiating “just in case.” If you shared anything sensitive, move directly into containment: passwords, email, approvals, and device checks.

The end goal changes with the route. Sometimes they want a seed phrase for full takeover. Sometimes they want a private key, a wallet approval that can drain tokens later, a signature that unlocks permissions, or a small test transfer that proves the route works and that you will keep cooperating.

If any of those steps already happened, stop replying, close every link they sent, open the platform from a URL you typed or bookmarked yourself, and review email security, account sessions, wallet approvals, and recent device activity before you do anything else.

Common mistakes

  • Replying inside the route they chose

    A private chat, a top search ad, or a fresh DM is not neutral just because the tone sounds helpful.

  • Treating a signature as harmless

    The wallet popup may be the real action, even when the site copy above it sounds routine.

  • Waiting too long after sharing something

    The first calm operational checks usually matter more than another round of conversation with the attacker.

What you should do

Read the safety-center version and the after-loss checklist before you assume the danger is over because the chat has stopped.

  • Stop replying inside the original chat or message thread.
  • Open the platform only from a URL you typed or bookmarked yourself.
  • Review wallet approvals, email security, and active account sessions immediately.