As crypto tools grow more complex and communities spread across platforms, decisions that affect security increasingly happen in the communication channels users rely on daily.

In the absence of formal support structures across many crypto projects, Telegram has become one of the primary spaces where users look for guidance, clarification, and peer assistance around wallets, DeFi protocols, and infrastructure tools.

That reliance is now being exploited. In late 2025, SEAL Intelligence reported tracking close to 4,000 fake ‘official support’ Telegram channels used to distribute wallet drainers. In a separate Telegram-focused analysis, investigators identified over 100 unique scam websites linked from roughly 80 fake support chats. In addition, continuous tracking shows that new impersonation channels frequently appear shortly after existing ones are removed.

How Fake “Official Support” Channels Operate on Telegram

Fake “official support” channels typically appear at the moment a user is already looking for help. They surface through Telegram search results or shared links, using names and branding that closely resemble real crypto projects. At this stage, nothing looks unusual - the channel presents itself as a place to resolve a problem.

Once inside, the interaction unfolds like ordinary support. Questions are acknowledged, responses feel procedural, and the environment appears active and moderated. Investigators note that this phase is designed to normalize the interaction and establish credibility before any harmful action is introduced.

The final phase moves the user away from the public chat and into a directed action - typically a private conversation or an external page framed as part of “verification,” “recovery,” or “sync.” According to multiple investigations, this is where wallet-draining mechanisms are deployed, either through recovery phrase capture or malicious wallet signature requests that enable asset extraction.

Why This Matters for Crypto Security

• This pattern changes the starting point of crypto compromise. The attacker doesn’t need to “find” a victim through spam. The victim arrives by searching for help, inside a space that looks like normal community support, which makes the trust barrier much lower.

• Once the compromise is triggered, the outcome is hard to reverse. Wallet drainers are built around user-authorized actions (phrases, signatures, approvals), and losses can happen quickly once the final step is completed.
  

• Because these operations are scalable and quickly rebuilt, removing individual channels does not disrupt the underlying model. Impersonation networks continue to resurface under new names, repeatedly targeting the same help-seeking behavior.

How to Stay EXTRA SAFE From Fake “Official Support” Channels on Telegram

For Individual Users:

• Treat any Telegram “support” message that leads to wallet actions as a security risk. Investigations confirm that fake support channels routinely guide users into drainer flows involving seed phrases or wallet signatures.

• Never enter recovery phrases, private keys, or sign wallet requests in response to chat-based support instructions. Reporting shows these actions are the primary execution point for wallet drainers distributed through Telegram.

• Use separation by design. Keep long-term holdings in wallets that are never used for community interaction, troubleshooting, or experimental dApps.

For Crypto Teams and Communities:

• Publish official support channels in one canonical, easily discoverable location. SEAL explicitly recommends reducing impersonation risk by limiting where users are directed for help.

• Actively monitor Telegram for brand impersonation and treat it as a security incident, not a moderation issue. Independent investigations show fake support channels are rebuilt quickly after takedowns.

• Avoid conducting any wallet-related support inside Telegram chats. Move verification and remediation processes into controlled, verifiable environments.

About #EXTRASAFEcheck: New security risks pop up every day, spreading faster than ever. From AI flaws to data leaks, even the most popular apps can pose hidden threats, affecting both teams and individual users. That’s why our monthly review brings you the most important updates to keep you informed and protected. Follow #EXTRASAFEcheck to spot risks early and make safer online choices.