You ask a question in some crypto group, and a few minutes later someone with the "admin" avatar slides into your DMs: "Saw your question, I'll help you sort it — just click this link and connect your wallet to verify." The tone is professional, and the avatar and name look exactly like the real admin in the group. But here's a judgment call you'll almost never get wrong: on Telegram, Discord, and the like, an "official" who DMs you first is, the overwhelming majority of the time, a scammer. This piece lays out how they fake it, which plays they run, and how to see through it at a glance.
- Unsolicited DM first = alarm number one. Real official staff and real admins almost never DM you out of the blue; they handle things publicly in the group.
- Anyone telling you to "connect your wallet to verify" or "give me your seed phrase / private key / code" is a scammer, full stop — no legitimate official ever asks for that.
- Avatars and display names can be faked; the one thing that's hard to fake is the full username (the @handle). Check it — off by a character or two and it's fake.
What this scam actually is
Put plainly: a scammer dresses up as "official staff" of some project, exchange, or community — admin, support agent, moderator — then DMs you first and walks you step by step toward handing over your assets or sensitive info.
The disguise can get convincing: they swap their avatar for the same image the real admin uses, change their display name to "OKX Support" or "Project Official Assistant," and some even tack on an "Admin" label. Wrap that in a professional, helpful script and a newcomer falls for it easily. But every bit of that disguise rests on one thing you can defeat just by building a habit — real officials don't come to you first in a DM.
Why it's so bad on Telegram and Discord
Impersonation happens everywhere, so why is this especially rampant on these two platforms? Three factors stack up into the perfect breeding ground:
Anonymous + easy to copy + bot-heavy
- Highly anonymous, low barrier to sign up: one phone number or email and you're in, hard to trace afterward, near-zero cost for the scammer.
- Avatars and names change in seconds: copying the real admin's avatar and display name exactly takes a few seconds, and to the naked eye there's no seam.
- Bots everywhere: these platforms are already full of automated bots, so a fake "official verification bot" blends right in.
On top of that, crypto communities cluster densely on these two platforms, so scammers can pick targets straight off the member list — especially the ones who just posted a question and clearly read as newcomers. The moment you reveal "I'm not too sure about this, I have a question," the DM may already be on its way.
The four plays scammers run
It's all variations on a theme. What you'll actually run into is some combination of these:
The fake "admin / support" DM
They see you asking a question or complaining in the group and immediately DM you with the admin's avatar: "I'm an admin, here to help." First they use "helping" to lower your guard, then slowly steer you toward a transfer, connecting a wallet, or reading out a code.
The fake "bot" that wants you to connect a wallet
They send you an official-looking bot or link: "Click here to connect your wallet to complete identity verification / unlock access / claim eligibility." The moment you approve on that site, your wallet can be drained. The so-called "verification" is purely a pretext to lure an approval out of you.
The fake "official announcement" pinned link
In the group (sometimes a hijacked legitimate one) they post an "official announcement" or "limited-time airdrop" with a link, sometimes dressed up to look like a pinned message. The link points to a phishing site or a malicious approval page. A real announcement won't use a strange short link to rush you into acting immediately.
Posing as an ordinary "group member"
They don't always pretend to be admins. Some start as a friendly fellow member: "I had this exact problem before, DM me and I'll show you," then slowly pull you into the trap or hand you off to a "reliable mentor / support agent."
What real support will never do in a group
Rather than memorize a hundred scammer tricks, flip it around and memorize the boundaries real officials keep. The following are things legitimate project and exchange staff will never do — the moment someone does any one of them, however close the avatar and however professional the talk, it's a scammer:
Cross any of these lines and it's fake
- They won't DM you first. If there's really something to handle, they direct you to an official ticket or a public channel in the group, not pull you aside in private.
- They won't ask for your wallet seed phrase, private key, exchange login password, or codes. Officials don't need these and will never ask.
- They won't DM you an "airdrop link" or "verification link" to connect your wallet. "Connect your wallet to verify" is itself a scam script.
- They won't rush you with "limited time," "right now," or "act or lose your eligibility." Manufacturing urgency and not letting you stop to verify is a hallmark of fraud, not how officials work.
Carve this line into your head: real officials don't DM you first to ask for things. That one rule alone blocks the overwhelming majority of these scams.
A few instant tells
- They DM'd you, when you never reached out to them — alarm number one.
- The username is off by a character or two: same avatar and display name, but the full @handle has an extra underscore, a missing letter, or an o swapped for a 0.
- They push you to click a link, connect a wallet, or read out a code, with an urgent tone and "limited time" / "hurry."
- They claim to be "support / admin" but work over DM rather than the platform's official ticket or public channel.
- The avatar sports an "Official" / "Admin" / "✓" badge — all trivially fakeable, and proof of nothing.
A few protective settings to keep DM scammers out
The good news about this scam: most of it can be blocked outright with a few settings and habits. Spend a few minutes setting these up:
- Turn off DMs from strangers. In your chat app's privacy settings, restrict "who can message me" to contacts, and strangers can't get through.
- Only trust the accounts pinned officially and listed on the official site. A project's or exchange's official accounts and support channels are whatever the official website lists — never what anyone in the group claims.
- Check the full username. Ignore the avatar and display name; open the person's profile and check the full @handle character by character against what the official site lists. One character off is enough.
- Take it back to the group, publicly. @ the real admin publicly in the group to verify; never handle anything involving assets or passwords privately in a DM.
- Report and block suspicious accounts, and drop a note in the group while you're at it so others avoid the trap too.
The one-line rule
Set your default to: an "official" who DMs you first gets no trust, period. If there's really something to deal with, you go back to the official site or the public channel in the group to find it yourself. Hold that line and it won't matter how perfectly the avatar and name are copied.
Already clicked and connected a wallet — what now
If you already clicked the link a fake "admin" sent, or even connected your wallet and granted an approval, don't panic — move fast and in order:
Revoke the wallet approval immediately
Outside the site you just used, with a trusted tool, revoke the wallet allowance you just granted to cut off their ability to keep moving your assets.
Move whatever's still safe
Move the assets still safe in your wallet to a clean new wallet as fast as you can. If you suspect your private key / seed phrase may be exposed, stop using that old wallet entirely.
Stop all contact and block them
Don't reply to anything more from them — and especially don't believe "do one more step and you can recover it," a second-wave line. Just report and block.
Preserve evidence, warn the group
Screenshot the person's full username, the chat logs, and the link, and warn the group publicly. For evidence-gathering and reporting details — including the FBI's IC3 (ic3.gov) in the US and Action Fraud in the UK — see what to do after you've been scammed.
FAQ
An "admin" in the group DM'd me first — can I trust them?
Almost never. Real officials and group admins rarely DM you first, and they'll never push you in a DM to click a link, connect a wallet, or hand over a code. Scammers copy the admin's avatar and name and race to DM you ahead of the real one. Treat any unsolicited DM as a scam by default, and verify through public channels back in the group.
Why are these scams especially common on Telegram and Discord?
Both platforms are highly anonymous with a low sign-up barrier, so anyone can set their avatar and name to match an admin's exactly; only the full username (the @handle) is hard to copy fully, and most people don't check it. Add the flood of bots and the dense clustering of crypto communities, and scammers can target members precisely off the list.
How do I tell a real admin from an impersonator?
Don't look at the avatar and display name — both can be copied in seconds. Open the person's profile and check the full @handle character by character against the official accounts listed on the official site or in the group; one character off means it's fake. Safer still: ignore the unsolicited DM and go back to the group to @ the real admin publicly, or use the official support channel listed on the official site.
I clicked the link a fake "admin" sent and connected my wallet — what now?
Immediately revoke the approval you just granted on that site, move whatever assets are still safe to a clean new wallet, and stop all further contact. Save the person's username, chat logs, and the link as evidence, and warn the group publicly. Move fast — once an approval is abused, assets can be moved out quickly. In the US, report to IC3 (ic3.gov).
Where should support be? Trust the channels listed on the official site, not an "official" in your DMs
The weak point this scam exploits is that you can't tell "which one is actually official." The least stressful fix is to trust only the official site and in-platform official channels from the start: do your sign-up, support, and announcements through official routes, and ignore anyone in a DM calling themselves "official." OKX is one mainstream exchange; you can reach it through the official sign-up link below, support and announcements come through the app and official site, and its official domain is okx.com.
Read next
- Fake support & "account unfreeze" scams — the "support agent" in your DMs is the same playbook in a different setting.
- Fake airdrops & wallet-approval theft — behind "connect your wallet to verify" there's usually a draining approval.
- Cloned phishing sites & fake exchanges — the link a fake "admin" hands you often points to a cloned site.