One of the most popular crypto wallets as of 2024 is called Trust Wallet but can you really trust it? Spoilers: the product itself is fine. You should watch out for other fraudulent schemes that use this name. Learn more about them in this guide from the ChangeHero team!
Key Takeaways
- There is a category of cryptocurrency scams that exploit the design of crypto wallets. As one of the most popular wallet apps, Trust Wallet’s brand is often used to defraud users.
- Some schemes, such as phishing, were ubiquitous even before crypto. Fraudsters use fake apps and websites, phishing email and SMS messages to get their victims to give up access to their wallets.
- There are also methods to steal crypto assets derived from how it works. Examples include watch-only addresses and address poisoning.
About Trust Wallet
Trust Wallet is one of the most recognizable brands of crypto wallets. Through simple yet strong branding, a user-friendly interface, and industry-leader backing, Trust Wallet managed to become one of the top crypto wallet apps.
The team preferred to invoke a sense of security in the users with the name rather than sticking to the idea of trustlessness, which proved to be the right move to amass a user base. This particularly applies to mobile wallet users, who comprise most Trust Wallet users.
Trust Wallet lets users manage digital assets and their crypto wallet addresses. In addition to supporting the majority of popular coins and tokens, it also enables cryptocurrency payments and gives access to non-fungible tokens. While it undoubtedly gives more utility to the app, it also increases the attack vectors that users can fall victim to.
Why are Trust Wallet users targeted?
According to a16z, Trust Wallet is among the top mobile wallets in the world. Its popularity and the image of a secure and trustworthy product make its users a target of crypto scammers.
There is no evidence to suggest that Trust Wallet users are more prone to falling victim to scammers. Neither is the wallet app itself less secure than the industry standard. Nevertheless, the app being as popular with newcomers to crypto as it is makes it a frequent cover-up for bad actors.
Crypto Scams That Target Wallet Users
Phishing
Cyber attack known as phishing is a social engineering tactic that uses a fake front such as a phishing website, email, or a fake app. It is not exclusive to crypto but due to how digital assets work, scammers have managed to make thousands of users fall victim to phishing.
You can lose not only an online account to this method but even all crypto assets on a given wallet address. If you share the seed or recovery phrase, the scammers will get access to your private keys. These keys are the only proof of ownership for crypto assets, so by giving them up, you lose ownership as well.
Scammers use different pretexts to pressure you into providing sensitive information. Official wallet projects often remind their users that they will never ask their users for recovery phrases. If you suspect a phishing attempt, pay extra attention to email addresses and link URLs, do not follow any links or download any files. It might be a good idea to search for the official contact and reach out to the support staff yourself to see if the mailout is legitimate.
Fake Airdrops
Another common crypto scam method is fake airdrops and giveaway scams. The biggest red flag you should watch out for is whether it requires you to share the seed phrase. It is not always so obvious: sometimes, connecting your wallet puts you at risk as well, and both legitimate and fraudulent airdrop sites can ask you to do it.
Just like with other investment scams, cross-referencing the source of the airdrop can help you see if it is real. If it promises high returns, requests you to deposit funds, or is just too good to be true, it is most likely a scam.
Watch-Only Wallet Scams
You could have come across some internet users offering crypto wallets for sale. If it seemed suspicious to you, your instinct was right: it is another type of phishing crypto attack that uses watch-only addresses.
What is a watch-only address or wallet? It is a type of crypto address that lets you view the balance and state of it but gives no access to spending. Trust Wallet supports these addresses, among other things.
Watch out for someone offering you to buy a crypto wallet address, even if they make it seem like it is a fully-fledged one. Do not deposit any crypto assets: scammers can use the pretense that it has been configured for investment or mining purposes. In reality, they are the ones owning the private keys and ergo, spending privileges.
Address Poisoning
This is also a crypto scam, which exploits how the users engage with wallet apps. Luckily, other wallet features, frequently found in popular applications, including Trust Wallet, help avoid it and keep your digital assets safe.
What happens in address poisoning? A scammer checks the transaction history through a block explorer and finds a transfer to try and hijack by creating a similar blockchain address. Because wallet addresses appear as long strings of letters and numbers, they are not human-readable, and it is not very hard to confuse a fake address with a legitimate one.
Once they choose a target, they create a zero-sum transaction that appears above a legitimate one in the history of transfers. Their goal is to trick people into confusing the addresses and next time, have them send digital currency to the scammer’s wallet.
How can you avoid this scenario? In addition to paying attention and double-checking the recipient addresses, you can also use features like the address book or favorite addresses in crypto wallet apps.
Fake Apps and Websites
Even generally reliable storefronts like the App Store or Google Play sometimes get tricked into listing applications that mimic popular crypto wallets. Search engines exercise even less oversight into which websites appear at the top of the results, leading to a phishing website occasionally popping up in ads.
A few tips to avoid those impostors would be keeping the real website in the bookmarks and knowing the proper URL of the legitimate business. As for the apps, the best indicator is usually the number of downloads and user reviews. Like other types of crypto scams we mentioned, these rely on the user not paying attention and when they’re in, pressuring you into action.
Malicious Bulk Emails, SMS, Social Network Messages
Last but not least, phishing occurs through email, SMS, and social media as well. It is a bit more tricky than fake websites because those can appear legitimate. For example, bad actors have been known to send phishing email from real Zendesk mailing services or SMS, claiming to be Trust Wallet representatives.
The rule of thumb here would be not to follow any links or download files. The scammers hope you are not familiar with the outreach policies of the service they act as so make sure to review the privacy policy of the products you use. For example, it is not that common for crypto wallets to know your phone number at all but a SIM-swapping fraudster is more likely to get their hands on it.
How to Stay Safe
We have already provided a few tips on avoiding each type of these scams. Summing it up,
- Be wary of any ‘official representatives’ proactively reaching out to you, especially if you did not subscribe to any mailing lists. It can be a good idea to double-check and contact the legitimate business yourself.
- If someone requires you to make an upfront payment, it is another reason to stay cautious. Usually, it ends in you never getting it back.
- Official employees of crypto companies will never ask for your recovery or seed phrase. It is connected to your private key and instead of ‘restoring’ or ‘activating’ a crypto account, scammers will gain full control over your wallet.
- Check if the app or product you want to use is legitimate with other crypto community members or resources like the Department of Financial Protection and Innovation’s Crypto Scam Tracker if they are available to you.
Unfortunately, not everything always goes as swimmingly as we hope. What should you do if you were scammed?
- Blockchain transfers are irreversible but there is hope to make those who stole your funds send it back through law enforcement. Reach out to competent authorities in your jurisdiction or even customer support of the platform you used to start the investigation.
- For example, US residents can contact the Federal Trade Commission (FTC), the Commodity Futures Trading Commission (CFTC), the U.S. Securities and Exchange Commission (SEC), or the Internet Crime Complaint Center (IC3). Each of those handles different types of fraud, so take a moment to see which entity is relevant to your case.
- There is fraud even in crypto asset recovery, preying on victims who try to get their money back from other scammers. Real ‘crypto hunters’ and white hat hackers are rare and require payment for their services, too. The ChangeHero team previously made a guide that should help you avoid the pitfalls of stolen crypto recovery.
Conclusion
We hope this guide equips you with the knowledge to avoid falling for scams targeting wallet app users. Keep your private information and digital assets safe with it!
More guides and updates from ChangeHero are posted on our blog, so do check them out! To get market insights and crypto news as they happen, follow us on social media: X, Facebook, Reddit, and Telegram.
Frequently Asked Questions
Is Trust Wallet really secure? Is Trust Wallet legit?
Trust Wallet is one of the most popular crypto wallets in the market. The application and extension are legitimate products with decent security.
Are Trust Wallet airdrops legit?
Occasionally, Trust Wallet collaborates with other crypto projects to offer their users airdrop opportunities. It is a good idea to cross-reference this information in the official Trust Wallet channels and the project’s website because airdrops can be used as a pretense for phishing.
Does Trust Wallet have email?
Trust Wallet does not contact clients through email. You can get in touch with them at support.trustwallet.com.
What to do if I got scammed on Trust Wallet?
The first step you can take is to contact the customer support of Trust Wallet. You can skip this step if you already know which law enforcement agency you should contact.
Can I be scammed on Trust Wallet?
Like on any wallet app, crypto scammers can defraud you out of your digital currency if you use Trust Wallet. According to the DFPI Crypto Scam Tracker, the majority of schemes involve social engineering, although hacks have been reported as well.
Can coins be stolen from Trust Wallet?
Although unlikely, if the user neglects digital security or their private key is compromised, hackers can steal digital assets from Trust Wallet. There is no evidence to suggest that its security is below the industry standard, though.
Is there a fake Trust Wallet app?
Fake crypto wallets surface in the popular digital app storefronts for a brief amount of time until they get reported and delisted. Nevertheless, there is always a chance that an app with a low amount of downloads and user reviews turns out to be fake, so exercise caution and download apps only from official sources.
How can you tell if someone is a crypto scammer?
There are no certain one-hundred-percent giveaways for crypto scammers but they tend to employ some similar tactics. When they interact with a potential victim, they will try to gain their trust and pressure them into action.
Why is crypto so scammy?
Crypto remains largely unregulated even in 2024, so although there is no extreme oversight, customer protections are lacking as well. Some features of blockchain like transaction irreversibility or self-custody also make it easier to compromise one’s coins or tokens.
