India I4C issues alert: surge in fake verification link phishing scams involving Trust Wallet

According to an official advisory published on April 28 by India’s Indian Cyber Crime Coordination Center (I4C), there has been a sustained increase in “wallet theft” scams targeting Trust Wallet users. The attackers lure users into granting wallet permissions to malicious smart contracts by spoofing “cryptocurrency verification” steps, after which the funds are immediately transferred out via automated scripts. I4C said that the growth trend of the above scams is driven by a surge in complaints received by the national cybercrime reporting portal.

Background of the I4C Official Advisory

(Source: I4C)

According to I4C’s official announcement, this advisory was issued following a spike in nationwide complaints about cryptocurrency scams. I4C noted that the primary targets of “wallet theft” attacks are retail cryptocurrency users who use self-custodial wallets, and Trust Wallet users are among the affected groups.

How the Scam Works

According to I4C’s official announcement, the scam methods involved in this advisory include the following steps:

Contact the victim: The attacker initially reaches out to target users through peer-to-peer (P2P) trading platforms such as Binance

Move the communication channel: The conversation immediately shifts to private messaging apps such as WhatsApp or Telegram to avoid intervention and monitoring by the platform

Create a sense of urgency: The attacker spoofs a “cryptocurrency verification” request, claiming that this step is necessary to complete the transaction

Lead to a phishing website: The victim is directed to a scam website impersonating a legitimate blockchain service and is prompted to connect their wallet

Malicious authorization and immediate theft: Without the victim’s knowledge, the victim grants the malicious smart contract control permissions. The funds are transferred out immediately via automated scripts. After the initial authorization, the victim does not need to confirm again

According to I4C’s announcement, because blockchain networks lack a central regulatory mechanism, the related transactions are difficult to reverse, leaving victims with very limited ways to recover their losses.

I4C’s Official Security Recommendations

According to I4C’s official announcement, the organization recommends the following security measures to cryptocurrency users:

· Disconnect all unknown or suspicious decentralized applications (dApps) from wallet settings

· Never disclose a seed phrase to any third party

· Do not ignore the “Critical Risk Alert” prompts built into Trust Wallet; I4C said that scam perpetrators typically pressure victims to ignore such system warnings

· Be cautious with unknown links involving digital assets and urgent requests

Frequently Asked Questions

When was this I4C advisory released in India? Through what channels was it reported?

According to I4C’s official announcement, the advisory was officially released on April 28, 2026, and the case growth trend was identified through complaint data from the national cybercrime reporting portal cybercrime.gov.in.

How do scam perpetrators obtain control of a victim’s wallet?

According to I4C’s announcement, attackers lure victims through phishing websites into granting wallet permissions to malicious smart contracts. After authorization is completed, the funds are transferred out immediately via automated scripts. Victims cannot intercept the transfer during the transaction process, and blockchain transactions are difficult to reverse.

Does Trust Wallet have protective mechanisms? What are the limitations?

According to I4C’s announcement, Trust Wallet’s built-in “Critical Risk Alert” feature will trigger a warning when users attempt to connect to a flagged domain; however, I4C said that scam perpetrators typically pressure victims to ignore such system warnings.