Warning – Crypto Scammers

Scammers use messages (email, text, phone) to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. Armed with that information, they can gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful because people aren’t aware of the risks. The FBI’s Internet Crime Complaint Center reported that $57 million was lost to phishing schemes in one year.

The Story

To continue to stay ahead of those trying to inform potential victims of the dangers, they are constantly coming up with new ways of attracting potential victims. One such recent attempt has been launch via the Discord game messaging application. Earlier today, one of our readers received this message from an unknown user on Discord.

Latest scam going round

The Message

:trophy: Won your discord number. :trophy:

:flag-cn:We are a fast growing cryptocurrency exchange, which recently entered the European market. Our exchanger has been in existence for over 2 years and is known in the expanses of China. To attract new users, we did a free giveaway with 200 prizes worth almost 2000 ETH

:pushpin: The investor has entered into an agreement with discord to allow the use of discord as a platform for the distribution of P2P code prizes.

Everything is official and completely legal. Our company works strictly under the contract in accordance with the law!

:pushpin: After activating a P2P code, the funds will be credited to your balance.

:pushpin: Funds allocated for the giveaway are in the public ETH wallet:


:gift: You won 14.47 ETH :gift:

:outbox_tray: How to withdraw your Ethereum ?

:arrow_right: Sign up on the site: https://galachange.com

:arrow_right: Section Go to the “Codes” section and activate your code: BDDD543202A3568D

:arrow_right: Click the “Balance” tab and withdraw ETH to your ETH wallet.

:fleur_de_lis: Rules :fleur_de_lis:

:octagonal_sign:P2P code can be used once and for one account

:octagonal_sign:Creation of multi-accounts is forbidden, if multi-accounts are detected, all your accounts will be blocked

:warning: Do you have questions about winnings? :warning:

:globe_with_meridians: Online Support on the site. :globe_with_meridians:

:telephone_receiver:https://galachange.com/support :telephone_receiver:

The galaCHANGE crypto exchange platform. All rights reserved:no_entry:


The Reaction

After receiving the message, the user went and created an account on https://galachange.com, which looks After receiving the message, the target registered an account on https://galachange.com, which looks legitimate enough. The reader entered his code as instructed and was astounded to find his account had indeed been credited with 14.47 ETH. So he decided to withdraw this crypto winfall into his personal wallet.

That was when the other shoe dropped. The exchange required the new account be activated with a deposit of 0.01BTC(US$330) before he would be able to remove his winnings. The message on the screen assured him that he was free to withdraw the deposited amount plus his 14.47 ETH immediately after the verification was complete.

The Result

Thankfully the reader was astute enough to stop here and seek more information on the exchange before making the deposit, but there are probably many others who do not. We can not say definitively that he wouldn’t have gotten his money back, but lets look at the facts.

The Facts

  1. This message about winning a prize was sent privately, without the user entering any publicized draw. Companies regularly do use competitions like this to ADVERTISE their company or products. They certainly don’t keep them quiet except for the lucky winners!
  2. Galachange claims to have been in business for over two years, yet a quick whois of their domain tells a different story.
    See right.
  3. The wording of the original message is flawed, to say the least. While this is not proof of wrongdoing, any company giving away 2000 ETH (US$4.25M) would undoubtedly spend a few bucks to have a native speaker proofread their messages.
Domain Name: 
Registry Domain ID: 2628389154_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2021-07-21T22:33:46Z
Creation Date: 2021-07-21T22:33:43Z

How to respond

When contacted by parties with news that is too good to be true, it probably isn’t true. Therefore, Don’t do anything until you have verified the source. Certainly, do not give anyone access to your accounts or personal details unless you know who they are and that you can trust them.

If you feel you have been targeted by scams like this forward the message to the Anti-Phishing Working Group. They can be contacted via email [email protected]

%d bloggers like this: