Impersonation & Social Engineering Scams
Scammers often pretend to be project admins or support to trick you into revealing keys or signing malicious transactions.
Common Tactics
- Direct Messages: Unsolicited DMs on Discord/Telegram claiming to be support.
- Fake Email Support: Emails from addresses that look official, asking for your seed phrase.
- Community Posts: Replies on forums with links to “fix issues” or “claim rewards.”
How to Protect Yourself
- Never Share Seed Phrase: Legitimate support will never ask for your private keys or seed.
- Verify Identities: Check usernames against official team lists; prefer public channels.
- Use Official Channels: Only use support links from Compound’s website or verified GitHub.
- Multi-Factor Checks: Confirm any urgent instructions via at least two independent channels.
Real-World Warning
Attackers often monitor community channels for users reporting issues, then reach out privately to exploit trust.
Next Steps
Proceed to Token Approval Risks to learn how malicious allowances can drain your wallet.