Think your crypto wallet is safe because you didn’t share your seed phrase? Think again. A new scam is targeting P2P traders with fake “AML verification” links, draining entire wallets in seconds without ever needing a password. Even seasoned crypto users are falling for it. Here’s how the scam works, why it’s so effective, and how you can avoid becoming the next victim.
Real Case: How a P2P Trader Lost $1,500 in Seconds
A crypto trader lost 1,500 USDT (~₹1.3 lakh) after clicking a link sent by a buyer. The request seemed innocent—generate an AML (Anti-Money Laundering) report before the trade. But the link led to a fake verification site that asked for wallet connection and a small crypto payment.
Soon after signing a transaction, the victim’s entire balance was drained.
This wasn’t an isolated incident. Multiple users reported similar messages from scammers using Reddit and Telegram, pushing traders to unsafe sites under the pretense of AML compliance.
How the Scam Works — Step-by-Step
This isn’t a hack. It’s a social engineering scam combined with blockchain contract exploitation.
1. Initial Contact
- The scammer approaches via Reddit, Telegram, or Discord, pretending to buy crypto P2P.
2. Building Trust
- They may offer F2F trading or claim to be local. They often ask for trust and promise quick payment.
3. The Bait: AML Compliance Request
- They send a link to “generate an AML report” — a fake website requiring wallet connection or crypto payment.
- These fake portals can look like legitimate DeFi or tax tools but are designed to exploit user signatures and contract approvals.
4. The Drain
- Upon connecting and signing a transaction (thinking it’s harmless), the victim grants unlimited token approval to a malicious contract.
5. Funds Lost
- The smart contract instantly transfers USDT or other tokens out of the victim’s wallet.
Global Risk: Not Limited to One Region
While this incident involved a trader from India, reports suggest this scam is spreading across:
- Southeast Asia (Malaysia, Philippines, Vietnam)
- Nigeria and parts of Africa
- Latin America (especially USDT-heavy regions)
- Even Western Europe and North America among Telegram P2P users
The scam is platform-agnostic, it targets Trust Wallet, MetaMask, SafePal, and even hardware wallets (if users approve transactions).
How to Trade Safely Using P2P (Safest Method)
If you must use peer-to-peer trading, follow these non-negotiable rules:
Use Escrow Platforms
Use platforms like Binance P2P, WazirX, or Bybit with built-in escrow features.
Never Leave the Platform
Once you shift to Telegram or WhatsApp, you’re outside platform protections. If a dispute arises, you’re unprotected.
Avoid These Red Flags:
- Asking for “AML report” or “test transfers”
- Payment verification via unknown websites
- Sharing Google Maps screenshots or location screenshots
- Rush tactics like “I’m driving now, need fast response”
Stick to Clear Process:
- Wait for buyer to transfer fiat → Platform locks escrow
- Confirm receipt in your bank account
- Release crypto only on-platform via secure confirmation
- Don’t click links, ever — even if they look professional
Also Read: P2P Crypto Trading Risks
How to Protect Yourself from Wallet Draining Scams
NEVER:
- Connect your wallet to any site you don’t fully trust.
- Approve smart contracts unless you know what they do.
- Send crypto for “verification,” “tax clearance,” or “AML checks.”
ALWAYS:
- Use https://revoke.cash regularly to check and revoke token approvals.
- Store large funds in cold wallets (Ledger, Trezor).
- Confirm dApp security using tools like https://defillama.com/security.
What to Do If You Fall Victim
- Revoke Access to Wallet:
Visit https://revoke.cash and connect your wallet to revoke any token approvals. - Report to Trust Wallet:
Submit a scam report here: https://support.trustwallet.com - Flag the Scammer’s Profile:
- Report the Reddit profile
- Report the Telegram account (via Telegram’s in-app “Report” feature)
- Post on r/Scams and r/DecodeCrypto:
Share the full details to warn others—include your image and wallet address (if you’re okay with that). - Check Blockchain Transaction:
- Go to https://bscscan.com or https://etherscan.io
- Paste your wallet address and see what contract drained your funds.
- File a Cybercrime Report (India):
If you’re in India, file a complaint at https://cybercrime.gov.in and attach all screenshots.
Final Thoughts
This isn’t just a wallet-draining scam. It’s a wake-up call.
The next phase of crypto scams doesn’t need malware or brute force — it only needs a moment of uninformed trust. As smart contracts become more complex and legitimate-looking, education is your only firewall.
Related Reads on fdaytalk
- Binance P2P Scam Explained
- Best Crypto Wallets for Beginners
- How to Invest in Cryptocurrency for Beginners
- P2P Crypto Tax Rules in India
Disclaimer:
This article is for educational purposes only and does not constitute financial advice. Always verify sources and platforms before any crypto transaction.
