Market News

India’s MHA Issues Advisory on Trust Wallet Drainer Scams, Names Fake Verification Domains

Advisory flags a sharp rise in NCRP complaints involving fake "BNB Chain verification" sites that lure Trust Wallet users into approving malicious smart contracts via Binance-to-Telegram social engineering pivots.

Written By:
Dhara Chavda
India's MHA Issues Advisory on Trust Wallet Drainer Scams
India’s cybercrime unit issues advisory warning of active crypto-wallet drainer campaign targeting Trust Wallet users.
Attackers establish initial contact with victims via P2P platforms before shifting to WhatsApp or Telegram to evade monitoring.
The five-step modus operandi involves fake crypto verification, authorization, and malicious links to drain wallet assets.

India’s nodal cybercrime body has issued a formal threat advisory targeting Trust Wallet users, naming three counterfeit domains used in an active crypto “wallet drainer” campaign and laying out the precise five-step playbook attackers are running against Indian retail crypto holders.

The advisory, TAU/ADV/013, was published on April 20, 2026, by the National Cybercrime Threat Analytics Unit (NCTAU)—the analytical wing of the Indian Cyber Crime Coordination Centre (I4C), which operates under the Ministry of Home Affairs and runs the National Cyber Crime Reporting Portal at cybercrime.gov.in.

NCTAU said it issued the advisory after observing a significant rise in NCRP complaints linked to cryptocurrency-related cyber frauds involving or targeting Trust Wallet, the non-custodial app with 5 crore Android users globally.

The Five-Step Modus Operandi

Unlike most regulatory advisories that stay vague on technique, TAU/ADV/013 lays out the attack chain step by step:

  1. Initial contact: Scammers establish first contact via P2P platforms like Binance, then shift the conversation to WhatsApp or Telegram to evade platform-level monitoring.
  2. Fake crypto verification: Victims are falsely told that a “crypto asset verification” step is mandatory to complete the transaction.
  3. Authorization: Users are redirected to impersonating websites—the advisory specifically names testwallet.site, beptest.org, and bep20test.com—and instructed to connect their Trust Wallet.
  4. Mandate: Malicious links prompt users to approve smart contract permissions, unknowingly granting full access to wallet assets.
  5. Wallet drain: Once permissions are granted, drainer scripts automatically transfer funds with no further user interaction or approval required.

The “BNB Chain Verification” Front

The screenshots embedded in the advisory show the lure with unusual clarity. The fake sites brand themselves as official BNB Chain verification platforms—”Verify Crypto Assets on BNB Chain”—and pad the page with fabricated trust signals: “2M+” users, “99.9%” success, “50K+” verifications, and “24/7” support.

A central “BNB CHAIN VERIFICATION” button initiates a wallet-connect flow that pulls in Trust Wallet (and, in some cases, MetaMask), prompting the user to approve permissions including “viewing wallet balance and activity,” “sending requests for transactions,” and a third permission flagged in red that grants the ability to move funds without permission.

That third approval is the kill switch. Once signed, the drainer script executes.

Potential Impact

NCTAU was blunt on consequences: the financial loss is direct and irreversible. Because public blockchain transactions cannot be reversed in the absence of a central authority, no recovery mechanism exists once funds leave the victim’s wallet—a structural reality that makes prevention the only meaningful defense.

Trust Wallet’s Two-Stage Safeguard

The advisory also documents Trust Wallet’s in-app Critical Risk Alert, a two-screen warning system that triggers when users attempt to connect to flagged domains.

The first screen displays a red warning icon with, “Warning! You could lose all your tokens!” and notes that the URL has been marked as harmful, offering a default “Stop and go back” button alongside a smaller “Proceed anyway” link. If the user pushes through, a second screen requires explicit checkbox acknowledgment of two statements: “I understand I can lose all my tokens” and “I understand my lost tokens cannot be recovered by Trust”—only after both are ticked does the “Continue anyway” button activate.

NCTAU’s implicit point: the safeguard works, but social engineering pressure from scammers routinely convinces victims to click through both screens.

Recommendations

The advisory’s user guidance is unusually operational for an MHA document:

  • Disconnect dApps: Victims should immediately remove all connected dApps under Trust Wallet’s settings menu to prevent further unauthorized transactions.
  • Beware of phishing and fake dApps: Never share seed phrases under any circumstances, and always verify receiver wallet addresses before transactions.
  • Verify website authenticity before connecting Trust Wallet to any dApp.
  • Pay attention to the Critical Risk Alert — do not override the warning under social pressure.

Victims of cryptocurrency-related cybercrime are directed to file complaints at cybercrime.gov.in or call the national cybercrime helpline at 1930.

Why This Advisory Matters

TAU/ADV/013 is notable on two counts. First, it crosses into territory where Indian regulators have historically been quiet — the non-custodial, self-sovereign end of the wallet stack, where there is no exchange to subpoena and no chargeback mechanism. Second, by naming specific malicious domains and reproducing screenshots of the lure, NCTAU is signaling a sharper analytical posture: this is closer to a threat intel report than a generic awareness notice.

The advisory lands against a backdrop of sustained crypto-fraud growth on the NCRP. I4C separately operates the Sahyog Portal for data disclosure assistance in crypto investigations, with more than 45 cryptocurrency exchanges onboarded—infrastructure that becomes meaningful only when victims actually report, which is itself a point the advisory tries to address.

Also read: Indian Police Arrest Man in ₹37 Lakh Crypto Trading Scam Tied to Binance Wallet

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
Share This Article
Dhara Chavda- Crypto Research Analyst at The Crypto Times
By Dhara Chavda
Follow:
Dhara Chavda is a Content Strategist and Research Analyst with 5 years of experience in the crypto industry. She holds a Bachelor’s degree in Computer Engineering and brings a strong technical perspective to her work. Dhara specializes in DeFi, price analysis, and the core mechanics of cryptocurrencies. She also works on crypto news, including research, analysis, and assigning stories, ensuring accurate and timely coverage of key developments in the space.

Latest News

South Korea to Track Crypto in Property Deals as NTS Targets Tax Evasion
South Korea to Track Crypto in Property Deals as NTS Targets Tax Evasion
Japan FSA Classifies JPYC Under Regulated Payment Services Framework
Japan FSA Classifies JPYC Under Regulated Payment Services Framework
Bitcoin 2026 Las Vegas: Regulators Shine While "Institutional Grift" Debate Erupts
Bitcoin 2026 Las Vegas: Regulators Shine While ‘Institutional Grift’ Debate Erupts
OFAC Updates Iran Sanctions as $344M in Tether Frozen Amid Hormuz Tensions
OFAC Updates Iran Sanctions as $344M in Tether Frozen Amid Hormuz Tensions
Compound DAO Proposes Up to 3,000 ETH for DeFi United Recovery Push
Compound DAO Proposes Up to 3,000 ETH for DeFi United Recovery Push

Find Us on Socials

You may also like