The most common scams in crypto are phishing scams. Scammers often target users on social media channels, impersonate HashPack staff, and provide links to unsuspecting victims to websites which appear legitimate but actually steal your account information.
The Hedera network is not immune to tactics employed by scammers. The two most common scams currently circulating on the Hedera network are memo scams and impersonation/imitation websites which look like HashPack but are a malicious URL.
Scammers go to great lengths to appear legitimate to get users to trust them and visit a malicious URL or inadvertently provide their 24-word recovery phrase or private key. Other scams include support requests on social media platforms like X, Telegram and Discord.
The only HashPack website is https://www.hashpack.app/
You can find all relevant HashPack links and guide directly on our website. If you are provided a URL from someone claiming to be a support agent, inspect the URL in your browser URL bar with scrutiny.
Some examples of fake malicious URLs: hashpackk[dot]com -or- hashpackwallet[dot]xyz.
This simple step can prevent loss of funds.
Memo scams:
Scammers send a small amount of HBAR to thousands of different wallets with a positive balance to trigger any pending staking rewards to make it appear as though they airdropped HBAR to your account when in reality the Hedera network just awarded your pending staking rewards.
Example memo scam:
To fall victim to the scam the user needs to go to the malicious website which will imitate HashPack to look legitimate and ask for the users seed phrase/private key leading to loss of funds -or- prompt to connect to a dApp imitating HashPack/SaucerSwap to receive an airdrop which prompts the victim to approve an Allowance for 100000000 HBAR, which if is accepted by the victim, will drain all HBAR or tokens the scammer wishes to steal relating to the allowance approved. Any HBAR added to the compromised account will be stolen.
Unfortunately there is no way to completely block these malicious URL messages on-chain as the Hedera network cannot be censored but they can be safely ignored. As of HashPack v10.3.0 we've introduced a Spam Filter to the history tab that will filter out dust transactions.
Social media scams:
Scammers use social media and chat apps such as X, Telegram and Discord, to prey on unsuspecting victims who post support related questions regarding issues they may be experiencing using a dApp, wallet or network.
A scammer will reply with a fake HashPack account for example and offer assistance to an unsuspecting victim as the account logo and username are the same as the official HashPack X account, for example. Once the scammer has earned the trust of the victim, they provide a malicious URL which may imitate the HashPack website, and asks the user to log in to it, or, ask the user directly for their seed phrase or private key to "assist them".
Example X/Twitter support scam:
Fake impersonation scam accounts will repost all of the real HashPack X accounts posts, adopting the same or a similar name, the same logo, banner and reply to official posts to lure unsuspecting victims.
The best thing to do is report these accounts.
To report an account on X/Twitter:
- Click the '...' button
- Select Report @Scam Account
- Scroll down and select Impersonation, click Next
- Select Someone else on X is being impersonated, click Next
- Enter the official HashPack X account: @HashPackApp, then click Next
- Finally, block the Scammer
Telephone Support Scams:
Users seeking support often type support requests into Google which do not always yield the intended result of the correct website the user seeks support from. Scammers clone websites to appear legitimate and may provide a phone number to call for support.
HashPack does not provide support over the phone.
Scammers use phone support to increase trust between themselves and a potential victim and often ask them to visit a website via a link or provide their 24-word recovery phrase over the telephone.
If you have been the victim of a phishing scam, please review this guide: Help! I've been scammed
Stay safe out there!