As AI technology becomes increasingly prevalent, while we enjoy its convenience, we also face new security threats. Recently, we discovered that criminals are exploiting users' trust in AI to induce them to visit phishing websites and steal assets.
Information Traps in AI Searches
Currently, some users may be accustomed to using AI search engines or AI assistants to obtain information, including querying official websites, market dynamics, project introductions, and technical analyses.
It is important to note that information generated by AI models depends on their training data and algorithms, and they themselves do not have the ability to real-time identify the authenticity of information. If the training data contains incorrect or contaminated information, AI may provide false or outdated information in an seemingly authoritative tone. Currently, the information provided by AI has the following issues:
False Information Infiltration: Some phishing websites use technical methods (such as SEO) to rank high in search results, causing AI to mistakenly believe they are credible sources and include them.
Data Lag: Due to the rapid changes in blockchain and cryptocurrencies, AI cannot track project announcements in real-time like humans. For example, if a project officially modifies its website or upgrades its token contract, AI may still provide old or even obsolete information.
Recently, the security team SlowMist pointed out on Twitter that after testing, some AI tools would incorrectly recommend fraudulent links to fake official websites. AI may "confidently lie" when generating content, and if it relies on unverified data sources, it may recommend false links or incorrect tutorials to users.
As shown in the image below, when asking the AI tool about imToken's official website, the AI replied with https://www.imtoken.app. Please note that this is a fraudulent website. The correct imToken official website is https://token.im
Information Pollution on Social Platforms
Social platforms like Twitter and Telegram have become important channels for disseminating cryptocurrency asset information, with many users obtaining information by following official project accounts, joining communities, and following industry influencers.
However, due to their low publishing barriers and algorithmic recommendation mechanisms, social platforms have become a severe area for criminals to spread false information. Platform algorithms usually prioritize high-interaction content and lack strict review mechanisms for content authenticity. As a result, some criminals impersonate official personnel or create fake official accounts, repost official information, and pretend to popularize security knowledge to publish false investment information or induce users to download fake wallets and steal user assets.
Recently, users have reported that multiple accounts impersonating the official account have emerged on a certain platform - please note that imToken does not have any official account on that platform.
Xiao Zheng saw multiple wallet usage tutorials published in the name of the official account on a certain platform and downloaded a wallet application under the guidance of the so-called "official customer service". Due to lack of vigilance, Xiao Zheng created a new address in the fake wallet and transferred assets into it.
Hours later, he discovered that his assets were transferred to an unknown address. Unable to contact customer service, he realized he had been scammed. In fact, the wallet Xiao Zheng downloaded was a fraudulent wallet application, and the seed phrase had already been leaked, resulting in asset theft.
imToken security team reminds:
Only download and use the official wallet from the unique imToken official website https://token.im, and do not click on strange download links on social platforms.
When using AI tools to search for knowledge about wallet asset security, do not blindly trust the content recommended by AI. For links or tutorials found through AI, please verify their authenticity through official channels.
To verify official accounts, please recognize the following imToken official channels:
WeChat Official Account: Bulu Shuo
Weibo: https://weibo.com/imToken
Twitter (X): https://x.com/imTokenCN
Discord Community: https://discord.com/invite/imToken
imToken Has Been Taking Action
Security Risk Control
In March, imToken marked 12,018 risk assets; banned 441 risk DApp websites; and marked 7,268 risk addresses. See risk control data for details.
Additionally, if you discover potentially risky assets or DApps, please promptly feedback to us at: [email protected], helping more users avoid asset losses.
"
Learn More
For a detailed analysis of March 2025 risk data, please refer to:
https://www.yuque.com/imtoken/learn/bctrvh0yk2fggiee
If you discover potentially risky digital assets or DApps, please promptly feedback to us: [email protected] , helping more users avoid asset losses.
Finally
Scam methods are emerging endlessly, and it is indeed difficult for ordinary users to comprehensively prevent them. imToken is committed to quickly discovering and finding solutions, promptly feeding back and popularizing various new scams to the community, reducing user losses, and comprehensively improving user security in the cryptocurrency asset field, striving to build a trustworthy digital asset management ecosystem.
We sincerely invite you to read and share the "imToken Wallet Security Monthly Report" and work with imToken to protect every asset's security.
