What Are Trust Wallet Migration Scams?
Trust Wallet migration scams exploit a simple fear: the worry that your wallet might be outdated, compromised, or need updates. Scammers create fake websites, emails, or social media posts claiming that Trust Wallet is “migrating” to a new system and users must transfer their funds to a new wallet address.
The goal is always the same: get you to send your crypto to an address controlled by scammers. Once the transaction confirms, your funds are gone.
How Migration Scams Operate
Fake “Official” Announcements
Scammers create websites that look identical to trustwallet.com. They buy Google ads for keywords like “Trust Wallet support” or “Trust Wallet migration,” so their fake site appears at the top of search results.
The site claims Trust Wallet is “upgrading security protocols” or “migrating to a new network” and instructs users to connect their wallet and approve a migration transaction. That transaction drains your funds.
Email Phishing Campaigns
Emails arrive appearing to come from Trust Wallet, warning that your wallet needs to be “verified” or “migrated” due to security updates. The email includes a link to a convincing clone of the Trust Wallet website.
Subject lines often use urgency:
– “URGENT: Wallet Migration Required”
– “Security Alert: Verify Your Wallet Now”
– “Your Trust Wallet Needs Updating”
Social Media Impersonation
On Twitter, Telegram, and Discord, scammers create accounts impersonating Trust Wallet support. They monitor discussions about wallet issues and reach out to users with offers to “help” migrate their wallet.
Real Trust Wallet support will never DM you first asking for wallet details or seed phrases.
Telegram “Migration Bots”
Scammers create Telegram bots that claim to help with wallet migration. Users enter their seed phrase “to verify ownership,” and the bot immediately drains the wallet.
Trust Wallet does not have migration bots. Any bot asking for your seed phrase is a scam.
Red Flags to Watch For
Requests for Seed Phrases
The biggest red flag: anyone asking for your 12-word recovery phrase. Trust Wallet will never ask for this. No legitimate service will. Your seed phrase should never be typed into any website, app, or message.
Unsolicited Contact
If someone claiming to be from Trust Wallet support contacts you first, it’s a scam. Real support only responds when you initiate contact through official channels.
Urgency and Threats
“Act now or lose access to your wallet” is designed to bypass critical thinking. Real wallet updates are optional and never require immediate action under threat of fund loss.
Wallet Connect Requests
If a website asks you to connect your Trust Wallet and then requests you to approve a transaction you didn’t initiate, disconnect immediately. Scammers use “blind signing” to get users to approve token transfers.
Lookalike URLs
Check the URL carefully. Scammers use domains like:
– trustwallet-migration.com
– trustwallet-support.net
– trust-wallet-verify.io
– trustwallet.io (with a Cyrillic ‘a’ instead of Latin)
The official domain is trustwallet.com. Bookmark it and never follow links from emails or messages.
Real Cases of Migration Scams
The Google Ads Scheme
In late 2024, scammers spent heavily on Google Ads targeting “Trust Wallet” searches. The ads led to a fake support site where users were instructed to “verify” their wallet by entering their seed phrase. Over $2 million was stolen before Google removed the ads.
Telegram Bot Drains
A Telegram bot called “TrustWallet_MigrationBot” contacted users who had posted about wallet issues in crypto groups. It claimed to help with stuck transactions by requiring “wallet verification.” Users who entered seed phrases lost everything.
The “TRC20 to ERC20” Scam
Some migration scams claim Trust Wallet is “upgrading” from TRC20 to ERC20 networks and users must transfer funds to a new address. This is technically nonsense—wallets support multiple networks—but it sounds plausible enough to trick non-technical users.
How to Verify Legitimate Trust Wallet Updates
Official Channels Only
Trust Wallet announces updates through:
– Their official Twitter: @TrustWallet
– Their official blog: blog.trustwallet.com
– The in-app notification system
– GitHub for open-source updates
Check the App Store
If Trust Wallet releases a genuine update, it will appear in the Apple App Store or Google Play Store. You don’t need to visit any website or connect your wallet to update the app.
Real Updates Don’t Require Wallet Action
Trust Wallet updates the app itself. Your funds stay in your wallet. There is no legitimate scenario where an update requires you to transfer crypto or enter your seed phrase on a website.
What to Do If You’ve Been Targeted
If You Entered Your Seed Phrase
If you typed your seed phrase into any website, bot, or form:
1. Immediately transfer all funds to a new wallet with a fresh seed phrase
2. Do this even if funds haven’t been stolen yet—your seed phrase is compromised
3. Use a completely new seed phrase, not one generated from the old wallet
If You Connected Your Wallet
If you connected your wallet to a suspicious site:
1. Revoke all token approvals immediately using revoke.cash or unwallet.net
2. Check your transaction history for unauthorized transfers
3. Create a new wallet and transfer remaining funds
If You Approved a Suspicious Transaction
If you approved a transaction you didn’t understand:
1. Check etherscan.io or the relevant block explorer for your address
2. Look for token approval transactions you didn’t authorize
3. Revoke approvals immediately
How to Report Trust Wallet Scams
Report to Trust Wallet
Forward phishing emails to security@trustwallet.com. Report fake websites and social media accounts through Trust Wallet’s official support channels.
Report to Google
If you find fake Google Ads or phishing sites in search results, report them through Google’s Safe Browsing tool.
File Law Enforcement Reports
For significant losses:
– File a report with IC3 (ic3.gov) in the US
– Report to your local police
– The FTC at reportfraud.ftc.gov
Report to Domain Registrars
Phishing domains often violate registrar terms of service. Report the domain to the registrar (find via whois lookup) to get it taken down.
Protecting Yourself Going Forward
Hardware Wallets for Large Holdings
If you hold significant crypto, move it to a hardware wallet like Ledger or Trezor. Hardware wallets never expose your seed phrase to internet-connected devices.
Bookmark Official Sites
Never search for Trust Wallet and click results. Bookmark the official site. This prevents typo-squatting and ad-based phishing.
Verify Everything
Before taking action on any wallet-related message:
– Check the sender’s actual email address (not just the display name)
– Verify URLs character by character
– Cross-reference with Trust Wallet’s official social media
– Ask in trusted communities before acting
Never Share Your Seed Phrase
This bears repeating: your seed phrase is the key to everything. No legitimate service needs it. If anyone asks for it, they are trying to steal your funds.
Trust Wallet’s Actual Security Model
Trust Wallet is a non-custodial wallet. This means:
– Your seed phrase never leaves your device
– Trust Wallet cannot “migrate” your wallet because they don’t control it
– Updates happen at the app level, not the wallet level
– There is no central authority that can move your funds
Understanding this model makes migration scams obvious: if Trust Wallet doesn’t control your wallet, they can’t require you to migrate it anywhere.
Getting Help
If you’ve lost funds to a migration scam, recovery is difficult but not always impossible. Document everything and consider consulting with:
– Crypto fraud recovery specialists (verify their legitimacy first—many are secondary scams)
– Law enforcement
– Services like Bitremit that offer free case evaluations
The best protection is prevention: skepticism about unsolicited contact, verification of every claim, and absolute protection of your seed phrase.
