A wave of cryptocurrency fraud targeting users of Trust Wallet a non-custodial digital asset application with over 50 million Android users worldwide has prompted India’s nodal cybercrime body to issue a formal threat advisory, as losses from so-called “wallet drainer” attacks mount across the country’s growing retail crypto base.
The Indian Cyber Crime Coordination Centre (I4C), operating under the Ministry of Home Affairs, published Advisory this week after analysts detected a significant uptick in complaints logged on the National Cyber Crime Reporting Portal, cybercrime.gov.in.
“Once permissions are granted, wallet drainer scripts automatically transfer funds without further user interaction or approval.”
Perpetrators first establish contact with victims on peer-to-peer trading platforms such as Binance, then rapidly migrate communication to WhatsApp or Telegram to evade platform-level monitoring. Targets are told that a mandatory “crypto asset verification” step is required to proceed with a transaction a fabricated requirement designed to manufacture urgency and compliance.
Victims are subsequently redirected to counterfeit websites impersonating legitimate blockchain verification services. Once a user connects their Trust Wallet to these fraudulent pages, malicious smart contract permissions are silently approved handing attackers unrestricted programmatic access to the wallet’s contents.
The drain is automated and near-instantaneous, with no secondary confirmation required from the victim. The financial consequence is severe: because no central authority governs public blockchain networks, unauthorized transfers are effectively irreversible.
I4C Urges Reporting Through Cybercrime Portal
I4C has urged affected users to immediately disconnect all dApps from Trust Wallet settings and to avoid sharing seed phrases under any circumstances.
The unit also highlighted a built-in safeguard within the Trust Wallet application itself: a “Critical Risk Alert” that triggers when users attempt to connect to flagged domains, requiring explicit acknowledgment before proceeding. Analysts note that social engineering pressure from scammers frequently convinces victims to override this warning.
Citizens experiencing cryptocurrency-related fraud are directed to file complaints at cybercrime.gov.in or dial the national helpline at 1930. I4C has developed Sahyog Portal, which facilitates data disclosures in crypto investigations. More than 45 crypto exchanges have been onboarded for data disclosure assistance on Sahyog Portal.
