Don’t Panic: What To Do in a Crypto Social Engineering Attack

In a separate article, we explore what social engineering is and some common crypto scams that use it to manipulate and defraud crypto users. Understanding what social engineering is raises another important consideration: what to do if you find yourself caught up in such a scam?

In this article, we'll explore the best action to take for each type of social engineering scam you may encounter. Before we get started, remember: prevention is better than cure. OKX Protect, our security hub, is full of actionable guidance and resources to help protect you and your crypto from fraud.

So you think you're being scammed?

In our previous article, we highlighted some of the signs you might have been targeted by social engineering. If you believe you're a victim — even if no funds have been lost — what should your next move be? Read on to understand the immediate steps to take, alongside specific guidance depending on how you've been targeted.

Immediate action to take

• Disconnect from the internet — this is especially important if you believe you've been targeted by malware and your device has been compromised.

• Stop all communication with the suspected scammer to avoid any further sensitive information from being shared.

• Document everything to gather a record of all communications sent and actions taken.

• Report the attack to the relevant platform and the local authorities. This is a key step towards potentially recovering funds, while helping prevent others from being targeted.

1. If you've shared credentials or seed phrases: access exploits

You'll need to act fast if you've unknowingly provided access to your wallet or a platform, because the scammer now has access to your assets. Here's what you may want to do:

• Create a new wallet with a trusted provider and transfer all your funds to it

• Reset passwords to any connected accounts

• Revoke smart contract approvals for decentralized applications (dApps). This reduces the opportunities hackers and scammers have to target you.

• Scan your network for malware. Alongside the auto-scan conducted by your chosen software, it's also wise to frequently complete a manual scan for added protection.

2. If you were manipulated by someone you trusted: trust exploits

You've been in regular contact with someone and grown to trust them, but now you're suspicious. Thankfully, you've not handed over any funds or credentials, but you have discussed finances.

• Stop all communication immediately. Block the suspected scammer if needed.

• Audit recent transactions. Even if you're confident you've not handed over sensitive information, it's wise to check all transactions during the period you were in touch with the suspected scammer. That allows you to spot any unauthorized activity.

• Report the scam to any platforms you believe were affected. That could be a messaging platform, or an exchange the suspected scammer was pushing you to trade with it.

• Warn others. Spread the word of what's happened in any relevant groups on Telegram and X, which is where some scammers choose to target crypto users.

• Reflect on what happened. Think about the social engineering tactics used against you and what made you susceptible to them. That'll help protect you from any future exploitation.

3. If you send crypto to a suspicious platform or individual: transaction exploits

You've not shared any sensitive details such as seed phrases or private keys, but you have been persuaded to send funds. That could be to invest in a seemingly unmissable opportunity, or to use a particular platform they've suggested. Now you have regrets and suspicions.

• Use a block explorer like OKX Explorer to track where your crypto went. This helps support efforts to recover your funds.

• Revoke access to smart contracts to prevent further transactions you didn't authorize.

• Contact your exchange if onramps or offramps were used. This can also support the recovery process, while limiting the scammer's ability to cash out the stolen funds.

• Employ a crypto forensics company: Specialist crypto tracing firms can help to identify perpetrators and recover lost assets on your behalf.

• Warn your community: Help others to avoid falling victim by explaining the scam and how it unfolded.

Safeguard your funds: OKX Protect

Because social engineering scams use psychological tricks to deceive victims, your best defense against them is education and vigilance online. Meanwhile, wider threats exist that you can take action to protect against. OKX is there to help.

Over on our security hub, OKX Protect, you'll find insight to the various features on our platform that are designed to safeguard you and your digital assets. That includes the self-custodial OKX Wallet, 24/7 proactive threat detection, and our dedicated cyber defense unit.