“Secure your tokens.” “Immediate action required.” A warning that your Trust Wallet could be exposed, even if everything looks normal. Then a single button that promises certainty in seconds: “Scan Your Wallet.”
It reads like a real incident update. Calm words wrapped around a quiet threat: act now, or lose everything.
And that is where the trap is.
Because this scam does not break into your wallet. It convinces you to open the door yourself, just long enough to take what you can’t get back.
Scam Overview
The “Trust Wallet Urgent Security Notice” scam is a phishing campaign designed to impersonate Trust Wallet and trick users into “securing” their wallet through a fake tool or fake security flow. The email typically claims Trust Wallet discovered a breach or “malicious attack,” warns that millions of users may be affected, and insists that every recipient must assume exposure until they “scan” their wallet.
It often looks like the email you shared, with language such as:
That last line is especially manipulative because it is true. The scam mixes real facts about crypto with fake claims about Trust Wallet’s infrastructure to create a believable panic.
What the scammers want
These emails lead to scam websites that aim to do one of two things:
Steal your seed phrase (recovery phrase) by asking you to “verify,” “restore,” or “secure” your wallet.
Drain your wallet through malicious on-chain actions by pushing you to connect your wallet and approve permissions or sign transactions that give attackers control.
Both paths end the same way: your assets leave your wallet and you cannot reverse it.
Trust Wallet has repeatedly warned users about phishing attempts, including emails impersonating support and asking for sensitive information like recovery phrases or private keys.
Why the email sounds so convincing
This scam works because it uses a familiar crisis template:
A scary claim (breach detected, infrastructure compromised)
A personal threat (your wallet may be exposed)
A list of consequences (unauthorized transfers, drained assets)
A single “official” solution (click this tool, scan now)
Pressure and urgency (time is critical, act immediately)
A safety disclaimer (“we will never ask for your seed phrase”)
That last part is a psychological trick. Including a warning about seed phrases makes the email appear legitimate, even as it leads you to a page that eventually asks for the seed phrase anyway, sometimes indirectly. For example, a fake “scanner” might “detect risk” and then instruct you to “re-authenticate your wallet” by entering the recovery phrase.
Trust Wallet’s own guidance emphasizes that scammers often impersonate Trust Wallet and attempt to obtain recovery phrases, and that users should treat these messages as phishing.
The “scan your wallet” idea is the bait
A key giveaway is the concept that you must “scan” your wallet through a link in an email to check whether it is compromised.
In self-custody wallets, your funds are not stored on Trust Wallet’s servers. Your wallet is a set of keys that let you sign transactions. Attackers cannot “compromise” your wallet the way a website account can be compromised, unless they trick you into giving away your keys (seed phrase/private key) or trick you into authorizing transactions and permissions.
Trust Wallet does ship security features and scanners inside the app experience, but an email that pushes you to a random “security tool” website is a classic phishing pattern.
Common versions of this scam
Even when the core story stays the same, the packaging changes constantly. You may see:
“Trust Wallet Security Verification”
“Wallet Compliance Update”
“New Security Patch Required”
“Suspicious Login Attempt Detected”
“Critical Vulnerability: Secure Your Assets”
“Your Wallet Will Be Restricted in 24 Hours”
Security outlets have documented similar Trust Wallet impersonation emails that pressure users into verification flows that lead to phishing pages.
What the scam site usually does
After you click, the fake site often looks polished and “corporate.” It may use:
Trust Wallet branding and colors
A fake progress bar (“Scanning wallet… 42%”)
A fake results screen (“AT RISK”)
A big call to action (“Secure Now”)
From there, it typically funnels you into one of these traps:
Trap 1: Seed phrase capture
The site asks for your 12-word or 24-word recovery phrase, sometimes framed as:
“Import wallet to complete scan”
“Confirm ownership”
“Restore session”
“Re-encrypt wallet”
“Synchronize wallet”
“Fix compromised permissions”
If you type that phrase, the scam is essentially over. Anyone with the recovery phrase can recreate your wallet and move funds.
Trap 2: Wallet connection and draining
Instead of asking for words, the site asks you to connect via WalletConnect (or similar). The site then pushes on-chain actions like:
approving token spending
granting broad permissions
signing a deceptive message
signing a transaction that transfers assets
interacting with a malicious smart contract that drains funds
Trust Wallet and other security resources warn that token approvals and wallet drainers can silently empty wallets after a user signs or approves the wrong thing.
Who this scam targets
It targets everyone, but it is especially effective against:
Newer crypto users who think wallets work like bank accounts
People who recently downloaded Trust Wallet and are still learning
Users holding multiple tokens and using dApps, making approvals feel normal
Anyone already stressed about crypto security or recent hacks in the news
The “200M users” style line is there to normalize the email. It suggests you are part of a huge crowd, so the message must be real. But scammers routinely borrow big numbers and “audit” language to sound credible.
The biggest red flags
If you remember nothing else, remember these:
Any email pushing you to “scan” your wallet through a link is suspicious.
Any site asking for your seed phrase is a scam.
Any urgent timer is a manipulation tactic.
Any “support agent” that contacts you first is likely fake.
Trust Wallet’s support content specifically calls out impersonation, urgent language, and requests for recovery phrases as key phishing warning signs.
How The Scam Works
Below is the typical step-by-step flow, with the small tricks that make it feel real.
Step 1: The scammer manufactures a crisis
The email starts with a “critical security incident” story.
It claims Trust Wallet detected a malicious attack that “compromised parts of infrastructure,” and that user wallets may have been “exposed to unauthorized access.” It usually includes a comforting line like “We have contained the breach,” paired with a scary line like “your wallet may still be at risk.”
This is classic social engineering: comfort and fear, in alternating waves, to keep you engaged.
Step 2: They use irreversible crypto as a pressure weapon
The message reminds you that blockchain transactions are irreversible.
That is true, and that truth is what makes the lie work.
When people hear “irreversible,” they stop thinking about careful verification and start thinking about speed. Scammers want speed. They want you to click before you check.
Bitdefender and other security writers regularly highlight urgency and “verify now” language as core elements of wallet phishing campaigns.
Step 3: The email includes just enough “security language” to sound legitimate
Notice the pattern in many of these emails:
“forensic investigation”
“blockchain investigators”
“compromise indicators”
“suspicious permissions”
“exploit patterns”
“security tool”
Most recipients cannot easily verify these claims, but the wording feels like what a real company might say.
Scammers also add a “safety warning” like “Trust Wallet will never ask for your seed phrase.” That line is often copied from real safety guidance to build credibility.
Step 4: The click leads to a lookalike website
When you click “Scan Your Wallet Now,” you are redirected to a scam domain.
Sometimes it is an obvious fake. Sometimes it is subtle:
extra letters
swapped characters
hyphens and subdomains that look “official”
a shortened link that hides the real destination
Once you land, the page is built to reduce hesitation:
Trust Wallet logo
familiar UI layout
badges like “audited” or “secure”
fake counters and fake alerts
Many scam writeups describe this exact setup: official-looking pages designed to lure users into entering recovery phrases or connecting wallets.
Step 5: The “scan” is a performance, not a security check
The scam site often pretends to scan your wallet.
Technically, a website can read your public wallet address and view transactions, because blockchains are public. But that is not a security scan. That is just looking at public data.
The fake scan typically does one of these:
asks you to paste your wallet address
reads your address after you connect your wallet
runs a fake progress animation and generates a predetermined result
Almost always, the result is “AT RISK” or “COMPROMISED,” because that pushes you into the next step.
Step 6: They funnel you into the theft mechanism
At this point, the scam chooses its weapon.
Path A: Recovery phrase theft
The site tells you your wallet is at risk and needs “verification.”
Then it asks for your seed phrase, often with language like:
“Enter your 12-word phrase to secure your wallet”
“Restore wallet to remove malicious access”
“Confirm ownership to revoke exploit permissions”
This is the simplest theft path. It does not require smart contracts or trick signatures. It relies on a single mistake: typing the phrase.
Trust Wallet’s own scam guidance is explicit: real support will never ask you for your recovery phrase, and phishing emails often do exactly that.
Path B: Connection plus wallet draining
If the scam site does not ask for the phrase, it tries to get you to connect.
It may show buttons like:
Connect Wallet
WalletConnect
Trust Wallet
MetaMask
Coinbase Wallet
Once you connect, the site tries to get you to approve something.
This is where many users get trapped, because connecting to dApps is normal in crypto. The page might claim the approval is needed to “scan,” “revoke,” or “secure.”
In reality, the site is preparing one of these drains:
1) Token approval trap
The dApp asks you to approve spending of a token.
Approvals can be unlimited, and they can persist even after you close the site. If you approve a malicious spender address, the attacker can later pull tokens from your wallet.
This risk is widely documented across the crypto ecosystem, and Trust Wallet has published guidance specifically about token approvals and wallet drainers.
2) NFT or “set approval for all” trap
For NFTs, a malicious contract may request broad operator permissions. One approval can allow sweeping of multiple NFTs.
Users often do not realize how broad the permission is because the wallet UI may not describe it in plain language.
3) Signature deception
Some sites ask you to “sign a message,” which feels harmless.
In many cases, signing a message is safe. But scammers can craft signing flows that authorize something you did not intend, or that is later used as part of a bigger exploit or takeover attempt.
The safest mindset is: if you do not understand why you are signing, do not sign.
4) Direct transfer transaction
The worst-case version is simple: it asks you to sign a transaction that sends funds away, disguised as a security action.
If you confirm, the funds move immediately.
Step 7: The scam either drains instantly or drains later
Some victims lose funds right away.
Others only get drained later, which is even more confusing. This delayed drain often happens with token approvals, where the attacker waits for a convenient moment or monitors the wallet for new deposits.
That is why “nothing happened” immediately is not proof you are safe.
Step 8: The scam adds secondary traps to keep extracting value
After a theft, scammers often try again.
They might:
send a follow-up email pretending to offer “recovery”
direct you to a fake support chat
tell you to pay a “security fee” or “gas fee” to unlock funds
send DMs on social media pretending to be Trust Wallet support
Trust Wallet has warned that scammers often impersonate support and direct users to fake websites or ask for seed phrases.
Step 9: Why victims blame themselves, and why they should not
These scams are engineered to feel like compliance, not risk.
The email sounds like a safety notice. The website looks like a tool. The steps resemble the normal crypto experience: connect, approve, sign.
The emotional trick is that it turns your instinct for self-protection into the very action that compromises you.
This is not about intelligence. It is about timing, pressure, and design.
Step 10: What “real” security communication usually looks like
To protect yourself going forward, it helps to know what legitimate patterns look like:
Real updates are usually posted on official channels you can navigate to yourself, not pushed with a one-click “fix” link.
Real wallet providers do not need your seed phrase for anything, ever.
Real security tools do not require you to “restore” a wallet on a random website.
Real safety guidance emphasizes verification, not urgency.
Trust Wallet’s own phishing guidance encourages users to watch for impersonation, verify addresses/domains carefully, and never share recovery phrases.
How to spot the scam emails and scam websites
Red flags in the “Urgent Security Notice” emails
These emails are built to feel like a real incident report, but the details usually give them away.
Look for these warning signs:
Urgency and pressure: “IMMEDIATE ACTION REQUIRED,” “Time is critical,” “Scan now,” “Do not delay.” Scammers rely on panic to stop you from checking anything.
A fake “security tool” link: Any email pushing you to “scan your wallet” through a button is a huge red flag. Trust Wallet’s own guidance focuses on avoiding phishing links and never sharing recovery phrases.
Infrastructure breach claims that don’t match how wallets work: Messages that imply Trust Wallet “infrastructure” exposure means your self-custody wallet is compromised are usually trying to blur the line between an app provider and your private keys.
Safety disclaimer used as camouflage: Many scam emails include lines like “Trust Wallet will never ask for your seed phrase,” then send you to a page that does exactly that. Trust Wallet repeatedly warns that real support will never ask for your seed phrase or private keys.
Sender and link mismatches: The display name may say “Trustwallet,” but the sender domain is unrelated, and the button link goes to a lookalike domain or a shortened URL.
Generic greeting: “Dear Trustwallet User” instead of your name, plus broad claims like “millions of users affected.”
One single path to safety: Real security guidance gives you options and encourages verification. Scam emails insist there is only one “official link” and it must be used immediately.
Quick rule: if an email tries to move you from your inbox to a website to “fix” a wallet, assume it’s a phishing attempt until proven otherwise.
A safe way to verify without clicking anything risky
If you receive an email like this, do this instead:
Do not click the button.
Open the Trust Wallet app directly (from your phone, not from the email).
Check official Trust Wallet help pages by typing the address yourself or using in-app support links.
If you still feel unsure, treat it as phishing and report it in your email provider.
Trust Wallet’s own phishing guidance is very clear about impersonation attempts and the danger of sharing recovery phrases.
Red flags on scam websites pretending to be Trust Wallet
Once you land on the scam site, it typically tries to funnel you into one of two traps: seed phrase theft or wallet draining.
Here’s how to spot it fast.
1) Any request for your seed phrase is an instant stop
If the page asks for a 12-word or 24-word recovery phrase, it’s a scam.
No “scanner,” “validator,” “security tool,” or “support agent” needs your seed phrase. Ever. Trust Wallet repeats this across its security resources.
Common scam wording includes:
“Restore wallet to scan”
“Verify ownership”
“Re-sync wallet”
“Re-encrypt wallet”
“Fix compromised wallet”
2) Fake scan animations and guaranteed “AT RISK” results
Scam sites love:
progress bars
rotating “checking blockchain” messages
a dramatic result like “COMPROMISED”
It’s theater meant to push you into the next step.
3) “Connect Wallet” used as a weapon
Connecting a wallet is not automatically dangerous, but scam sites use WalletConnect-style flows to trigger malicious approvals or transactions.
Wallet drainers commonly rely on users clicking connect and then approving something “routine.”
4) Suspicious approval requests
If you see prompts to approve token spending or NFT permissions, slow down.
A common drainer technique is getting users to sign unlimited approvals, which can let a malicious dApp drain tokens later.
Watch for:
approvals with very high or unlimited amounts
“SetApprovalForAll” style NFT permissions
repeated prompts that don’t match what you intended to do
5) Lookalike domains and “almost right” branding
Even if the site looks perfect, the domain often exposes it:
extra words (security, scan, verify, support)
strange hyphens or subdomains
slight misspellings
Do not trust the logo. Trust the domain, and your own process.
Fast checklist you can memorize
If you want a simple gut-check, use this:
Email says urgent + has a big button: suspicious
Website asks for seed phrase: scam
Website says connect wallet to “secure” funds: high risk
Wallet prompt asks for unlimited approvals: danger
Anything feels rushed: stop and verify from the app, not the link
If you already connected to a suspicious site
Even if you did not type a seed phrase, you should still protect yourself:
Disconnect the session in your wallet
Check and revoke approvals using a reputable tool like Revoke.cash
Move assets to a fresh wallet if you approved anything you do not fully understand
If you want, paste the scam domain (just the domain, not a clickable link) and I’ll point out the specific red flags to document in your article.
What To Do If You Have Fallen Victim to This Scam
If you clicked, connected, or entered anything, take a breath.
You do not need to panic, but you do need to act with purpose. The right steps depend on what exactly happened, so the list below is structured from highest risk to lower risk.
If you entered your seed phrase anywhere, treat the wallet as fully compromisedCreate a brand-new wallet with a brand-new recovery phrase on a trusted device.Move any remaining funds to the new wallet immediately. Do not reuse the old phrase. Do not “test” it again on any website.
If you connected your wallet to the scam site, disconnect sessions right awayIn your wallet, look for connected dApps / WalletConnect sessions and disconnect anything you do not recognize.If you are unsure, disconnect everything and reconnect only to services you trust.
Check for token approvals and revoke anything suspiciousIf you approved a token spend, NFT operator, or any permission, revoke it.Use a reputable approval checker such as revoke.cash, or the built-in approval management tools your wallet provides. Focus on:
unlimited approvals
unfamiliar spender addresses
approvals created around the time you clicked the email
Move funds to safety if you suspect any approval was grantedEven after revoking approvals, consider moving assets to a fresh wallet if the situation feels unclear.This is especially important for high-value assets or tokens that are frequently targeted.
Review recent transactions and save evidenceTake screenshots of:
the email
the scam website URL
any prompts you saw
transaction hashes (txids) for approvals or transfers
This helps with reporting, exchange support, and future prevention.
If funds were stolen, check where they went, but do not chase “recovery” offersYou can view transfers on a block explorer and see destination addresses.But avoid anyone claiming they can recover your crypto for a fee. That is often a second scam layered on top of the first.
If you used the same password on your email account, change it immediatelyMany victims get targeted again because scammers now know the email is “active.”Change your email password, enable 2FA, and review recent login activity.
Scan your device for malware and remove unknown browser extensionsSome scam pages try to push malicious extensions or downloads.Remove anything you do not recognize, and run a full malware scan on the device you used.
Secure your accounts if you also use exchangesIf you were logged into an exchange on the same device, tighten security:
change passwords
enable 2FA
review API keys
check withdrawal address whitelists
If you sent funds to an exchange address during the incident, contact that exchange’s support with the transaction hash.
Report the scamReport the phishing email as phishing in your email provider.If you have the domain, report it to the domain registrar and the hosting provider when possible.Also consider reporting to local cybercrime reporting channels in your country, especially if the loss is significant.
Do a calm “next 48 hours” watchIf you did not enter a seed phrase but you did connect, watch for:
unexpected approvals
small “test” transfers
sudden token withdrawals
If anything looks wrong, move assets to a new wallet immediately.
Reset your security habits going forwardGoing forward, use a simple rule:
Never click wallet “security” links from emails.
Navigate to official apps and official domains manually.
Never share your seed phrase, no matter how urgent the message sounds.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
The Bottom Line
The Trust Wallet Urgent Security Notice scam is not clever because of code. It is clever because of timing, fear, and familiarity.
It borrows the language of real security updates and pairs it with the one action that can ruin a self-custody wallet: handing over your recovery phrase, or approving the wrong permission.
If you remember one thing, make it this: no legitimate wallet security process starts with an email link that tells you to “scan” your wallet. When in doubt, stop, close the page, and open your wallet app directly.
And if you already clicked, you are not alone. Focus on the practical steps, secure what you can, and treat every “urgent” message after that as a potential follow-up trap.
FAQ
What is the Trust Wallet “Urgent Security Notice” scam?
It’s a phishing email (and sometimes SMS or social message) that pretends to be Trust Wallet and claims there’s a critical security incident. It pushes you to click a “Scan Your Wallet” link that leads to a fake site designed to steal your recovery phrase or trick you into approving malicious transactions.
Is Trust Wallet actually hacked when I get an email like this?
In most cases, no. Scammers often invent a “breach” story to create panic and urgency. Always verify any real incident only through official Trust Wallet channels you navigate to yourself, not a link inside an email.
Does Trust Wallet send emails asking me to scan my wallet?
A legitimate wallet provider will not require you to click an emailed “security scanner” link to keep your funds safe. Treat emails that demand immediate action and push a scanning tool as highly suspicious, especially if they include a button and urgent language.
What are the biggest red flags in these emails?
Common red flags include:
Urgent, threatening language like “IMMEDIATE ACTION REQUIRED”
Claims that “millions of users” are at risk
A big button that says “Scan Now” or “Secure Wallet”
Links to unfamiliar domains
Any request to “verify” your wallet using a website
What should I do if I already clicked the link but did not enter anything?
Close the page. Then:
Disconnect any active WalletConnect or dApp sessions you do not recognize
Check recent activity for approvals or transactions you do not recognize
Consider moving funds to a fresh wallet if you connected and interacted in any way
What if I typed my 12-word or 24-word recovery phrase?
Assume the wallet is fully compromised. Act immediately:
Create a brand-new wallet with a brand-new recovery phrase
Move remaining assets to the new wallet right away
Do not reuse the old recovery phrase for anything, ever
Can scammers steal funds without my seed phrase?
Yes. If you connected your wallet and approved a malicious contract or unlimited token spending, attackers can drain assets without needing your recovery phrase. That is why approvals are dangerous.
What does “connect your wallet” actually allow a website to do?
Connecting lets a site see your public wallet address and request actions. The real danger comes when the site asks you to approve token spending, set NFT operator permissions, or sign transactions.
What are “token approvals” and why are they risky?
Token approvals are permissions that allow a contract or address to spend your tokens. Many scams trick users into granting unlimited approvals. The attacker can then pull tokens later, even after you leave the site, until you revoke that permission.
How do I revoke malicious approvals?
Use a reputable approval checker for the blockchain you were on, or the approval management features in your wallet if available. Revoke anything you do not recognize, especially unlimited approvals created around the time you clicked the scam link.
If my funds were stolen, can I get them back?
Sometimes you can recover a portion only if:
The funds hit a centralized exchange that can freeze assets, and
You contact the exchange quickly with transaction details Most on-chain transfers are irreversible. Be very cautious of “recovery services” that ask for upfront fees in $. Those are often follow-up scams.
Why does the scam email say “Trust Wallet will never ask for your seed phrase” and then tries to get it?
That line is used as camouflage. It lowers your suspicion and makes the email feel legitimate. Scammers copy real security advice, then lead you to a page that violates it.
How can I tell if a Trust Wallet link is real?
Do not rely on the email at all. Instead:
Open your Trust Wallet app directly
Go to official support pages from within the app or from a trusted source you type in yourself
Avoid clicking shortened links or unfamiliar domains
What if I connected my wallet but rejected the transaction prompt?
That is a good sign, but still take precautions:
Disconnect the session
Check whether any approvals were granted (sometimes approvals happen in separate prompts)
Monitor the wallet for unexpected approvals or transfers over the next 24 to 48 hours
Does this scam also target NFTs?
Yes. Many wallet drainer scams focus on NFTs by requesting “set approval for all” or operator permissions. If granted, an attacker can sweep multiple NFTs quickly.
What should I do to protect myself going forward?
A practical checklist:
Never enter your recovery phrase on any website
Never act on urgent wallet emails
Use a separate “cold” wallet for long-term holdings
Keep only spending funds in the wallet you connect to dApps
Review approvals periodically, especially after connecting to new sites
I have $0 in that wallet. Should I still worry?
If you entered your recovery phrase or granted approvals, the wallet is still compromised. Scammers may watch it and drain any funds you add later. If the phrase was exposed, do not use that wallet again.
Why am I getting these emails if I never used Trust Wallet?
Scammers blast millions of addresses. They do not need to know what wallet you use. They only need a small % of people to click, panic, and comply.
Should I report the scam email?
Yes. Mark it as phishing in your email provider. If you lost funds, keep screenshots, the scam URL, and transaction hashes, then report to relevant platforms (exchanges if involved) and local cybercrime reporting channels.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
