Be Careful: Don’t Fall for the “Verify Your Wallet” Scam

Scammers increasingly pose as crypto wallet "verification" and KYC/AML services — Sumsub, Chainalysis and the like. The victim's logic feels reasonable: "they're asking me to pass a check, so it must be serious and safe." In reality it's a trap that drains your wallet with a single signature. Here is a real case and how to avoid losing your money.

What the scam looks like

You receive a link to a site that looks exactly like the real Sumsub — same logo, same "KYC/AML and crypto compliance" copy, a big blue "Check your wallet" button. Only the domain is fake — for example sumsubverified.com instead of the official sumsub.com.

The site then asks you to open it as a dApp inside your wallet (Trust Wallet, a TON wallet, MetaMask) and "confirm your wallet for verification." A "Confirm transaction" screen appears: source — your address, DApp — sumsubverified.com, and inside it a TriggerSmartContract call with cryptic data. Many people tap "Confirm" without reading. That tap is the theft.

How the drainer actually works

No "verification" happens. The button hands you a smart-contract approval to sign. By signing, you grant a stranger's contract the right to move your tokens without limit. Seconds later a drainer bot sweeps your USDT and other tokens to the scammer's address. On-chain transfers can't be reversed.

The core trick is a swap of meaning: a genuine source-of-funds check requires no action with your wallet. It's done from a public address — you simply provide the address or a transaction hash. Any "verification" that asks you to connect, confirm or sign in your wallet is theft.

🚩 Red flags

• "Confirm / connect your wallet to verify it" — real verification never works this way.
• A transaction signature, approve or connect-wallet on a "verification" site — that's handing over access to your funds.
• Look-alike domain: sumsubverified.com, -check, -kyc, -app, etc. The official Sumsub is only sumsub.com, and it does not DM an exchanger's clients.
• Urgency and pressure: "your funds will be frozen," "verification expires in 10 minutes."
• The link came from a "manager" in DMs or an unknown contact. Always cross-check the account against the official one.

How verification at CoinPoint really works

We do run an AML source-of-funds check — but safely and without any access to your wallet:

• We never ask you to connect a wallet or to sign/confirm a transaction on any website.
• To check, it's enough to send your wallet address (a public string) or a transaction hash — that's all we need to assess risk.
• We don't send links to third-party "verification services" and we don't rush you into signing anything.
• We talk only through official channels: @Coinpointex and our offices.

Simple rule: if a "check" asks you to do something in your wallet, close the page. If it asks you to name an address, that's fine.

What to do if you already confirmed

Act fast — with drainers it's a matter of minutes:

• Revoke approvals: via your wallet's permissions section or a tool like revoke.cash — cut off the suspicious contract's access.
• Immediately move the remaining tokens and native coin to a new, clean wallet (generate a new seed).
• Treat the old wallet as compromised — stop using it and its seed phrase.
• Tell us — we'll help you sort it out and check the new address before exchanging.

Exchange crypto where it's safe

No "wallet connections," no signatures — come to an office or message a manager, and we'll agree on the rate and terms directly:

• Antalya, MarkAntalya — Muratpaşa, Kızılsaray Mah., 77. Sokak No:1.
• Antalya, Lara — Muratpaşa, Barınaklar Bulvarı 27A.
• Istanbul — Fatih, Ankara Caddesi No:6.

Live rate & contact: @Coinpointex or offices on the website. Stay safe 🙏