Following our recent alert regarding a sophisticated attack targeting Sahal Wallet holders [1], we are now observing a new phishing campaign targeting Trust Wallet users. This attack uses similar social engineering methods to deceive investors and steal their digital assets.
In this article, we analyze this new threat, explain how it works, and reiterate the fundamental security principles to protect your cryptocurrencies.
Anatomy of the Attack: Exploiting Legitimate Platforms
On May 28, 2026, a phishing attempt was reported, specifically targeting Trust Wallet users. The fraudulent email, bearing the official app logo, displayed an alarming message: "Secure Your Wallet - Immediate action required to protect your crypto assets". The text claimed that a login attempt had occurred and that funds had been moved.
Technical analysis of this email reveals an increasingly common tactic: the exploitation of legitimate email delivery infrastructures. In this specific case, the email originated from the address trust-session@y.kajabimail.net. Kajabi is a recognized platform for creating online courses and email marketing. By using this service, attackers often manage to bypass anti-spam filters (SPF, DKIM, DMARC), giving their message a false appearance of legitimacy [2].
This method echoes the recent attack against MRHB Network, where cybercriminals exploited SendGrid and compromised Swedish domains. The goal remains the same: to create a sense of urgency to push the victim to click on a malicious link and reveal their recovery phrase (seed phrase) or approve a fraudulent smart contract (wallet drainer).
The Context: A Surge in "Wallet Drainers"
This attack is part of a broader context of growing threats. Recently, the Indian Cyber Crime Coordination Centre (I4C) issued an official advisory regarding an active "wallet drainer" campaign specifically targeting Trust Wallet users [3].
According to this advisory, attackers often initiate contact via P2P platforms (like Binance) before moving the conversation to WhatsApp or Telegram. They then use a fake requirement for "crypto asset verification" and redirect victims to counterfeit websites (such as testwallet.site or beptest.org). Once the wallet is connected, users unknowingly approve malicious smart contract permissions, allowing attackers to drain funds in an automated and irreversible manner.
Recent statistics highlight the severity of the situation. In 2025, approximately $17 billion was stolen in cryptocurrency-related scams and fraud [4]. Phishing attacks and wallet drainers account for a significant portion of these losses.
How to Spot the Scam and Protect Yourself
To protect yourself against these attacks, it is crucial to understand how non-custodial (self-custody) wallets like Trust Wallet or Sahal Wallet work.
- The Absence of an Email Account: Trust Wallet operates via software and the blockchain. The application does not need your email address to function and will never ask you to create an account with a username and password [5]. Therefore, any email claiming to be from Trust Wallet regarding your account security is a phishing attempt.
- The Golden Rule of the Seed Phrase: Never share your recovery phrase (seed phrase) or your private keys. Official support will never ask for them.
- Beware of Urgency: Scammers create a false sense of urgency (e.g., "Immediate action required") to push you to act without thinking. Always take the time to verify the information.
- Verify Senders and Links: Carefully examine the sender's email address (here, kajabimail.net instead of trustwallet.com) and never click on suspicious links.
- Manage Your Smart Contract Permissions: Use tools to regularly revoke permissions granted to decentralized applications (dApps) that you no longer use.
The Crypto P2P Club Vision: Education as a Shield
At the Crypto P2P Club, we firmly believe that ethical financial freedom comes through knowledge. Understanding the principles of self-custody is the first step to regaining control of your assets.
Self-custody offers you total sovereignty over your funds, but it comes with increased responsibility regarding security. By staying informed about the latest phishing tactics and applying strict security rules, you can navigate the Web3 ecosystem with confidence.
We encourage you to share this alert with your network. The security of our community relies on collective vigilance.
Disclaimer: This article is provided for educational and informational purposes only. It does not constitute financial or investment advice.
References
[1] Crypto P2P Club. "Security Alert: A Sophisticated Phishing Campaign Targets MRHB Network Users". https://crypto-p2p-club.com/fr/article/alerte-securite-une-campagne-de-phishing-sophistiquee-cible-les-utilisateurs-de-mrhb-network
[2] Reddit r/CryptoCurrency. "Since I can't post a screenshot, here's a scam email that I received today". https://www.reddit.com/r/CryptoCurrency/comments/xsr6yf/since_i_cant_post_a_screenshot_heres_a_scam_email/
[3] LinkedIn. "India Warns of Crypto Wallet Drainer Campaign Targeting Trust Wallet Users". https://www.linkedin.com/posts/muthuswamy-iyer-3a2a5721_indias-mha-issues-advisory-on-trust-wallet-activity-7454881841553031168-fqtb
[4] Advanced Network Consulting via LinkedIn. Chainalysis 2025 Statistics. https://www.linkedin.com/posts/advanced-network-consulting_anc-advancednetworkconsulting-itsupport-activity-7454881841553031168-fqtb
[5] Trust Wallet Support. "How to Spot and Handle Phishing Emails: Protect Yourself From Scams". https://support.trustwallet.com/support/solutions/articles/67000734572-how-to-spot-and-handle-phishing-emails-protect-yourself-from-scams