Crypto Exchange Listing Scam

Think twice before opening emails from alleged crypto exchanges.


A crypto exchange listing scam is a type of scam in which the victim is led to believe that it was reached by a representative of a crypto exchange, offering to list the tokens of the project that the victim is working on.

Crypto exchange scam

Scam type

Social Engineering. Email spoofing.


The purpose of this attack is to get the victim to open the email attachment infected with malware or to click an email in the email link that leads the victim to a phishing site. If the victim opens the attachment and the malware is successfully installed, the malware will try to access the victim’s wallet and/or web browser and transfer all crypto to the attacker. If the phishing link is clicked, all of the victims details and/or login information will be collected by the attacker.


The attacker is a power user who browses various crypto groups on Telegram and Discord, targeting admins, moderators, developers, or other team members. The attacker presents itself as an agent of the exchanges and offers the victim a chance to list their coins/tokens on the exchange. Most of the time, attackers are impersonating agents of legit exchanges.


The victim of these attacks are users who work on various crypto projects on Telegram, Discord, and other popular crypto platforms. Victims are often administrators, moderators, or team members of crypto projects who would like to see their crypto assets listed on exchanges.

How does the crypto exchange listing scam work?

For the attacker to succeed, the user has to take the following actions:

  • The user is contacted by the attacker on Telegram, Discord or other popular crypto platforms.
  • The attacker presents himself as an agent, working for an established and legit crypto exchange.
  • The attacker asks for the email address of the victim. The attacker will use the email address to initialize email spoofing of the victim. This is the reason why the attacker is asking the victim for an email address, rather than requesting an email to be sent from the victim. By sending the email, the attacker forges a fake email header, making it look like the email is coming from the actual legit exchange.
  • If the user doesn’t recognize the fake email header, but opens an email and proceeds to either download the attachments or click on links, the user becomes a victim. The users will either get infected by malware or he will fall for phishing.

How to protect yourself?

The best way to protect yourself from these types of attacks is to never trust unknown people claiming to be representatives of crypto exchanges. Typical crypto exchanges are serious, well-managed companies that certainly don’t waste time randomly contacting Telegram users for free listings. Most of the centralized exchanges require payment to list the tokens.

For maximum protection:

  • Do not trust random strangers who contact you on Telegram or Discord.
  • Do not open emails sent from unknown sources.
  • Do not open email attachments from unknown sources.
  • Make sure your computer has an up to date antivirus software installed.
  • Consider using a cold wallet to store your crypto.

Stay safe out there.

Written by Scam Buster

A cryptocurrency investor and a journalist by day, Scam Buster spends most of the daytime refreshing his portfolio and taking coffee breaks. By night, however, he sheds all pretense and takes to the shadowy URLs of the Internet, busting scammers wherever he goes.

crypto hijack via email malware

Crypto Hijack via Email Attachment