A documented case of OTC fraud using Telegram account cloning and a human man-in-the-middle relay. No hacking involved — just two phones and social engineering.
How it works:The scammer poses as an OTC exchange admin in Telegram groups. Once a deal is agreed, they clone the victim's Telegram profile — same photo, same display name, username off by one character — and contact the real exchange impersonating the client. Both parties show up at a legitimate licensed office. All communication runs through the scammer's relay.
```
VICTIM ──→ [SCAMMER] ──→ REAL EXCHANGE
↑ | |
└── 10 USDT forwarded |
└── YOUR wallet replaced with HIS
```
He swaps the wallet address for his own. A test transaction is forwarded to the victim to fake verification. The victim confirms. The full transfer — ₽10M in USDT — lands in the scammer's wallet.
Why it works:Nobody checks @usernames character by character. In-person meetings create false trust — the office was real, the staff was real, the scam happened inside the Telegram thread. Test transactions provide false security when the source address isn't verified. Both parties did everything right: verification, test transfer, real office. The scammer didn't break any security measure. He just sat between them.
One check that stops it:Verify the counterparty's @username letter by letter before any deal. Takes 5 seconds. Stops 100% of clone-based attacks.
Red flags:
- Admin DMs you first after you post a buy/sell request
- No voice or video call before a large deal
- Wallet address requested via Telegram only, not verbally in person
- Test transfer arrives from an address you haven't verified
Full investigation with step-by-step breakdown, reconstructed scammer messages, and red flags:
https://cryptostrapon.com/stories/telegram-otc-impersonation
