Real Crypto Exchange Support vs Fake-Support DM
How to tell a genuine exchange support interaction from a fraudulent direct message posing as customer service in order to steal your funds or credentials.
Last reviewed: 1 June 2026
Most support interactions with a crypto exchange are dull and one-directional. You notice a problem, you open a ticket through the exchange's own website or in-app help centre, you get a reference number, and a reply arrives hours or days later asking you to confirm something inside your own account. Nothing is dramatic and nothing is urgent. The fraudulent version works because it arrives at the exact moment you are stressed and public about it. Fraudsters watch exchange hashtags, Discord servers, Telegram groups and Reddit threads for people describing a locked account or a stuck withdrawal, then message privately with a friendly, competent tone and a handle that looks almost right. The one distinction that matters is direction of contact. Genuine support responds to you. It never arrives first in your inbox.
Side-by-side comparison
| Genuine crypto exchange support | Fake support DM or impersonator | |
|---|---|---|
| How support is initiated | You contact the exchange through their official website's verified support portal, live chat widget, or email listed on their domain | Support contacts you first via Twitter DM, Discord, Telegram, or Reddit private message in response to a public complaint you posted |
| Account access requests | Support asks you to verify identity through your account settings or via official identity verification — never asks for your password or seed phrase | Asks you to share your password, private key, recovery seed phrase, or to connect your wallet to an external site to 'restore access' |
| Verification process | Account verification is handled within your account portal — logging in, uploading ID, confirming via registered email | Asks you to paste your seed phrase into a form, connect your wallet to an external site, or share your screen |
| Communication channel | All official communications originate from the exchange's verified domain (e.g. [email protected]) or official in-app messaging | DM comes from an account with a username resembling the exchange's but with subtle differences (extra underscore, number suffix) |
| Resolution approach | Issues are resolved through documented processes — account review, KYC re-submission, or email ticket — with a reference number | Promises immediate resolution if you take a specific action 'right now', creating urgency to prevent you from pausing to verify |
Common red flags
- Support contact was initiated by someone else, not by you through official channels
- Request for your seed phrase, private key, or wallet recovery phrase under any circumstances
- Request to connect your wallet to an external website to 'verify' or 'restore' your account
- Support agent is communicating via Telegram, Discord, or Twitter DM rather than an official support ticket system
- Urgency language suggesting your funds are at risk unless you act immediately
Verification steps
- Open a support ticket directly through the exchange's official website — type the URL yourself rather than clicking any link
- Check the exchange's verified social media accounts for warnings about impersonators
- Never share your seed phrase with anyone — a legitimate exchange has no mechanism that requires it
What not to do
- Do not share your seed phrase, private key, or wallet password with any 'support' contact
- Do not connect your wallet to any external site recommended by someone in a DM
- Do not follow support instructions received via Telegram, Discord, or Twitter DM without verifying through the official website
A safe response
Stop replying and give yourself permission to be slow. Do not act on anything the message asks for, even if it sounds routine. Close the chat, open a new browser tab, and type the exchange's address yourself rather than following any link you were sent, then raise a ticket from inside your account so the reply comes back through a channel you own. If someone presses you, a flat "I only deal with support through my account" is enough, and you owe no further explanation. If you have already shared a recovery phrase or private key, treat that wallet as lost and move the remaining assets to a newly created wallet straight away. If you sent funds, report it to the exchange and your bank or card provider; they decide what is recoverable.
Frequently asked questions
They knew details about my account, so surely they must be real?
Not necessarily. Most of what convinces people is information you posted yourself when asking for help publicly, such as the exchange you use, the type of problem, and roughly when it started. Some details also circulate from earlier data breaches. Knowing your email address, your name, or the nature of your issue proves nothing about who is messaging you. Real support already sees your account, so it never needs to prove itself by reciting facts at you.
An account with the exchange's official name reached out to me on Twitter — is it real?
Probably not. Twitter allows any account to use any display name; the username (handle) is what identifies an account uniquely. Cross-check the handle against the exchange's official verified account linked from their website. Official exchanges do not initiate support via DM.
I gave my seed phrase before I realised — what should I do?
Act immediately. Transfer all assets from the compromised wallet to a brand-new wallet you have just created, before the scammer does. Your current wallet should be treated as fully compromised — any assets remaining are at risk of being drained at any moment.