Between May and July, investigators identified more than 600 counterfeit sites linked to the clicker game Hamster Kombat. These pages were designed to harvest Telegram accounts and siphon users into scams, according to a study cited by FACCT and reported by Vedomosti. The pattern is clear: fraudsters marshal a quick route to take over accounts and extract value from unsuspecting players in minutes.
One prevalent tactic is to lure players with access to an official bot that claims to sell in-game coins or enable withdrawals in rubles. The user is prompted to log into Telegram, and once the login happens, attackers seize control of the account. This is not just a simple phishing ploy; it is a coordinated attempt to harvest credentials and then pivot to financial theft through compromised wallets and linked services.
Another dangerous vector involves skimmers embedded in scam interfaces. These scripts grant cybercriminals direct access to victims wallets and the ability to move funds. Players who are coaxed into linking their crypto wallets to the attackers’ applications end up surrendering control of their assets. The damage can be swift and irreversible, with funds leaving wallets before the user fully realizes what happened.
Similar schemes have appeared in other well-known clicker games such as Blum and DOGS. In the Blum scenario, participants are invited to enter a promotions funnel tied to an internal currency draw, following which they are asked to connect their crypto wallets to a fraudulent app. The result is the loss of cryptocurrency assets that were meant to be secure. In DOGS, rewards are supposedly tied to the age of a Telegram account, and wallet connections are required to claim any payout, creating an easy path for attackers to gain access.
FACCT researchers also highlighted the use of Notcoin themed promotions where participants are drawn into drawings and distributions of NOT tokens. Across May to July, more than 1,000 fake resources were detected encouraging users to connect wallets to receive rewards, a tactic meant to normalize wallet authorization and blur the line between a promotional activity and a wallet takeover.
Earlier activity noted a scam pattern around Telegram Premium that targeted users, exploiting the expectation of enhanced features to trick individuals into connecting wallets or sharing credentials. The sequence typically begins with a tempting offer or a limited-time incentive, followed by a prompt to log in through Telegram and authorize wallet access. The outcome for many victims is the loss of coins or other digital assets already held in their wallets.
Experts warn that any prompt to connect a wallet or authorize a payment within a gaming or promotional context should be treated with suspicion. Users are advised to verify URLs independently, avoid clicking direct sign-in prompts from in-game popups, and enable device-level protections that can alert them to suspicious scripts. Keeping a separate, non-wallet-linked account for in-game activity adds a layer of security and reduces the risk of broad credential exposure. People should also review permission requests carefully and only authorize wallet actions from trusted, known sources. The use of multi-factor authentication and hardware wallets can further shield assets from unauthorized access.
In response to these threats, players are encouraged to adopt cautious behavior across all popular gaming ecosystems. Before engaging in any promotional event or drawing, users should independently verify the legitimacy of the hosting site and the reputation of the game. If a giveaway requires wallet connection or requests credential sharing, it is a red flag and should be avoided. The onus is on players to uphold strong security hygiene, including periodically auditing connected apps, revoking access that is no longer needed, and maintaining updated security software on their devices. The broader takeaway is clear: online gaming communities flourish when participants prioritize security alongside entertainment, ensuring that playful experiences do not slide into financially costly traps.