5 Scam Schemes in Telegram That Will Be Relevant in 2026
Scam equals Telegram. The messenger has long become a haven for scammers, but what they've come up with now will, I think, surprise you greatly. In this article, we cover the top 5 scam schemes that will be working in 2026. Two-click account hijacking, crypto theft through username purchases, wallet address swapping during transfers. And this is just the tip of the iceberg. The fifth scheme will make you question whether security is even possible.
1. Two-Click Account Hijacking
Just recently, my account nearly got hacked before I could even press two buttons. I came across a Telegram bot, clicked "Start," and it immediately requested an authorization code—the very code that is the key to your Telegram account. The thing is, I hadn't entered my phone number; I just clicked "Start" in the bot, and somehow the code was sent to me right away.
Before we dive into how this works (I spent several hours researching it but finally figured out the mechanism), let's look at how classic Telegram phishing operates.
What is phishing? It's the creation of a fake resource where a victim enters their login and password, which are then sent to criminals. In Telegram's case, the login and password are your phone number and the authorization code. Once entered, hackers generate a session file on their server—the key to accessing your account. Phishing in Telegram is extremely common and remains one of the primary hacking methods.
But in my case, I didn't even enter my number. How did they send me the code? This is where bots like "Glaz Boga" (Eye of God) or "Dukhlis" come into play. They've already collected data on millions of users in CIS countries, including IP addresses, names, and locations. Now, phishing has merged with leaked databases. When a person clicks "Start," the phishing service instantly sends an API request for a data lookup based on your Telegram ID. If your data is in the database, they get your phone number, and the service automatically sends the authorization code to your account. All you have to do is enter it.
Why Are Accounts Hacked?
- Mass Resale on Marketplaces. Accounts are sold for pennies. For instance, on LZT Market, there are currently over 2 million accounts for sale, including hundreds of thousands of hacked ones (often labeled "phished" or "from panels").
- Mass Messaging of Contacts. Hackers send bulk messages to the victim's contacts asking to borrow money. If someone agrees, an order is created in a P2P bot. The scammer copies that wallet address, sends it to the good samaritan, and ends up with clean crypto through the P2P exchange.
- Scraping for Crypto Wallets. Hacked accounts are automatically scanned for the presence of crypto wallets. If funds are found, they are instantly transferred to the scammers' wallets.
2. Stealing Funds Through Username Purchases
I constantly get messages from subscribers asking, "Is this real or a scam?" They receive offers to buy their ordinary, worthless username for 3,000 TON, suggesting they use the official Fragment bot for the deal. The person visits the Fragment site, sees that Telegram usernames are indeed traded there (some for huge amounts), and they aren't asked for any upfront payment. So where's the catch?
Scammers send a fake Fragment bot. It looks identical to the real one: all links and buttons lead to the actual site, so there's no suspicion. But to complete the transaction, the victim needs to connect their crypto wallet to receive the funds. Upon connection, a drainer is triggered—a malicious smart contract that empties the wallet.
This scheme isn't targeting a specific person; it's a numbers game. Among hundreds of millions of users, some will have tens or even hundreds of thousands of dollars in their wallets. The methods to drive traffic to these drainers are varied. Telegram is just a small part; scammers also create fake versions of official exchanges and services to funnel traffic.
3. Crypto Interception via Wallet Swapping
The idea of intercepting crypto through browser extensions isn't new, but in Telegram, it takes on a new form. Telegram channels advertise a free browser extension supposedly for Trading View (the largest crypto chart analysis service). The extension promises to activate an indicator called "Vision of God" that predicts chart movements.
People install it, use it for weeks, sometimes even make profits. Then, at a crucial moment when they copy a wallet address to make a transfer, the extension swaps the address in the clipboard. The funds are sent straight to the scammers.
4. Fake Support Services
Recently, some acquaintances of mine lost $3,000 this way. They were making a transaction on a DEX (a decentralized, somewhat complex exchange) and ran into an issue—their funds seemed stuck. In a panic, they searched for support and typed "SushiSwap Support" into Telegram instead of going to the official website. They found a fake "specialist" who asked for $3,000 to "unfreeze" the transaction, promising it would all be returned.
Creating a fake account on Telegram is trivial. On a site like BestChange, you can find hundreds of crypto exchangers, each with its own Telegram support. And each of those legitimate support accounts has dozens of clones. When users search for a name instead of using a direct link, there's a high chance of landing on a scammer. In SushiSwap's case, they have no official support on Telegram. Anyone contacting you on Telegram claiming to be from them is 100% a scammer.
Before the Main Scheme
Before I reveal what is arguably the most ingenious Telegram account hijacking method, consider this: the average cybercriminal makes only $3,000–$5,000, lives in constant stress, and fears a knock on the door. Meanwhile, the average admin of a crypto Telegram channel with just 5,000 subscribers makes the same $3,000–$5,000, but with the potential to scale up, and without the paranoia. You can find legitimate ways to grow your crypto channel on our website. Earn money legally.
5. Unofficial Telegram Clients. Mass Hijacking.
I'll let you in on a secret: I recently had contact with a certain team and learned that hundreds of my accounts were already in their clutches. How does it work?
There are many unofficial Telegram clients: Backgam, Nicegram, Catogram, and dozens of others. They offer extra "features"—like the ability to add an unlimited number of accounts (the official client only allows three). These clients are popular among channel admins and traffic arbitrage specialists.
When you add your accounts to such a client, the software's developers generate a session file (as mentioned in the first scheme). Their control panels immediately show how many channels are created, whether crypto wallets are present, and their balances. You'll never even realize your account was hijacked—it happens the moment you simply open the messenger.
Take a look at how many unofficial clients are on your devices right now. I have over five, logged into channels worth tens of thousands of dollars. If the owners of such a client wanted to take over a channel, they could simply block access for half an hour and do whatever they needed. Two-factor authentication is useless here.
In Conclusion
Only a tiny fraction of cybercriminals make hundreds of thousands of dollars. It's much simpler, more profitable, and calmer to create and develop your own Telegram channel legally. The first step is promotion. One effective method is neuro-commenting—mass commenting on other Telegram channels using AI bots. Read more about this scheme at the link. Click here.
