My husband, Meilough, opened a ticket on discord with Aave. He explained his situation, and later that day, he was contacted by “Aave support” via voice call. I recorded the conversation given the numerous scams he has experienced by interacting with the Aave protocol, but since he opened the ticket only through the Aave “help/open ticket,” we thought the voice call from “Aave Support” might have been legit. After all, we thought, he didn’t go to a public group to get support, so only Aave mods/admins would know he even opened the ticket.
The conversation eventually lead to the caller asking him to interact with a website (web3auth-restore.org) which we found was malicious. The site requested him to input his seed phrase or key. Immediately, my husband knew what was going on, that the site was malicious. He didn’t take the bait. He has been getting these types of BS requests for over a year now from alleged “Aave support” personnel.
Side note- he has ONLY experienced this type of thing (misleading assistance from fake mods that result in seizure of his assets and hacking of his wallets) with Aave. He has assets staked in more than a few other platforms, including Polygon, Solana, Cosmos, Polkadot, etc. He has never had an issue with any of the other platforms. Only Aave.
Here’s my question: how did this person know that the ticket was opened in the first place? Aren’t tickets directed to Aave admins and/or mods? The caller had the ticket number! The guy wasn’t even a developer, per his own admission once we exposed him as a scammer.
So how does just anybody get access to our help tickets? That seems like it could pose a serious threat to the Aave community safety. Thank God my husband is able to see through the BS by now. It’s unfortunate that he lost tens of thousands dollars due to hacking by people from Aave’s Discord channel.
I don’t need to hear about how he should or shouldn’t have done this or that. It’s not about that. Refer to the question at hand: how does a non-Aave team member gain access to the content of a help ticket? Is this not a private channel between the user and an Aave mod? Can you imagine the potential impact of loss by users if everyone’s help tickets are exposed to hackers and other non-Aave personnel?? Please explain!
Is your husband part of the official AAVE Discord? It seems highly unlikely that the scammer would have access to his official ticket ID
Regarding this:
I joined Solana’s Telegram group and received 20 messages from scammers in less than a day. This has nothing to do with AAVE and applies to all crypto projects with any level of traction
(That’s why you should never respond to or pay attention to unsolicited messages from fake accounts)
Thanks for your input, but here’s why it’s unhelpful:
“Is your husband part of the official AAVE Discord? It seems highly unlikely that the scammer would have access to his official ticket ID.”
He is a member of the official Aave Discord. Also, the ticket ID CAN BE SEEN on Discord by unofficial Aave users via some add-in they’ve discovered, as told to me by a trusted admin through a ticket I opened about this issue. They’re looking into it to see what they can do about it. So, yes, as of current the ticket ID can be seen.
Regarding this:
“I joined Solana’s Telegram group and received 20 messages from scammers in less than a day. This has nothing to do with AAVE and applies to all crypto projects with any level of traction.”
I’m sorry to hear about your poor experience with the other platform, but it doesn’t relate to my husband’s experience. He never had to join telegram or discord to stake on the other platforms, because he made successful transactions directly through the UI and never had any issues in the process. The only reason he’s on Aave’s discord is because he’s always had issues staking here. That’s kind of the point I was trying to make.
And finally:
“That’s why you should never respond to or pay attention to unsolicited messages from fake account”
I specifically stated that I don’t need anyone’s advice as to what he should and shouldn’t have done, as it is irrelevant to the issue. He knows he shouldn’t have interacted with DMs. He’s known this for some time. The constant and continuous reminders are getting quite old and remain most non-beneficial.