By: Louise Beattie
This is a difficult story to share. As someone who is technically aware and, I thought, extremely careful, I knew all the cardinal rules of crypto security. I knew what not to do.
But I’m sharing this factual, step-by-step account of how I lost my entire TAO holdings, over $100,000 of my retirement savings, to prove that this can happen to anyone.
Sometimes, life happens. You get distracted, you’re in an unfamiliar environment, and for a single moment, your guard drops. In that moment, all the rules you know are forgotten. My hope is that a strategic breakdown of this event will raise awareness and help someone else avoid this devastating mistake.
It all began with a minor, relatable problem: a technical glitch.
A Simple Glitch
For several days, my portfolio holdings had been showing incorrectly in the official Tao.app. This was a known issue; I later discovered other users in the support Discord had been reporting the same problem for over a month.
Therefore, I did what many users would do: I went to the official Bittensor Discord server to ask for help in the # help channel on Monday, September 1st.
But, in an unfamiliar environment like Discord, I was vulnerable. Almost immediately, a reply appeared telling me to open a support ticket by clicking a button. I did, and a support ticket app opened. I didn’t realize it at the time, but I later discovered that this initial reply from the scammer, the one in the public channel, was deleted just moments after I clicked it.
To be clear, this wasn’t a poorly coded, fake app. It was ‘Tickets v2,’ a known and common Discord support bot used by many legitimate servers. The scammer was simply a bad actor using an official tool to create a powerful and false sense of security.
My unfamiliarity with Discord was another key vulnerability. I didn’t know to look for official tags after a server member’s name, the very thing that would have identified the “support agent” as a fake. While this information is often buried in ‘announcement’ channels, it’s unrealistic to expect a user to read through a long history in a busy server just to find a single security warning. Of course, I know to look for this now.
Believing I was in a private, secure support channel (and speaking to a real agent using a legitimate app), I followed the “support agent’s” instructions. They had me do the usual things like clearing my browser cache. Then, they said I needed to resync my wallet.
However, their “solution” was the core of the scam. They sent me to a link: https://bittensor-walletdapp.pages[.]dev. I was on my isolated crypto phone, within the Dapps section of my Nova Wallet, and the interface that loaded looked familiar, like other web3 apps.
I proceeded. I clicked my wallet type, and a pop-up appeared: “starting secure connection…”.
But this was a manufactured problem. The connection, by design, failed. A new pop-up appeared: “An error occurred… please try again or connect manually”. The “support agent” in the fake ticket chat told me this was not unusual. This, right here, was the critical moment.
Believing I was in an official support channel, solving a known bug, and being guided by a “manual” but necessary fix, I was presented with a screen to “Enter your 12 or 24 Mnemonic words”. This should have been a massive red flag, but in the context of the “secure session” and the “manual connection,” I missed it.
But as soon as I entered my seed phrase, it was over. The scammer engaged in delaying tactics, “let me look into this”, while they cleaned out my wallet. I was also personally distracted; my elderly dog, on her 15th birthday, became unwell, pulling my attention away at the critical moment.
Afterwards, the fake “support ticket” channel vanished from my Discord sidebar. The rest is history.
A Strategic Analysis of the Attack
This was not a simple, “give me your keys” scam. It was a sophisticated, multi-stage attack that exploited trust, technology, and social engineering.
Here is the framework they used:
- Exploit a Real Problem: The scammers monitored the #help channel for real, verifiable issues like the wallet display bug. This made their initial contact seem credible.
- Impersonate Authority & Isolate: By using a legitimate, third-party support bot (‘Tickets v2’), the scammer instantly moved me from a public, community-policed channel into a private, one-on-one “support ticket.” This tactic isolated me and gave them complete control of the environment, making it feel like an official and secure interaction.
- Manufacture a “Broken” Solution: The phishing website (bittensor-walletdapp.pages[.]dev) was the masterstroke. It didn’t just ask for my seed phrase. It first faked a “secure connection”, then faked an error, to make the “manual connect”, and the request for my seed phrase, seem like a logical, if unusual, last resort.
- Leverage Social Proof: The phishing site looked professional because it appeared to be an official Bittensor developer site, not a page a retail investor like myself would normally visit. This added to the confusion. From this “official” looking dev site, they had me click a menu link to a connection page that featured logos for all the major wallets (Ledger, Polkadot, Metamask, etc.). This mix of official-but-unfamiliar branding and familiar wallet logos created a powerful, disorienting sense of legitimacy.
- Use Distraction & Delay: The “support agent” kept me occupied with conversation while the crypto drainer scripts emptied my accounts. My real-world distraction with my unwell dog was an unfortunate coincidence that only amplified their technique.
The Aftermath and Lessons
The blockchain transactions are, of course, irreversible. The funds I had invested, 397.288 TAO (all in dTAO that had been at a max value of 673.60 TAO), were stolen from my wallet and immediately moved through a complex trail of wallets, ending up at multiple exchanges, including Binance, Kraken, Mexc and Gate.
What I have done since is to focus on reporting and rebuilding:
- Reported: I filed a report with the police, which has been elevated to the Scottish Cyber Crime Unit. I also reported the incident to the FBI, the exchanges that received the funds, and the developers of the Tickets v2 bot.
- Rebuild: I have completely wiped my crypto-only phone, set up new wallets, and have now purchased and am using a Ledger hardware wallet.
This experience is a brutal, expensive lesson in operational security. Every red flag I missed, the suspicious URL, the request for a seed phrase, the sense of urgency, is painfully clear in hindsight.
My insight for you is this:
Scammers no longer just ask for your keys. They build elaborate, professional-looking systems to make you want to give them your keys to solve a problem they created.
My guard was down for a moment. That’s all it took.
I knew all the rules, but in that moment, distracted by a real-world event and trying to solve a frustrating technical problem, that knowledge didn’t matter.
This is the real insight I want to share:
No matter how careful you think you are, you are human. This can happen to anyone.
I hope this story provides a different kind of lesson, one that goes beyond just “be careful” and shows exactly how a careful person can be caught.
Be the first to comment