[Challenge Submission] <Telegram Username Sale Phishing>

[0xweb3stranger]

Challenge Title:
Telegram Username Sale Phishing

Difficulty Level:

[ ] Beginner

[x] Intermediate

[ ] Advanced

Description / Scenario:
The victim receives a message from someone pretending to be a high-paying buyer: “I want to buy your @username for $4,000 on Fragment.” The scammer insists the user lists it without bids. After listing the username, the victim receives a fake Fragment notification or message, prompting them to “claim funds.”

The victim connects their wallet to the fake Fragment page and signs a malicious transaction — their wallet is drained.

Learning Objective:
Users will learn to spot Telegram-based username scams, verify the authenticity of platforms like Fragment, and avoid connecting wallets based on unsolicited DMs.

Phishing Technique Used:

Fake Fragment account delivering scam notifications

Deep-link phishing using fake TON-compatible wallet connect page

Approval bait or malicious smart contract signature

Social engineering via impersonation of high-paying buyer

🪙 Reward Wallet Address (USDT - ERC20 Polygon/Arbitrum)

0xc9e7e459d2bef4e6493a76543c7ed0de06dc6bac

---

✅ By submitting this challenge, I agree to open-source it under the project's license and allow the Unphishable team to modify or improve it for consistency.

[SunWeb3Sec]

This scenario looks good. We will follow up if this challenge is qualified.

[0xweb3stranger]

This scenario looks good. We will follow up if this challenge is qualified.

Ok sir

[SunWeb3Sec]

@0xweb3stranger you can start to develop this challenge. Thanks a lot!