I got scammed out of 1.4BTC \ stacker news ~lightning

pull down to refresh

16.6k sats \ 48 comments \ @LightningStruck 4 Sep lightning

TLDR: I got scammed out of 1.4BTC due to imposters and my own stupidity.

Background: I run the ANI.TRAMX4 node and have done so for about four years. Prior to that I had a node that ran for a couple of years but then had a hardware failure and I lost everything on that node (before good recovery processes existed). My node wasn't a great money maker but it made enough to be better than break even. I believe at one point it was in the top 100 on Terminal Web's ratings but I'm my node is no longer listed. I was active on LN+ both in swaps and pools and I would sell liquidity on Amboss Magma. And that last piece started the downfall of my node due to my stupidity.

Disclaimer: Amboss and it's admins (Jesse and AP) are not at fault at all. I thank them for what they provide. The only ones that are at fault are the scammers and myself.

How it started: I had created an offer to sell liquidity on Amboss Magma back in April and I had a few sales in July that were successfully completed and all was good. I got another sales notification on August 22nd or thereabouts but when I went to approve it Amboss failed with a 504. Basically, the CloudFlare middleware was timing out when submitting the invoice for the sale. I reached out to Amboss through their support contact page and I also reached out on the Amboss Telelgram channel. Jesse, one of the admins, responded almost immediately in the channel and started to help troubleshoot. Within about 10 minutes I was DM'd by "Jesse" and I assumed that it was the same person continuing to help troubleshoot off of the main channel. Well I will continue to refer to this individual as "Jesse" in quotes as I found out too late that they were an imposter. Same name and profile image. I had no reason to doubt at the time.

Where I went wrong: I continued to chat with this person off and on for about 9 hours. There were many times where I didn't quite understand what they were asking and it seemed that they didn't know enough about LND. But then they would ask for lightning/LND specific information and I thought that maybe I just was dealing with someone that had more intimate knowledge that it was above my head. There were also communication issues that I discounted as "Jesse" not being a native English speaker. During this time I was also reached out by "AP" and "Banof" which are other admins on the Amboss TG channel. They both confirmed that I should continue to work through my issue with "Jesse". I would find out later that those accounts were also imposters. In particular, "Banof" was acting like a human admin BUT it is actually a TG Bot (I found out later) used to boot people from a TG channel. At some point they said that I needed to connect my wallet to their system in order to authorize and initialize their analysis system. This was the largest red flag and I should have trusted my intuition and should have just shut down the conversation at that point. But I continued and eventually they sent me to a website (I will not post the link here) where I STUPIDLY input the wallet seedphrase for my LND wallet. It never seemed to work and always gave error messages. My guess is that is the goal and it just logs the inputs somewhere so the scammers can retrieve the seed phrase for later use. I continued to chat with "Jesse" for many hours after this and I was doing my own investigation into my node which seemed to be either out of resources or locked in some sort of bad state. It was not giving any errors in the logs but the Active HTLCs were not getting processed quickly. I decided to restart my entire node to see if that would do anything and I called it a night as I was extremely frustrated. The very next morning quite early "Jesse" reached out to me. Again, he was pressuring me to connect another wallet in order to validate my node's liquidity or something. They also asked for my Tor address (which should have been a flag as it is easy to look up) and the admin macaroon. I completely refused this request. After restarting my node the Active HTLCs seemed to have been processed and my node seemed to be running normally. I couldn't attempt to reproduce the Amboss Magma issue as I had rejected the sale the previous day. "Jesse" was still stating that my node was probably corrupt and that the Active HTLCs weren't actually processed. I was totally done dealing with this and I was just moving on with my life.

The Theft: During the morning while I was still chatting with "Jesse" they stole 2.5M Sats from my onchain wallet but I didn't receive any notifications as they did it via an "external" wallet using the seed phrase that I had stupidly provided. During the evening of August 24th, the scammers stole another 1.37 BTC and again I didn't get any notifications. This completely wiped out my onchain wallet. I know it was probably dumb to keep that much in a hot wallet but I never saw a threat as I was, prior to this interaction, very cautious with my node.

The Realization: My node was behaving properly and routing payments so I had no idea that anything was wrong. I went to participate in a liquidity swap on LN+ and I couldn't open a channel. I kept getting errors that I had to choose a channel size of zero or less. I checked my wallet balance and it was zero. At this point I started to freak out and I looked at my onchain transactions which showed the two transactions that emptied my wallet the day before. My reaction was to immediately reach out to "Jesse", "AP", and "Banof" and ask them what happened. They denied that there was any way that any of them would have had access to get any funds from my wallet. "Jesse" blamed something they called "bug inflation" that would have caused this and suggested that I start closing my channels so that we can determine the root cause (they did not communicate this as succinctly or as clearly as I have just written). I had so many red flags flying all over. There was a since of urgency to get this resolved when it was actually my issue. They also said that they would attempt to get a reimbursement but they couldn't do that until the "bug inflation" was resolved.

My Action: I still had about 55 open channels that were still working correctly but I no longer trusted my onchain wallet and anyone that has run an LND node for any amount of time knows that channels close now and then whether cooperatively or not. I didn't want a channel to close and the funds hit my onchain wallet while I wasn't aware and then the scammers had the opportunity to steal those as well. So I started the long and tedious task of closing channels on my node and sending the balance to a wallet that is not associated with anything else. This worked great for cooperatively closed channels as LND provides a way to immediately redirect the closing balance to a Bitcoin address. For the handful of force-closed channels I had to wait for funds to clear the time lock. I monitored this intently and as soon as the funds were available I sent them off to my other wallet. This saved me more funds than I lost even at the expenses related to closing channels. As I was closing my channels, the scammers kept messaging me. My guess is that they were trying to get more out of me. I put all three of them into the same messaging group. Shortly afterwards, the "Jesse" account became a deleted account. When I asked the "AP" account about this they said that it was a glitch and that "Jesse" would be back shortly. This is when I reached out to the real Jesse and he confirmed that I was chatting with imposters. I did the same confirmation with the real AP. And this is also when I made the realization that the real Banof was a Telegram bot and therefore shouldn't have been chatting with me at all. Where I could I informed people of the reason for closing the channels as some of the channels had obligations in regards to providing liquidity for a set time period. I'm extremely heartened by the community and the support for my predicament even though it was caused mostly by my stupidity. I will be keeping my now empty node running for some time just so I can utilize it for testing things. I may turn it into a watchtower so that it is some use to the world. I won't be creating a new routing node anytime soon. I'm not certain if I'll reach out to authorities as I don't think they would have much to investigate.

Lessons Learned (The REALLY Hard Way):

Never trust any DMs in regards to Bitcoin/LND on any communications platforms.
You can confirm someone is not an imposter in Telegram by messaging the real person.
NEVER EVER relinquish your seed phrase
Trust your gut

Silver Lining: In doing research around LND and recovery I thought of the old node that I had that had a hardware failure. I was able to find the information that I used to initialize it way back in the day and I have been restoring it. It had some Sats still in it's onchain wallet. I'm going to recover those as a consolation prize.

Thanks for reading my story and I hope that you learn from it as an example of what not to do.

view all related items

858 sats \ 6 replies \ @mega_dreamer 4 Sep

So sorry for your loss. I hope there was a life long learning from this incident.

I faced similar scam attempts when I contacted the LNBits telegram group for some technical issues. Someone pretended to be Ben Arc and called me directly on telegram. Within seconds he started to ask me questions about seed/mnemonic, certs. I immediately realized it was not Ben Arc as I had heard his voice on the youtube videos. - I got lucky, not everyone does. This was a very recent incident around two months ago.

After that incident - I've completely stopped using telegram. Since that day, I came to a realization that Telegram is the worst channel to run the support of any bitcoin related business or services.

We need to create an awareness campaign to inform the bitcoin community to stop using Telegram altogether for any support related issues. This movement must be initiated from the founders of Bitcoin business/apps/services. I'm not good at running such campaigns or movement. My social IQ is 40.

I'm hoping someone with enough charisma and grit comes along and start the awareness campaign to STOP USING TELEGRAM FOR SUPPORT

I also hope Jesse Shrader moves the support of Amboss/Magma to some other channel.

Nothing good ever happens at Telegram.

141 sats \ 0 replies \ @NovaRift 4 Sep

This! As a newbie myself i trusted Telegram a lot until, on Reddit, I found posts with screenshots of scammers and how they pretend to be mentors, developers, educators and scam you. I still have my account but left a lot of channels I was joined into just glad that i never responded to those personal messages. It's a scammer's cesspool now

51 sats \ 1 reply \ @DarthCoin 4 Sep

dumb people that fall for the TG scams are the problem not the TG itself. If you have a little more brain cells you will never fall for these pathetic scams.

But yeah it's easier to blame the software than human stupidity. Read more: The Basic Laws of Human stupidity

100 sats \ 0 replies \ @mega_dreamer 4 Sep

Dumb and Naive are not the same.

It's easier to scam someone with high IQ as the social engineering techniques and outcomes are more predictable.

Dumb people are more difficult to scam as their behavior is less predictable.

51 sats \ 1 reply \ @LightningStruck OP 4 Sep

I will be an advocate for removing support off of TG. I know not every business can easily do that especially with the decentralized and global nature of the services like Amboss.

0 sats \ 0 replies \ @mega_dreamer 4 Sep

Go for it! Godspeed. Happy to contribute and help in any way I can.

51 sats \ 0 replies \ @Solomonsatoshi 4 Sep

Tox is good. Unfortunately my social IQ is also minimal.

289 sats \ 2 replies \ @freetx 4 Sep

Thank you for the write up. Its good that we document these things to help others in the future. It can be very hard to admit these things because its easy to feel embarrassed by what happened.

Adding my own story of caution. In 2021, changelly service "scammed" me out of .33 BTC. At the time that was about $9000, now its much more obviously.

A client had paid me in WBTC (he had ETH or something and didn't have Bitcoin, so he offered to pay in WBTC which I accepted). Obviously I wanted BTC, so I googled WBTC->BTC services and changelly came up.

I did a small test transaction and everything worked fine. So I sent the balance of .33 and got hit with the "We have detected a suspicious transaction" message that changelly does....

They wanted my KYC info which I initially provided (I feel stupid for doing it, I should've walked away there, but I unthinkingly assumed it was just a procedure). After the KYC info they then requested more info....they said that the "background check of my KYC info raised redflags" - at that point I started googling and saw this is a common tactic that changelly does....they require ever increasing and impossible to provide hurdles for you to jump thru.

The real comedy of changelly is that they claim they are doing this to "abide with modern KYC requirements" but they themselves are under no such jurisdiction. Changelly is some eastern european scammers - whose ownership is very opaque with no public info about them. They are registered in an ever changing set of carribean islands. That is they pretend like "we have to require this info because of regulations", but in point of fact they are under no regulatory oversight -- afterall the conversion of WBTC-BTC is just happening on a cloud server someplace. There is nothing touching regulated financial markets.

I no doubt assume that they have sold my KYC info to others in their scammer network, but overall lesson learned.

21 sats \ 1 reply \ @test13 4 Sep

God. Yeah your information are useful to them for the next scam techniques or ideas

16 sats \ 0 replies \ @freetx 4 Sep

Yes, more than the loss of money I regret giving them my KYC.

21 sats \ 3 replies \ @SwapMarket 4 Sep

I can't believe you fell for this old "connect your wallet to our system" scam. They run this scenario in ALL telegram channels and always speak bad English.

The only way to talk to real admins is to pick their names from the channel's member list:

11 sats \ 1 reply \ @LightningStruck OP 4 Sep

I believe I said I was stupid multiple times in the post. I also never encountered this scam personally or knew anyone that had been hit by this as far as I recall. As someone who as a relative novice to TG I didn't think of doing that at the time. I did do this when I confirmed the real versus imposter later. Hopefully by spreading my story people will learn the easy way and not the hard way like I did. I'm also hoping to convince companies not to use TG (or any similar chat apps) as a support mechanism without having easy ways for a noob to confirm who they are talking to.

0 sats \ 0 replies \ @SwapMarket 4 Sep

Yes, you did. Sorry for your loss. 100% of DM's in Telegram are scams. We use SimpleX chat for our support.

0 sats \ 0 replies \ @Bell_curve 5 Sep

OP already feels embarrassed and ashamed, no need to rub it it and kick while he is down, Mr Tabula Rasa

45 sats \ 0 replies \ @justin_shocknet 4 Sep

Brutal. I hope the consolation wallet makes a dent.

Thanks for raising awareness.

210 sats \ 0 replies \ @cryotosensei 4 Sep

In the heat of the moment, you couldn’t have known better. Thanks for sharing your painful experience with us. I hope writing this was at least somewhat therapeutic

57 sats \ 1 reply \ @brave 4 Sep

What a tough lesson, and thank you for sharing it to protect others in the community. Those imposters were incredibly deceptive, but your story highlights how important it is to verify identities before engaging in DMs

49 sats \ 0 replies \ @LightningStruck OP 4 Sep

Absolutely!

100 sats \ 0 replies \ @Andreasgriffin 5 Sep

That's why Bitcoin-Safe.org is hardware signers only https://bitcoin-safe.org/en/knowledge/hardware-signer-only/

That much money should not be on a hot wallet

100 sats \ 0 replies \ @Bell_curve 5 Sep

I use userinfobot on Telegram to check someone's identity and username

I also purchased Telegram premium to cut off spam and DM's

100 sats \ 0 replies \ @anon 4 Sep

This is appalling! It’s disgusting how those scammers still manage to extract such a significant amount of Bitcoin from Bitcoiners… probably the reason why there are still so many scammers out there. It’s still effective.

This is another sign for me as a node runner to stay cautious.

100 sats \ 0 replies \ @BlokchainB 4 Sep

Man this burns my blood! I am too a victim of a telegram scam and the only reason I downloaded telegram was to get assistance with bitcoin tech and software. It sucks to read this and see how projects and software used this shit of a platform that allows its users to be scammed!!!

Telegram is the worst!!

Thanks for sharing and know you aren’t alone in getting scammed on telegram!

Please have mercy on yourself getting scammed like this really does suck but you focus on what’s important you will be fine.

100 sats \ 0 replies \ @realBitcoinDog 4 Sep

Thanks for sharing! Someone was impersonating @BtcPins on telegram but I believed them and before I sent them bitcoin to help out and I said I have to check with my wife and they pressured me and were teasing me like why do I have to check with my wife?

That’s when I knew the real @BtcPins wouldn’t disrespect my wife like that 🫡

Everyone on Xbox live tho… but really that’s my mom LOL

10 sats \ 3 replies \ @DarthCoin 4 Sep

My node wasn't a great money maker but it made enough to be better than break even.

LOL the old stupid story. In 4 years running that node you learned nothing.

0 sats \ 1 reply \ @LightningStruck OP 4 Sep

I do probably deserve what I got and I did say I was stupid throughout my post. I guess I should have said I was willfully ignorant as I went against my gut intuition.

You only learn when someone teaches about something or you encounter a situation where you have to teach yourself. I never learned about such tactics used by scammers before it happened to me. Therefore I learned through experience. I'm hoping that my story can help those learn via my experience without having to have similar experiences.

You may not have any empathy towards me or my situation but I can say that I have seen a lot of it in the community and I'm thankful that such a community exists.

I don't know how LN/Bitcoin will become more mainstream if we can't help those that don't know better. If I can get scammed then how are we going to keep young people, the elderly, and those not inclined to technology safe when there is a more widespread adoption. But maybe you don't care about that either.

0 sats \ 0 replies \ @DarthCoin 4 Sep

It was your fault to get scammed and partially because you didn't read more documentation and guides like I wrote for several years. Your focus was to "make money with the node" not to learn how to run it properly.

https://darth-coin.github.io/nodes/nodes-en.html

In 4 years running a node you will learn how NOT to be scammed, but you still ignored and continue doing mistakes. Only weak get scammed. And Bitcoin is not for the weak... only for the brave.

I have no empathy for stupid people.

0 sats \ 0 replies \ @Solomonsatoshi 4 Sep

You have Never made a mistake have you @DarthCoin?

Silence.

Must running node be based upon altruism?

Silence.

0 sats \ 0 replies \ @1d1de8f661 7 Sep

Many ppl fals for it. Ubfortunly.

0 sats \ 0 replies \ @anon 7 Sep

I’m sorry this happened to you. It still baffles my why people use telegram and why support is often handled on telegram.

I fell for this too but was made aware that these imposters exist. It was a bizarre, luckily benign, experience.

0 sats \ 0 replies \ @anon 6 Sep

India needs to burn

0 sats \ 2 replies \ @anon 4 Sep

This is an interesting topic and i am glad to have the experience just as every other person here. One other thing i am happy about today was being able to recover my lost fund which some skammers stole from me in an investment scheme. They made me register some unreal trading app through which they kept making me pay more and more before i could withdraw. well Thanks to CRS intelligence for coming to my help after i met them through one of my friends which was their employee, they helped me get all my lost recovered, i really didn't believe it until they finished. I am so happy about it so i will like to share them incase anyone here is in the same situation i was some months ago, they are on Watsap: +1 (360) 831-8690 Emeil: coinreclaimservice@gmail.com and their website is www.crsintell.com tell them meldrid J referred you.

100 sats \ 1 reply \ @Scroogey 4 Sep

It's Meldrid J, the contemptible recovery scammer!

0 sats \ 0 replies \ @LightningStruck OP 5 Sep

Yeah, at this point I'm assuming almost everyone offering help is a scam. They can go bark up a different tree.

0 sats \ 0 replies \ @rootmachine 4 Sep

OMG. I feel so bad for you and your loss. I hope somehow you get your heart back up. I hope karma will work it's way in your favor!

0 sats \ 0 replies \ @GreaterthanFiction 4 Sep

Reading your story was a hit in the gut- sorry this happened to you but appreciate you sharing this to help others be wary.

0 sats \ 0 replies \ @carter 4 Sep

brutal

0 sats \ 0 replies \ @Scoresby 4 Sep

Wow, this is a tough story. I'm sorry to hear about it. I've definitely been in situations where I was trying to get help with someone in bitcoin land and ended up talking with scammers. This can happen on most platforms but it's really bad on telegram. Just the worst for support.

0 sats \ 0 replies \ @test13 4 Sep

God . Scammers everywhere and need to be careful anyways . Leaned about offline wallets these days and I bet a great option to avoid these issues

0 sats \ 0 replies \ @Kayzone 4 Sep

So sorry for this, is indeed a sad story.

0 sats \ 0 replies \ @NovaRift 4 Sep

So sorry :( this was very huge.

0 sats \ 0 replies \ @anon 4 Sep

Damn. That's rough :(

0 sats \ 0 replies \ @nikotsla 4 Sep

Thank you for sharing :(

0 sats \ 0 replies \ @nullcount 4 Sep

Telegram is designed to be a honeypot for scammers.

IMO, any company who conduct business on Telegram are committing gross negligence when their customers get scammed.

0 sats \ 2 replies \ @south_korea_ln 4 Sep

Thanks for the write-up.

I hope it does not affect you too much in the long run.

0 sats \ 1 reply \ @LightningStruck OP 4 Sep

I will be fine but thanks for the concern. This community is great.

0 sats \ 0 replies \ @south_korea_ln 4 Sep

I ran a rather successful routing node too, at some point, it was top50 when I closed it. I had hardware and software problems, hitting all at once. But as you say, luckily, the community is great; Nitesh and others spent hours helping me recover locked funds.

I'm not certain if I'll reach out to authorities as I don't think they would have much to investigate.

Imagine explaining lightning liquidity to your local cop~~

0 sats \ 1 reply \ @hasherstacker 4 Sep

Sorry for the lost sats. I can imagine how frustrating that could be.

Lessons Learned (The REALLY Hard Way):

Never trust any DMs in regards to Bitcoin/LND on any communications platforms.
You can confirm someone is not an imposter in Telegram by messaging the real person.
NEVER EVER relinquish your seed phrase
Trust your gut

Lessons learned indeed

0 sats \ 0 replies \ @LightningStruck OP 4 Sep

I had always heard the first one but then I didn't follow it myself. Everything looked too good.