Protect against phishing

Recently there has been at least one occurrence of a phishing attack on a Crown Discord community member. The user asked for help and received a reply from someone impersonating a “team member”. The fake team member asked the user to use the dumpwallet command and share the output with them.

WARNING: Do NOT, ever, under any circumstances share a dumpwallet output with anyone, for any reason.

It is impossible to overstress the importance of the above warning. Anyone who has the dumpwallet output has all your private and public keys and all of your funds belong to them. Do NOT, ever, under any circumstances share a dumpwallet output with anyone, for any reason.

It is trivially easy on Discord (and Telegram) to impersonate another member. Scammers monitor coin channels, identify “team members” and create accounts with identical-looking handles. Then they wait for an unsuspecting victim to ask for help with a problem and reply from the “fake” account. The reply will often be as a Direct Message so as to not be seen by the rest of the community who might raise the alarm. The scammer will ask the victim to run the dumpwallet command and send them the output.

Do NOT, ever, under any circumstances share a dumpwallet output with anyone, for any reason.

Discord account names consist of 2 parts: a text string which is always displayed (eg: Lezlaig), and a disambiguation 4-digit number (eg: 5952).

Always check the full account id of anyone before deciding whether to trust whether they are who they claim to be. You can do this by left-clicking on the handle. A pop-up appears with the full account name and the assigned roles for this account. For example

These are the full account names for the “team members” most often seen in Discord as of April 19th, 2019, and most likely to respond to requests for technical assistance.

None of these “team members” will ever ask you to share a dumpwallet output with them. Not in public channels, not in direct messages, not in email nor any other way. There is never any reason anyone would need your private keys except to steal your funds.

Do NOT, ever, under any circumstances share a dumpwallet output with anyone, for any reason.

If anyone asks you to you can be sure they are a scammer. Post details of the incident in the #general channel to warn other users and remember:

Do NOT, ever, under any circumstances share a dumpwallet output with anyone, for any reason.