RESTRICTED ACCESS

LIVE SECURITY
TESTING

CrypGuard Genesis — Threat Detection Validation Suite

Copy any scenario below, paste it into a Discord channel protected by CrypGuard, and watch the detection system respond in real time.

🖥 Best experienced on desktop
crypguard-scanner v2.6

TEST PROTOCOL

01
Use a non-staff account

CrypGuard doesn’t flag your trusted staff. Test with a regular member account that has no moderation permissions.

02
Post in a text channel

Paste the test message in any text channel where CrypGuard is active.

03
Wait 2–3 seconds

Detection is near-instant, but give it a moment to process and display the alert.

04
Check two places

Public alert in the channel + detailed admin report in #crypguard-alerts.

ALERTS โ€” SEE THEM IN ACTION

CLICK TO EXPAND
๐Ÿ“ข PUBLIC ALERTS โ€” WHAT YOUR SERVER SEES

Real screenshots from a live detection. Left: what every member in the channel sees the moment a scammer is caught. Right: what appears when a member clicks โšก REVEAL FULL ANALYSIS โ€” private to the clicker only.

Public channel alert โ€” CrypGuard flags the scammer in real time
๐Ÿ”ด Public alert โ€” visible to everyone in the channel
Reveal Full Analysis โ€” private forensic breakdown visible only to the clicker
โšก Reveal Full Analysis โ€” private to the clicker, full scam breakdown

Every detection fires two alerts simultaneously — a public warning in the channel where the threat appeared, and a private intelligence report in #crypguard-alerts for your admin team only.

๐Ÿ”ด CRITICAL
BAN RECOMMENDED
Confirmed threat with overwhelming evidence. Use the Jump to Message link to verify, then act. CrypGuard is highly confident in this verdict.
Public: ๐Ÿ”ด Red warning + scammer taunt message
๐ŸŸ  HIGH
MUTE + REVIEW
Strong evidence of a threat. Mute the user to prevent further damage, then use Jump to Message to verify. Both action paths are available to your team.
Public: ๐Ÿ”ด Red warning + scammer taunt message
๐ŸŸก MEDIUM
MONITOR CLOSELY
Suspicious activity that warrants attention. Review the evidence carefully before taking action — the admin report gives you full context and action options.
Public: ๐ŸŸก Yellow caution โ€” no taunt, calm footer
๐Ÿ”ต LOW
ADMIN ONLY — REVIEW
Low-level activity flagged for admin review only. Your community sees nothing — the alert goes to your team privately. Use Jump to Message to review, then dismiss if it checks out.
Public: โŒ No public alert โ€” admin eyes only
WHAT’S IN THE ADMIN REPORT (#crypguard-alerts)
👤 Actor Identity
Who triggered the alert — with a direct @mention so you can act immediately.
📅 Account Context
Relevant background information about the flagged user.
⚡ Threat Assessment
What was detected, why it’s dangerous, and clear recommended next steps for your team.
📋 Evidence & Actions
A direct Jump to Message link and one-click action buttons to respond instantly.
๐Ÿ’ก Always your call: Every alert includes a dismiss option so you can clear false positives instantly. CrypGuard never makes moderation decisions for you โ€” it flags, you decide. The system is designed to give your team the full picture without overstepping.
๐Ÿ”’ ADMIN ALERTS โ€” WHAT YOUR TEAM SEES IN #crypguard-alerts

Each tier produces a different forensic report. Private to your staff only โ€” never visible to the server.

CRITICAL admin forensic report โ€” BAN RECOMMENDED
๐Ÿ”ด CRITICAL ยท BAN RECOMMENDED
HIGH admin forensic report โ€” MUTE + REVIEW
๐ŸŸ  HIGH ยท MUTE + REVIEW
MEDIUM admin forensic report โ€” MONITOR CLOSELY
๐ŸŸก MEDIUM ยท MONITOR CLOSELY
LOW confidence sends no public alert โ€” admin report routes to your team only.
01

Simple Scams

The most common threats targeting crypto servers. Start here — these are what CrypGuard catches every day.

3 SCENARIOS
#1 Free Nitro Giveaway SCAM 
🎉 DISCORD NITRO GIVEAWAY! 🎉

Free 1-year Nitro for the first 100 people!

Click here to claim: discord-nitro-free.com

Hurry before it expires! ⏰
The oldest trick in the book — and still the most common. Fake Nitro giveaways flood crypto servers daily because they work. The link leads to a credential harvester that steals your Discord login. Discord never gives away Nitro through random server messages.
Expected: Detected — Fake Gift / Phishing Link
#2 Crypto Airdrop SCAM 
🪂 MASSIVE AIRDROP ALERT!

Claim 500 USDT instantly! No conditions!

Visit: crypto-airdrop-official.site/claim

Limited to first 1000 wallets! GO NOW! 🚀
No legitimate project gives away free money with “no conditions” to anonymous users. The urgency and too-good-to-be-true amount are designed to override your judgement. The claim link connects your wallet to a drainer contract.
Expected: Detected — Fake Airdrop / Phishing
#3 Fake Partnership Offer SCAM 
Hey! 👋

We're launching a new NFT project and want to partner with your community.

Can the server owner DM me? We're offering 10% revenue share for all mints.

Limited partnerships available!
This is social engineering — the scammer doesn't want a partnership, they want a DM with the server owner. Once in DMs, they'll push a phishing link, a “collab tool” download, or a fake minting site. The vague offer and urgency are the bait.
Expected: Detected — Social Engineering / Fake Partnership
02

Advanced Impersonation

Attackers posing as Discord staff with malicious file downloads. These use fear and urgency to pressure victims.

2 SCENARIOS
#4 Discord Trust & Safety (.exe) IMPERSONATION 
Discord Trust & Safety Team

Your server has been flagged for potential ToS violations related to financial content.

To avoid suspension, please:
1. Download the compliance form: discord.gg/files/compliance-form-2026.exe
2. Fill out all fields
3. Upload via this secure portal: discord-safety-verify.com

You have 48 hours to comply. Server ID: 1454418597853003992

Ticket Reference: TS-2026-849273
Discord's real Trust & Safety team will never DM you, never ask you to download a file, and never threaten server suspension over a message. The .exe file is malware. This attack is extremely effective because it weaponises fear of losing your server.
Expected: Detected — Impersonation / Executable Malware
#5 Security Patch (.scr) IMPERSONATION 
🔒 Discord Security Update Required

A critical vulnerability (CVE-2026-8472) affects servers with 100+ members.

Action Required:
1. Download verification tool: discord-cdn.secure/verify-tool.scr
2. Run the tool to patch your server
3. Enter your 2FA backup codes when prompted

Failure to patch within 24 hours will result in:
- Server quarantine
- Loss of partner status
- Potential data breach

Official announcement: discord.com/blog/security-patch-feb-2026
A .scr file is a Windows screensaver — but it's also a fully executable program that runs the moment you open it. Attackers use .scr because most people don't recognise it as dangerous. The fake CVE number and official-sounding language are designed to create panic.
Expected: Detected — Impersonation / Credential Theft
03

Sophisticated Attacks

Real-world advanced threats that mimic trusted brands, exploit visual tricks, and target developers. These go far beyond simple scam messages.

9 SCENARIOS
#6 Pig Butchering Investment INVESTMENT SCAM 
Hey everyone, just wanted to share something that changed my life.

About 8 months ago I was struggling financially. A friend introduced me to a small group focused on institutional DeFi allocations - we get early access to projects before they hit Uniswap.

Last 4 projects: 8.2x, 12x, 3.4x, 19x. I'm not trying to flex, just grateful.

The group is invite-only because we have relationships with VCs who give us seed pricing. We're capped at 50 people to maintain allocation size.

One spot just opened up. If anyone's serious about generational wealth and can commit $5k minimum, I'm happy to intro you. This community helped me when I was down, so paying it forward.

No pressure. Just wanted to share what's working for me. DM if interested.
“Pig butchering” is the industry name for this attack. The scammer builds trust slowly, shows fake profits, and waits until you invest real money before disappearing. The casual tone, humble brag, and “DM if interested” are all part of the script. Billions lost globally in 2024 alone.
Expected: Detected — Investment Scam / Pig Butchering
#7 Fake Audit Company BRAND SPOOF 
CertiК Security Audit Team

We've completed our analysis of your NFT smart contract (0x7f2c...8a9d).

CRITICAL VULNERABILITIES FOUND:
• Reentrancy attack vector (Severity: HIGH)
• Integer overflow in mint function (Severity: CRITICAL)
• Unauthorized admin access (Severity: CRITICAL)

Immediate action required to prevent exploit before launch.

Emergency patch available: certik-audit.com/emergency-patch

Upload your contract's private key for automated remediation.

Time-sensitive: Exploits detected by 3 other actors. Estimated 6-12 hours before public disclosure.

Contact: audit@сеrtik.com
The brand name and email in this message are not what they appear to be. Can you spot the difference?
Expected: Detected — Brand Impersonation / Credential Theft
#8 MetaMask Phishing FAKE DOMAIN 
MetaMask Security Alert

We've detected multiple unauthorized signing requests from your wallet:

0x4f2...89c (your address)

Suspicious activity:
• 3 approve() calls to unknown contracts
• 2 transferFrom() attempts
• 1 setApprovalForAll() to 0xdead...beef

Your wallet may be compromised by a malicious dApp.

Immediate revoke required: xn--metamsk-8va.com/revoke-permissions

This will:
✔ Cancel all pending approvals
✔ Block malicious contracts
✔ Secure your assets

If you don't recognize these transactions, revoke within 2 hours.

After 2 hours, we cannot guarantee asset security.
The link in this message looks like MetaMask's real website, but it isn't. Look closely at the domain.
Expected: Detected — Phishing / Wallet Drainer
#9 ETH Validator Scam INVESTMENT SCAM 
Ethereum Foundation - Validator Program

Congratulations! Your application for the institutional staking program has been approved.

Program details:
• Minimum stake: 32 ETH per validator
• Expected APY: 4.2% + MEV rewards (est. 1.8%)
• Lock period: None (withdraw anytime)
• Setup fee: 0.5 ETH (one-time, covers infrastructure)

Your validator slot: EF-VAL-2026-8473

Next steps:
1. Send 32.5 ETH to validator deposit address (DM for address)
2. We provision your validator node (2-4 hours)
3. You receive validator keys + dashboard access
4. Staking rewards start within 24 hours

This is not a pool - you control your validator keys. We just provide enterprise infrastructure.

Slots are limited to 100 validators this quarter. 23 slots remaining.

DM me within 48 hours to confirm your slot or it will be released.

Questions? Check our validator FAQ: ethereum.org/en/staking/solo
This impersonates the Ethereum Foundation with a fake validator program. The realistic APY numbers, slot IDs, and FAQ link to the real ethereum.org are designed to build credibility. The “send 32.5 ETH” is the theft — there are no validator keys coming back.
Expected: Detected — Impersonation / Investment Scam
#10 GitHub Malware Tool MALWARE 
Hey devs! 👨‍💻

I built a Solidity gas optimizer that's been saving me thousands on deployments.

It uses LLVM passes to optimize bytecode - been getting 30-40% gas savings on average.

100% open source: github.com/eth-tools/solidity-optimizer

Just run:
npm install -g solidity-gas-optimizer
solopt optimize ./contracts

It outputs optimized .sol files + a gas report.

No wallet connection, no network calls - purely local bytecode transformation.

Let me know if you see the same savings! Would love feedback before I submit this to Solidity devs.

⭐ the repo if it helps!
This looks like a helpful open-source tool, but the package is designed to compromise developer machines.
Expected: Detected — Developer Tool Malware
#11 Fake Binance Alert BRAND SPOOF 
Hey everyone! Binаnce just announced emergency maintenance.

You need to re-verify your wallet within 24 hours or your funds will be locked: binаnce-verify.com/emergency

This is legit - check their official Twitter! ✔
The "Binance" name in this message is not spelled the way you think. The difference is invisible to the naked eye.
Expected: Detected — Brand Impersonation / Phishing
#12 Fake OpenSea Alert BRAND SPOOF 
𝐎𝐩𝐞𝐧𝐒𝐞𝐚 𝐓𝐞𝐚𝐦 here 👋

We noticed some unusual activity on your account. Please sign this transaction to verify ownership:

opensқa-security.eth/verify

Valid for 2 hours only. Thanks!
Both the "OpenSea Team" text and the domain are crafted to look authentic but are completely fake. Look closely.
Expected: Detected — Brand Impersonation / Fake Domain
#13 Crypto Recovery Specialist RECOVERY FRAUD 
Hey, I saw your post about losing crypto to a scam. I'm really sorry โ€” I know how devastating that is.

I specialize in blockchain forensics and fund recovery. Over the past 18 months I've worked with 200+ victims and recovered over $4.2M total.

I can trace your funds using on-chain analysis tools. In most cases the assets haven't moved to an exchange yet โ€” there's usually a narrow window before they become unrecoverable.

How I work: I charge 15% of whatever we recover. No recovery, no fee. Zero upfront cost.

I've helped people in exactly your situation recover from wallet drainers and investment scams. If you want I can run a free trace on your wallet address right now and tell you if your funds are still reachable.

DM me your wallet address and the approximate amount lost. Time really matters here โ€” the longer we wait, the harder it gets.
Recovery scams target people who already lost crypto — exploiting desperation with false hope. This is one of the fastest growing attack categories in crypto (Chainalysis, 2024–2025). No legitimate service operates this way.
Expected: Detected — Recovery Scam / Social Engineering
#14 Gasless Wallet Verification APPROVAL PHISHING 
⚠️ Wallet Verification Required

Your wallet has been flagged for unusual activity by our security system. To prevent automatic exclusion from the upcoming token distribution, please complete a one-time ownership verification.

This is a gasless transaction โ€” it costs you nothing and is completely read-only. We never gain access to your funds. Your private key never leaves your device.

Sign here to verify ownership:
verify-wallet-secure.io/ownership-check

The signature simply proves you control the wallet. This is a metadata update only โ€” no tokens will be moved or approved.

Wallets that do not verify within 2 hours will be excluded from the airdrop distribution and cannot be re-added.

This is a standard procedure required for all holders. The process takes under 30 seconds.
This message is carefully designed to make you feel safe while you hand over control of your wallet. Every reassuring phrase is a lie. Approval phishing is the fastest-growing wallet attack in crypto — CrypGuard catches these regardless of how the message is worded.
Expected: Detected — Approval Phishing / Wallet Takeover
04

Legitimate Messages

These should NOT trigger any detection. False positives are just as important to test as true positives.

9 SCENARIOS
#13 Trading Discussion SAFE 
Grabbed some ETH at $2,850 yesterday during the dip.

My DCA strategy is every Tuesday regardless of price - been doing it for 18 months and I'm up about 35% overall.

Anyone else buying this range or waiting for lower?
Expected: No detection — Normal trading discussion
#14 Tech Support Question SAFE 
Anyone familiar with Arbitrum gas settings?

Getting "transaction underpriced" errors when trying to bridge USDC from mainnet.

I've tried bumping the gas limit to 200k but still failing. Network issue or am I missing something?
Expected: No detection — Legitimate tech question
#15 Community Event SAFE 
Hey everyone! Planning a community call for next Saturday (March 1st, 3pm EST).

Topics:
• Q1 roadmap review
• Treasury allocation vote
• New partnership reveals

Will post the Discord stage link in #events on Friday.

If you have topics you want covered, drop them in #suggestions before Thursday!

See you there! 🎉
Expected: No detection — Normal community announcement
#16 Educational Link (Binance Academy) SAFE 
For anyone new to DeFi, this article really helped me understand impermanent loss:

https://academy.binance.com/en/articles/impermanent-loss-explained

It's from Binance Academy - explains the math in simple terms.

Wish I'd read this before I lost 15% in my first LP 😅
Expected: No detection — Legitimate educational resource
#17 Sharing Multiple Resources SAFE 
Check out this cool article: https://medium.com/ethereum-guide

I found this helpful: https://stackoverflow.com/questions/12345

Great tutorial here: https://youtube.com/watch?v=abc123

OpenSea collection: https://opensea.io/collection/cool-nft
Expected: No detection — Trusted domains
#18 Project Update SAFE 
Quick update on the NFT drop:

We've finalized the artwork and smart contract is being audited by Certik (real one, not scammers lol).

Mint date is confirmed for March 20th. Price will be 0.05 ETH.

Public mint opens at 12pm EST. No whitelist, FCFS.

Contract address will be posted in #official-links 24 hours before mint.

As always - verify everything, we'll never DM you first!
Expected: No detection — Legitimate project announcement
#19 Asking for Recommendations SAFE 
Looking for a good hardware wallet for long-term storage.

I've been using MetaMask but want to move my larger holdings to cold storage.

Considering Ledger or Trezor - anyone have experience with both?

Main concerns are: ease of use, security track record, customer support.
Expected: No detection — Normal discussion
#20 Legitimate Dev Tools SAFE 
Just discovered Hardhat's console.log feature for Solidity debugging.

npm install --save-dev hardhat

Super useful for tracking down those weird edge cases in your contracts.

Has anyone tried Foundry as an alternative? Curious how it compares.
Expected: No detection — Legitimate developer tools
#21 Real Telegram Community Link SAFE 
Heads up — we have an official Telegram channel for faster updates and off-hours chat.

Join here: t.me/CrypGuardCommunity

Same team, just an extra platform. We post chain-wide alerts and AMA schedules there first.

No wallet connection, no tokens, no registration — just t.me like any normal Telegram link.
This is a real Telegram link — t.me is Telegram's official short domain. CrypGuard knows the difference between legitimate platforms and impersonators. Compare this with Scenario #21 in the Ultra-Sophisticated section: the domain there looks identical but is completely fake.
Expected: No detection — Recognised official platform
05

Ultra-Sophisticated

Messages that appear completely normal but contain hidden manipulation invisible to the human eye. These are the attacks that fool every other tool.

2 SCENARIOS
#21 Fake Telegram Link EVASION 
🔒 Important notice for all holders

Our community is moving to a private Telegram group for announcements and alpha drops that we can't post publicly here.

Discord has been adding restrictions on crypto servers and we've already had content removed.

Join our new base: https://tеlegram.me/holdersonly

First 300 members get early access to the next drop. Link expires in 24 hours.
The domain in this message looks exactly like Telegram — but it's a fake. One letter has been swapped with an identical-looking character from a different alphabet. Your eyes can't tell the difference. CrypGuard can. This is one of the most dangerous attack techniques in crypto because the URL passes every visual inspection. Compare with the safe Telegram link in Section 04 — that one is real and passes clean.
Expected: Detected — Fake Domain / Impersonated Platform
#22 Invisible URL Attack EVASION 
Hey team! Our new staking dashboard is live 🎉

Features:
• Real-time APY tracking
• One-click compounding
• Multi-chain support (ETH, BSC, Polygon)

Early access: stake‍.crypguard‍.io

Connect wallet to see your estimated rewards. No fees for first 100 users!

Built by the same team behind our governance token. Fully audited.

LMK if you run into any issues!
The domain in this message looks like a real CrypGuard URL. It is not. Something invisible has been injected into it.
Expected: Detected — Fake Domain / Evasion Technique

TEST SUMMARY

25
Total Scenarios
16
Should Detect
9
Should Ignore

If a legitimate message (Trading Discussion → Real Telegram Community Link) triggers a detection, that is a false positive and should be reported. Use !dismiss in your alerts channel to clear it.

⚠️

AFTER TESTING

Complete these two steps to wrap up your test session

1

Generate a Trust & Safety Report

Find the flagged user's User ID in the visual alert posted to #crypguard-alerts, then run:

!report-scammer <user_id>

Always use the User ID (the number shown in the alert), not the display name — display names can be duplicated. CrypGuard will generate a full Discord Trust & Safety report with all flagged messages, threat classifications, and evidence — ready to submit to Discord.

2

Clean Up Test Data

Once you've reviewed the report, use the same User ID and run:

!dismiss <user_id>

This will delete all flagged test messages from the channel and remove all associated data from the CrypGuard database. Use the User ID from the alert — never the display name. Your server is back to clean.

BONUS TEST
🕵

IDENTITY IMPERSONATION DETECTION

CrypGuard also detects when someone copies a staff member's identity. To test this, you don't need a special message — you need a fake profile. This is the hardest attack to catch, and the most dangerous.

👤
Original Admin
Member since 2023
✓ VERIFIED
VS
👤 IDENTICAL
Copied Admin
Account created today
⚠ IMPERSONATOR
IDENTITY
COPIED ✓
TRUST LEVEL
SUSPICIOUS ⚠
VERDICT
IMPERSONATOR 🚨
🛡 IMPERSONATION DETECTED — CAUGHT BEFORE FIRST MESSAGE
1
Pick a staff member — choose any admin or moderator in the server you want to test.
2
Copy their display name — on a separate non-staff account, change your server nickname to match theirs exactly.
3
Copy their avatar — right-click their profile picture, save it, then upload it as your own avatar.
4
Copy their status (optional) — set the same custom status to make the impersonation more convincing.
5
Send any message — it doesn't matter what you type. CrypGuard will catch the impersonation automatically.
No screenshots or special text needed — just look like someone you're not, and CrypGuard will catch it.