According to Wu, community user @zzzzzeroooo tweeted that his wallet was stolen. When he was charging the pump, he clicked a link disguised as CTO, entered the TG channel and verified. The verification that was completed by clicking normally was forged into a step that required scanning a QR code. The user mistakenly thought it was an IP problem, so he scanned the QR code, causing TG to be logged into the scammer's device. The user found that most of the robot balance on TG was transferred away. Although about $20,000 was recovered, about $40,000 was still lost. He suggested that TG add password protection functions, such as requiring a password when transferring and exporting private keys.