How we checked this
We reviewed the linked sources and keep this page updated when the record changes. Use the source list below to verify the details.
Short answer
A message that mentions the “Travel Rule” is not automatically a scam. But a compliance-sounding message is not proof that the sender is genuine either. The safest response is to verify the request through the exchange’s official website or app that you open yourself, not through links, phone numbers, or chat handles provided in the message.
Summary box: Treat any unsolicited “Travel Rule,” compliance, or account-review message as unverified until you confirm it through an official channel. Do not send extra crypto, documents, or login details just because a message sounds regulatory or urgent.
Why this topic causes confusion
Scammers often imitate official procedures by using language about security checks, account reviews, blocked transfers, or compliance steps. Public cyber-safety guidance consistently warns users to be cautious with unsolicited messages, links, attachments, and requests for sensitive information. That general principle matters here: a message can sound formal and still be part of a phishing or impersonation attempt.
This article does not make legal claims about how the Travel Rule works in every country or what every exchange requires. Jurisdiction, platform policy, and transaction context can differ. The evidence available for this draft supports a consumer-safety guide about verification and scam warning signs, not a global compliance explainer.
Date-checked note: This guidance was reviewed against the currently attached public cyber-safety sources for this draft. It should be read as verification advice, not as a complete legal explanation of Travel Rule requirements.
What to do when you receive one of these messages
If the message arrived by email, text, social media, private chat, or an unexpected phone call, do not assume it is real. Open the exchange’s official app or type the exchange domain into your browser yourself, then check whether the same notice appears inside your account or support area.
2. Slow down if the message creates pressureOfficial-looking scams often try to rush the target. If the sender says your assets will be frozen immediately, your account will be closed within minutes, or a transfer can only be released if you act now, treat that pressure as a warning sign and pause before responding.
3. Avoid message links and attachmentsA safer habit is to use a bookmark, manually entered address, or the exchange’s official app. That reduces the risk of landing on an imitation login page or downloading something malicious.
4. Do not disclose sensitive information until the request is independently confirmedIf a message asks for account records, identity documents, personal details, or transaction information, first confirm that the request appears in a support flow you trust and that you reached independently. If you cannot confirm that, stop there.
5. Do not send more crypto to “clear” or “unlock” anythingA particularly serious red flag is any demand to deposit additional funds to release a transfer, pass a review, or complete a supposed compliance step. Treat that as high risk unless you have verified the request directly inside the exchange’s real support process.
Signals to compare before you respond
| Signal | Lower-risk interpretation | Higher-risk interpretation | Why it matters |
|---|---|---|---|
| Where you first see the issue | Inside the official app or site you opened yourself | In an unsolicited email, text, DM, or chat | Unsolicited contact is easier to fake |
| How you are told to respond | Through official account or support channels | Through a message link, private wallet, or off-platform chat | Scammers often control the reply path |
| Tone of the request | Procedural and verifiable | Threatening, rushed, or emotionally pressuring | Urgency is a common social-engineering tactic |
| What the sender wants first | Verification through a known process | Sensitive data before you verify the sender | Verification should come before disclosure |
| Whether money is requested | No extra payment demand through an unverified route | “Send more crypto to release funds” | Advance-payment pressure is a major scam red flag |
Practical checklist
- Open the exchange through its official app or a manually entered website address.
- Check whether the same alert appears inside your real account.
- Use only support channels you find independently on the official site or app.
- Keep screenshots, sender details, URLs, and message text for reporting.
- Do not send extra crypto, passwords, codes, or identity documents until the request is verified.
- If you clicked a link or entered credentials, change your password from the official site or app and review account security settings immediately.
- Report suspected impersonation to the exchange through its official support process.
- If relevant in your location, report the incident through a government or national cybercrime reporting channel.
Common mistakes to avoid
Words like “compliance,” “review,” “security,” or “Travel Rule” can make a message sound credible, but wording alone does not authenticate the sender.
Continuing the conversation inside the same message threadIf the first contact is fake, replying in the same thread keeps you inside the attacker’s process. It is safer to leave that path and start over from the exchange’s official website or app.
Paying first to solve the problemIf someone claims funds are blocked unless you send more crypto, that should trigger extra caution rather than faster payment.
What this article can confirm
This article supports a narrow but important conclusion: compliance-style language can be used in scam attempts, so the message should be verified through an official channel before you act. It also supports practical anti-phishing steps such as avoiding unsolicited links, slowing down under pressure, and protecting sensitive account information.
What still needs stronger sourcing
A fuller explainer would need primary sources on the Travel Rule itself, such as regulator or exchange documentation, before making claims about legal definitions, thresholds, required data fields, or how named exchanges usually process these requests. Those details are not added here because they are not supported by the currently attached evidence.
Sources
- CERT Polska — official cybersecurity alerts and public guidance
- NASK — official cybersecurity institution guidance
- Gov.pl: cyberbezpieczeństwo — official government cyber-safety guidance
Update log
- 6 Jul 2026Published with source tracking and reader-safety context.
- CorrectionsIf a source changes or a claim needs clarification, this page can be updated from the editorial desk.