Sources checked

How we checked this

We reviewed the linked sources and keep this page updated when the record changes. Use the source list below to verify the details.

Source links attached Safety context included Corrections open

Short answer

A message that mentions the “Travel Rule” is not automatically a scam. But a compliance-sounding message is not proof that the sender is genuine either. The safest response is to verify the request through the exchange’s official website or app that you open yourself, not through links, phone numbers, or chat handles provided in the message.

Summary box: Treat any unsolicited “Travel Rule,” compliance, or account-review message as unverified until you confirm it through an official channel. Do not send extra crypto, documents, or login details just because a message sounds regulatory or urgent.

Why this topic causes confusion

Scammers often imitate official procedures by using language about security checks, account reviews, blocked transfers, or compliance steps. Public cyber-safety guidance consistently warns users to be cautious with unsolicited messages, links, attachments, and requests for sensitive information. That general principle matters here: a message can sound formal and still be part of a phishing or impersonation attempt.

This article does not make legal claims about how the Travel Rule works in every country or what every exchange requires. Jurisdiction, platform policy, and transaction context can differ. The evidence available for this draft supports a consumer-safety guide about verification and scam warning signs, not a global compliance explainer.

Date-checked note: This guidance was reviewed against the currently attached public cyber-safety sources for this draft. It should be read as verification advice, not as a complete legal explanation of Travel Rule requirements.

What to do when you receive one of these messages

1. Verify the channel before anything else

If the message arrived by email, text, social media, private chat, or an unexpected phone call, do not assume it is real. Open the exchange’s official app or type the exchange domain into your browser yourself, then check whether the same notice appears inside your account or support area.

2. Slow down if the message creates pressure

Official-looking scams often try to rush the target. If the sender says your assets will be frozen immediately, your account will be closed within minutes, or a transfer can only be released if you act now, treat that pressure as a warning sign and pause before responding.

3. Avoid message links and attachments

A safer habit is to use a bookmark, manually entered address, or the exchange’s official app. That reduces the risk of landing on an imitation login page or downloading something malicious.

4. Do not disclose sensitive information until the request is independently confirmed

If a message asks for account records, identity documents, personal details, or transaction information, first confirm that the request appears in a support flow you trust and that you reached independently. If you cannot confirm that, stop there.

5. Do not send more crypto to “clear” or “unlock” anything

A particularly serious red flag is any demand to deposit additional funds to release a transfer, pass a review, or complete a supposed compliance step. Treat that as high risk unless you have verified the request directly inside the exchange’s real support process.

Signals to compare before you respond

SignalLower-risk interpretationHigher-risk interpretationWhy it matters
Where you first see the issueInside the official app or site you opened yourselfIn an unsolicited email, text, DM, or chatUnsolicited contact is easier to fake
How you are told to respondThrough official account or support channelsThrough a message link, private wallet, or off-platform chatScammers often control the reply path
Tone of the requestProcedural and verifiableThreatening, rushed, or emotionally pressuringUrgency is a common social-engineering tactic
What the sender wants firstVerification through a known processSensitive data before you verify the senderVerification should come before disclosure
Whether money is requestedNo extra payment demand through an unverified route“Send more crypto to release funds”Advance-payment pressure is a major scam red flag

Practical checklist

  • Open the exchange through its official app or a manually entered website address.
  • Check whether the same alert appears inside your real account.
  • Use only support channels you find independently on the official site or app.
  • Keep screenshots, sender details, URLs, and message text for reporting.
  • Do not send extra crypto, passwords, codes, or identity documents until the request is verified.
  • If you clicked a link or entered credentials, change your password from the official site or app and review account security settings immediately.
  • Report suspected impersonation to the exchange through its official support process.
  • If relevant in your location, report the incident through a government or national cybercrime reporting channel.

Common mistakes to avoid

Assuming regulatory language means the message is genuine

Words like “compliance,” “review,” “security,” or “Travel Rule” can make a message sound credible, but wording alone does not authenticate the sender.

Continuing the conversation inside the same message thread

If the first contact is fake, replying in the same thread keeps you inside the attacker’s process. It is safer to leave that path and start over from the exchange’s official website or app.

Paying first to solve the problem

If someone claims funds are blocked unless you send more crypto, that should trigger extra caution rather than faster payment.

What this article can confirm

This article supports a narrow but important conclusion: compliance-style language can be used in scam attempts, so the message should be verified through an official channel before you act. It also supports practical anti-phishing steps such as avoiding unsolicited links, slowing down under pressure, and protecting sensitive account information.

What still needs stronger sourcing

A fuller explainer would need primary sources on the Travel Rule itself, such as regulator or exchange documentation, before making claims about legal definitions, thresholds, required data fields, or how named exchanges usually process these requests. Those details are not added here because they are not supported by the currently attached evidence.

Sources

Update log

  1. 6 Jul 2026Published with source tracking and reader-safety context.
  2. CorrectionsIf a source changes or a claim needs clarification, this page can be updated from the editorial desk.