Tonight, my sister almost got scammed out of 2M USDC while seeking help on Discord (DC). The scammers on DC are so smooth it's outrageous! If it weren't for a major flaw in the final step, I might have fallen for it during my first experience. I stayed up late to write about the incident—everyone, please be cautious and carefully identify scams to avoid being deceived! Yesterday, I noticed that the rewards on Fluid hadn't updated for about 24 hours. Normally, they settle every 8 hours. I had placed around 1M USDC in each of two addresses and was worried something might be wrong. So, I decided to ask on DC whether the cycle duration had been updated. Since Fluid's ticketing system is specifically for collaboration-related tickets, most people ask questions in the support hall (which is practically a breeding ground for scammers). I asked my question in the hall, and someone pulled me into a locked governance forum with a topic about clock updates. (I don't use DC much and am unfamiliar with many features, so this first step really fooled me. I thought an official person had created a locked room and invited me in, similar to a ticket room. The topic seemed relevant, but it turned out they had just tagged me in the comment section of an expired locked forum. Anyone could do this, but the fact that it wasn't a private message operation made me let my guard down.) Then, this person started asking for the addresses where I encountered issues. After I sent a few, the system flagged them as spam and wouldn't send them. He then suggested I send them via private message. In the private message, I glanced at his "role" to confirm (this is where it gets disgusting—he had just added emojis in the "About Me" section and likely used markdown to change the font, which made it look like he had a role). It was late at night, and I was tired, so I believed him after a quick glance 😂. Later, I found out he was impersonating an admin, likely targeting first-time DC users. (He used a strange ID to impersonate, which wouldn't fool experienced DC users.) Next came the classic scammer move: he suggested I try logging in again and sent me a phishing website, saying I should use it to log into my wallet to see if the issue could be resolved. I was too tired to look closely and thought I could just test it with my Coinbase wallet. Later, I realized he had sent me a phishing site with a weird suffix. When I checked the WHOIS, I found it was registered two weeks ago. The site immediately asked for my private key upon entry—who would fall for that 😂? I feel like 90% of people would recognize the scam once they see the URL. However, the entire process leading up to this was really disgusting for a first-time experience! Every step was designed to lower your guard. With the bull market coming, everyone should pay attention to wallet security!