How I Built a Fake Admin Detection System for Telegram Web3 Communities

One of the most destructive attacks hitting Web3 Telegram communities in 2026 is fake admin impersonation. An attacker creates an account almost identical to your lead admin, waits until they're offline, then DMs members with fake contract addresses or wallet verification requests. Existing bots like Rose Bot and Modr8ai don't catch this because they monitor group content, not admin identity. The attack happens in private DMs — completely invisible to standard moderation tools. Here's the architecture I used to solve it in Garkuwa Security Bot: Step 1 — Admin Registry Every verified admin username is registered with the bot at setup. This becomes the source of truth. Step 2 — Real-time Username Monitoring Every account that joins the group is cross-referenced against the registry. Any username with character substitution patterns — like replacing "l" with "I" or adding underscores — triggers an automatic flag. Step 3 — Auto-removal Before Contact Flagged accounts are removed before the