Dear Awaken User,

Yesterday evening (April 1st, 2026), we identified and quickly stopped unauthorized activity on our platform. We are now working with third-party forensic experts to undertake a thorough investigation. While the investigation into the scope of this activity is just starting, we want to provide you with transparent and timely information so that you can take steps to protect yourself.

Be Alert for Social Engineering

As you know, it is common for bad actors to try to scam cryptocurrency holders into sending funds to the wrong place or give them access to a wallet. While we don’t know the motives behind this incident, it is important that you always stay vigilant. Specifically, keep an eye out for:

• Phishing emails. You may receive emails appearing to come from Awaken, a government tax authority (e.g., the IRS), a cryptocurrency exchange, or a financial institution. These emails may reference specific account or transaction details to appear legitimate.
• Fraudulent phone calls (vishing) and SMS scams (smishing). Scammers may call or text you claiming to represent Awaken, the IRS, or another trusted organization, referencing personal details.
• Impersonation attempts. Bad actors may impersonate Awaken employees, tax professionals, or government officials through any channel, claiming urgent action is required.

Steps You Should Take To Protect Yourself

We strongly urge you to remain on high alert and to take the following steps immediately.

• Revoke your API credentials for connected cryptocurrency exchanges. You can remove the integration from Awaken, but doing so will also remove your transactions. Any email claiming to offer token airdrops by Awaken are unauthorized emails sent by a bad actor. We do NOT have any officially issued coins or tokens.
• Verify the identity of anyone who contacts you. If you receive a call, email, text, or Telegram message claiming to be from Awaken or any financial institution, do not provide any information. Instead, contact the organization directly using a phone number or email address you independently verify (e.g., from the organization's official website or a prior account statement).
• Do not click links or open attachments in unsolicited messages. Navigate to websites directly by typing the URL into your browser rather than clicking embedded links.
• Enable multi-factor authentication on your Awaken account, email accounts, cryptocurrency exchange accounts, and any other financial accounts.
• If you have any additional questions or concerns, please reach out to us via our support portal https://awaken.tax/support. Or you can email us at [email protected].

How Awaken Will and Will Not Contact You

Awaken will only send official email communications from addresses ending in @awaken.tax. Awaken will never ask you for: your password or login credentials; your full Social Security Number or Tax Identification Number; your private cryptocurrency wallet keys or seed phrases; one-time passcodes or multi-factor authentication codes; or wire transfer, cryptocurrency transfer, or payment card details for the purpose of "verifying" your identity.

Our Ongoing Commitment

We understand the seriousness of this incident. Security is something we invest in heavily, even as a small company, but that does not diminish the impact of what has occurred. We are constantly working to strengthen our security and avoid incidents like this. We are committed to fast-tracking penetration tests and redoubling our efforts to secure your data with additional investment in our cybersecurity program. We love the crypto community and work day-in and day-out to build the best product we can for you. We are committed to doing everything in our power to prevent this from happening again and to earning back your trust.