Galxe Secures Web3 Growth with Proactive Social Engineering Defense

Overview

Galxe is the leading platform for community growth and on-chain distribution in web3, powering loyalty programs, quests, and digital identity for thousands of teams across the digital asset ecosystem.

Operating at a global scale across millions of users and partner brands means sitting directly at the intersection of high-value users and project funds. With this massive visibility, one of the most direct paths to harming the community runs through impersonation.

To make sure its platform remains a trusted space for brands to launch and scale, Galxe partnered with Doppel. This collaboration transitions Galxe from reactive workflows to a proactive, real-time Social Engineering Defense (SED) system, guaranteeing that the thousands of partner communities building on Galxe can grow with absolute confidence and security.

Scaling Growth in Web3 Brings a Surge in External Threats

As the leading on-chain distribution and community platform in web3, Galxe propels businesses along their web3 journeys through powerful, problem-solving products that enable ownership and exploration.

With millions of users globally and thousands of integrated partner brands and chains, teams from startups to global leaders rely on Galxe to power user acquisition, campaign automation, and community engagement. Its product suite spans Galxe Quest, Galxe Passport, Galxe Score, Galxe Earndrop, and Gravity, their native chain.

But sitting at the intersection of users and brands has also turned Galxe into a high-value target for bad actors. Threat actors deploy daily social engineering tactics designed to phish and steal from projects and users alike. These threats don’t live within internal systems. Instead, they live entirely on external channels that traditional security tools fail to monitor.

From the support side, social engineering is the category of issue causing the most user harm.

The Galxe team explains:

"Users come to us after the fact: they've already clicked a fake link, connected their wallet to a spoofed site, or been contacted by someone impersonating Galxe support. The most common patterns include fake Telegram groups posing as official Galxe channels, phishing sites mimicking the Galxe UI, and fake support agents DMing users who post in public channels."

Left unchecked, these sophisticated external threats put community trust and user funds at immediate risk.

Extending the Security Perimeter to Protect the Ecosystem

For Galxe, taking security seriously goes far beyond the protocol level. Because the platform handles sensitive user and project assets, defending the brand surface that users trust has become a core, top-tier security workstream.

This posture was permanently solidified following a sophisticated domain attack. Galxe recalls the inflection point:

"In October 2023, an attacker socially engineered our domain registrar, impersonating an authorized team member with falsified documentation, and briefly redirected galxe.com to a malicious site. We recovered fully and hardened our posture, but the incident made one thing permanent in how we think. Social engineering is a top-tier threat vector for us, not a fringe one."

The limitations of existing tools quickly became apparent. Relying entirely on user reports meant that the support team was constantly reacting after the damage had already occurred. Galxe recognized that to truly safeguard the communities building on its protocol, it had to extend its security perimeter outward to where adversaries actively operate.

The requirements for a new social engineering defense platform were clear: They needed proactive detection capable of finding and identifying a threat before a user ever interacts with it. Above all, speed was the metric that mattered most, because every hour a fake site or impersonator account remains live is another user at risk.

Turning a Reactive Process into a Proactive System

Galxe chose Doppel to shift from an incident-driven posture to a real-time, preventative defense system. Doppel’s platform breaks the social engineering attack chain by unifying cross-channel visibility into a centralized, real-time threat graph.

For Galxe, this unlocked enterprise-grade Digital Risk Protection (DRP) capabilities that continuously identify and disrupt threats across both mainstream and fringe platforms. Instead of just defending Galxe in isolation, Doppel maps and dismantles malicious infrastructure targeting the entire ecosystem, including lookalike domains, fake social profiles, cloned quest pages, and spoofed partner campaigns.

By correlating signals across these channels, Doppel Threat Graph maps disparate indicators into a complete view of an adversary’s campaign, revealing the infrastructure, assets, and tactics behind coordinated attacks. This enables Galxe to move beyond addressing isolated incidents and instead disrupt entire threat campaigns before they can reach users.

The partnership yielded immediate results across Galxe’s workflows, transforming how the support and marketing teams measure success. Since the deployment, surface-level visibility has detected 13,067 alerts and taken down 405 total threats.

As Galxe says:

"The support team sees it indirectly: fewer users reporting harm from fake sites. When users stop flagging a channel or site, it's usually because it's gone. We track through ticket patterns. If a fake account is still live and reaching users, we'll see it in the queue. When those reports thin out, Doppel's working."

Doppel’s platform proactively hunts for and intercepts external threats on Galxe’s behalf. When high-risk vectors emerge, such as fake Telegram groups trying to siphon community members, Doppel Threat Graph intelligence automatically detects the infrastructure in real time.

By executing automated, high-confidence takedowns, Doppel neutralizes these fraud campaigns at the root, maintaining a triage time of 0.1 hours. Across all vector types, the system achieved a median take-down time of 40.2 hours, clocking in at 43.8 hours for social media threats and 59.76 hours for domains. This speed eliminates the need for manual customer monitoring.

As a result, Galxe has transformed external threat management from a reactive exercise into a proactive defense capability, shrinking attack lifecycles to hours, disrupting campaigns at scale, and helping preserve trust across its platform.