Background
According to feedback from our partner imToken, a new type of cryptocurrency scam has recently emerged. This scam primarily involves offline physical transactions and uses USDT as the payment method, exploiting the modification of Ethereum nodes’ Remote Procedure Call (RPC) for fraudulent activities.
Malicious Process
The SlowMist security team has analyzed this type of scam, and the specific malicious process carried out by scammers is as follows:
First, the scammer lures the target user to download the legitimate imToken wallet and gains the user’s trust by offering 1 USDT and a small amount of ETH as bait. Then, the scammer guides the user to redirect their ETH’s RPC address to the scammer’s own node (https://rpc.tenderly.co/fork/34ce4192-e929-4e48-a02b-d96180f9f748).
This node has actually been modified by the scammer using Tenderly’s Fork feature, and the user’s USDT balance is falsified to make it appear as if the scammer has already deposited the funds into the user’s wallet. As a result, the user sees the balance and mistakenly believes that the funds have been received. However, when the user tries to transfer the USDT to cash out into their account, they realize that they have been scammed. By this time, the scammer has disappeared without a trace.
In fact, besides balance display modification, Tenderly’s Fork feature can even change contract information, posing a greater threat to users.
Here, we need to address one question – what is RPC? In order to interact with the blockchain, we need a proper and universal way to access network servers. RPC is a method of connection and interaction that allows us to access network servers and perform operations such as checking balances, creating transactions, or interacting with smart contracts. By embedding the RPC function, users can execute requests and interact with the blockchain. For example, if a user uses a decentralized exchange through a wallet like imToken, they are actually communicating with the blockchain server through RPC. Generally, all types of wallets are connected to secure nodes by default, so users don’t need to make any adjustments. However, if they trust others too easily and link their wallet to an untrusted node, it may lead to malicious modifications of their displayed balance and transaction information, resulting in financial losses.
MistTrack Analysis
We used the on-chain tracing tool MistTrack to analyze one of the known victim wallet addresses (0x9a7…Ce4) and found that this victim address received a small amount of 1 USDT and 0.002 ETH transferred from address (0x4df…54b).
Looking at the funds in address (0x4df…54b), we discovered that this address has sent 1 USDT to 3 different addresses, indicating that this address has scammed three times so far.
Tracing back further, the address is associated with multiple trading platforms and has interacted with an address marked as “Pig Butchering Scammer” by MistTrack.
Summary
The cunning aspect of this type of scam lies in exploiting the psychological vulnerability of users. Users often only focus on whether funds have been received in their wallets and overlook the potential risks behind it. Scammers take advantage of this trust and negligence, using a series of operations that appear genuine, such as transferring small amounts of funds, to deceive users. Therefore, the SlowMist security team advises all users to remain vigilant and increase self-protection awareness when conducting transactions. Do not easily trust others to avoid financial losses.
Tags
RPC
USDT
Ethereum
Ethereum
Source link:
https://news.marsbit.cc/20240429113029876670.html
Disclaimer: The views expressed in this article are solely those of the author and do not constitute investment advice.
Original article link: https://www.bitpush.news/articles/6652589
Related news
Legendary Meme Coin Hunter James: Making $25 Million with $7,000, Now the Pumping Effect is Fading
Cancun Upgrade: Blob Inclusion Rate and Market Strategy Analysis
Decoding Blind Boxes: Retracing Airdrop Rules for “Gitcoin Donors”
The “Land Finance” and “Salinization Dilemma” of Public Chain Ecosystems
a16z: Token Issuance Playbook