Most of them were over-authorized. Yesterday, a female friend of mine also over-authorized by more than 200,000.
What are the common routines?
Fake wallets: Retail investors search for the wallet download address on search engines, then download and register. The moment they recharge their assets, they lose control of their assets.
Mnemonics are lost: Mnemonics are usually saved physically, with two copies written down and placed in two places. Most retail investors find it troublesome and only make one copy. I have made this mistake before, and the mnemonics I kept at home disappeared. Many retail investors find it troublesome and take screenshots of mnemonics to photo albums, or other third-party storage software, network disks, photo albums, memos, etc. These are extremely unsafe. Many apps can read your mobile phone photo albums.
Another mnemonic phrase trick is that many scammers pretend to be newbies on social software, saying that they don’t play anymore, and then publish the number of Us in the mnemonic phrase. Then the newbie immediately restores the wallet and sees that there is no GAS fee. So he tops it up and finds that he can’t transfer it out. This is their trick, to cheat you out of the transaction fee.
Hardware wallet scam: All the hardware wallets you can see on JD.com and JD.com have been modified. When you buy them, they are actually second-hand devices. Merchants tamper with the wallets and then sell them to you. After a few months, they close the stores and reopen them. When you have large amounts of assets stored, you will be stolen.
Phishing address: When transferring money, novices often do not check the middle part of the other party's wallet address, but look at the last 4-6 digits. Therefore, some novices copy the address of their first transfer. No problem, after the transfer is made, there will be an address with the same last digit to transfer 0.00 U to the wallet. Many novices call it a transfer subsidy. In fact, this address is a phishing address, and the last digit is the same as yours. When you make the next transfer, novices will not check it, and directly look at the last digit and transfer it to this phishing address. Someone was defrauded of 800,000 U.
U is stolen by acquaintances, KTV ladies, and currency traders: This situation is very common. In the past, the victims could not find the reason at all. In fact, it is very simple. Just know the lock screen password of your phone, and then within 20 seconds when your phone is out of your sight, open the lock screen password to open the wallet, enter the wallet payment password, export the mnemonic (private key), take a photo, and then restore it to its original state. After a long time, your digital assets will be stolen again, and you will not know how you were stolen.
Scam link authorization: After entering Web3, in addition to looking forward to the opportunity to get rich quickly, another thing is to deal with the proliferation of scam links. Various scams are hidden behind scam links, and if you are not careful, you can "instantly return to zero" - the assets still exist, but they no longer belong to you. The main sources of these links include but are not limited to:
1) Celebrity tweets and comment area;
2) Project official Twitter and comment area;
3) Private messages on Twitter, Telegram, and Discord;
4) Discord community announcement channel and chat area;
5) Twitter marketing advertising content;
6) The hijacked official website of the legitimate project;
7) Search results pages of browsers such as Google and Baidu;
8) The (seemingly) popular airdrop claiming links forwarded by WeChat group members;
9) Links to authorized junk NFT orders airdropped on NFT trading platforms such as Opensea;
10) A calendly calendar link for your online meeting…
Response: At any time, on any platform, and in any private message from anyone, you must be 120 points or even 120,000 points vigilant. Although most of us are just a few people, scammers are open to everyone in most cases. This is one of the reasons why even the official Twitter account of the SEC is not immune.
As for the favor of interview opportunities from world-renowned magazines, or the unsolicited private messages from bigwigs from investment institutions, I believe many people have also seen similar scams. Remember this: there is no free lunch in the world, unless this lunch has been secretly marked with other prices.
Social engineering attacks: Many people may be unfamiliar with social engineering attacks, but in this regard, scammers in the Web2 field are already sophisticated enough to quickly screen targets and execute them quickly.
Simply put, we can understand social engineering attacks as security traps that are "exclusively customized" for you after a certain investigation of you, such as impersonating WeChat friends to request fund transfers, pretending to be buyers to purchase your rare NFTs, job opportunities that come to your doorstep, 1:1 counterfeit fake accounts and carefully prepared whitelist places, etc. Even OTC or over-the-counter guarantee groups *impersonating* guarantors belong to this category.
The famous big V Conscience Brother has been defrauded by this kind of three-party friends and the airplane skirt guarantee, all of which are routines.
Follow me! Get more information about the cryptocurrency world! #内容挖矿 #BTC #BB