According to PANews, a new type of cryptocurrency scam has been reported recently, primarily involving offline physical transactions. The scam uses USDT as a payment method and manipulates the Remote Procedure Call (RPC) of Ethereum nodes for fraudulent activities.
The scammer first lures the target user to download the genuine imToken wallet and uses 1 USDT and a small amount of ETH as bait to gain the user's trust. Then, the scammer guides the user to redirect their ETH's RPC address to the scammer's node. This node has been modified by the scammer using Tenderly's Fork function, and the user's USDT balance is falsified to make it appear as if the scammer has transferred funds into the user's wallet. When the user tries to transfer miner fees to realize the USDT in the account, they realize they have been deceived, and by this time, the scammer has already disappeared.
In fact, in addition to the balance display that can be modified, Tenderly's Fork function can even change contract information, posing a greater threat to users. RPC is a way of connecting and interacting that allows us to access network servers and perform operations such as viewing balances, creating transactions, or interacting with smart contracts. By embedding RPC functionality, users can execute requests and interact with the blockchain. However, if users easily believe others and link their wallets to untrusted nodes, the balance and transaction information displayed in the wallet may be maliciously modified, resulting in financial loss.
An analysis using the on-chain tracking tool MistTrack on one of the known victim's wallet addresses shows that the victim's address received a small amount of 1 USDT and 0.002 ETH from another address. Looking at the fund situation of this address, it was found that this address transferred 1 USDT to 3 addresses, indicating that this address has scammed three times.
The cunning of this type of scam lies in exploiting the psychological weaknesses of users. Users often only pay attention to whether there are funds in their wallets and ignore the potential risks behind them. Scammers take advantage of this trust and negligence, and through a series of seemingly true operations such as transferring small amounts of funds, they defraud users. Therefore, it is recommended that users remain vigilant during transactions, enhance self-protection awareness, do not easily trust others, and avoid damage to their own property.