Unveiling cryptocurrency scams: Wallet authorization traps

Unveiling cryptocurrency scams: Wallet authorization traps

I only transferred one USDT to him, and 500,000 in the wallet was stolen. This is a real case.

Today, I share a real case of a friend getting scammed. In fact, I have shared this type of scam before, but today I will use a real case of a friend to show how this scammer guided this partner step by step to let him fall for the scam.

I will detail the scammer's main purpose throughout the process and why he needs you to operate this way.

In fact, I have shared the logic behind it in a previous article. However, the methods of this scam are varied, but the ultimate goal is the same. I hope that after sharing this partner's experience, everyone can learn from it and not be fooled again in the future.

The cause of the matter is that the scammer is buying USDT at a high price, 1 USDT can be exchanged for 9.4 RMB. This scammer instructed this partner to use a certain web3 wallet without a private key; in fact, it doesn’t matter which wallet is used. Using a certain trusted wallet, IM, TPtoken wallet, or other web3 wallets is the same operation. The essence of this issue is not a wallet issue, but your subsequent operations.

This is the scammer's rhetoric. He says that the USDT on exchanges is relatively easy to track, and he instructs this partner to withdraw the USDT to a web3 wallet. Following the scammer's advice, this partner used a certain app to create a wallet without a private key. Then the scammer told this partner to transfer the USDT to the newly created wallet without a private key. In fact, the scammer's goal is to have control over your web3 wallet's operations, so he guides you to transfer funds to the web3 wallet.

This certain web3 wallet can be any other web3 wallet. At this point, the scammer still cannot control your assets. This is the operation where the scammer guides this partner to withdraw USDT from a trusted wallet to a certain web3 wallet without a private key. The network used for the wallet is TRON; in fact, this has nothing to do with the network you are using. Whether you use Binance Smart Chain, Polygon network, or Ethereum network, your USDT can still be scammed away.

Since the wallet just created was used earlier, the scammer knows that your wallet does not have TRX for gas. He will transfer 100 TRX to your wallet as gas fees. In fact, the scammer seems to have transferred 130 TRX to this partner as gas fees. The scammer has already transferred some TRX to this partner and then asked this partner to send him one USDT to test the wallet.

At this point, I will repeat three times: this is extremely, extremely, extremely important. The main purpose of this scam is to have you perform the transfer operation. This is part of the scammer's rhetoric. They will ask you to transfer one USDT to them, primarily to confirm that your account can transfer normally. If your account can transfer normally, then he will offer a high price to buy your USDT, etc. There may be various similar phrases; some phrases for buying black or fake USDT are also basic operations. Their ultimate goal is only one: to transfer funds from your wallet to the other party's wallet. A common phrase is to ask you to transfer one USDT to verify if it’s real USDT.

If this partner cancels the transaction at this moment, he can avoid being scammed and even earn some TRX. But clearly, this partner doesn’t understand how to use the web3 wallet, and he still transferred one USDT to the scammer. Note that the TRX receiving address provided by the scammer is a QR code.

In fact, this QR code is not a wallet address but a webpage that the scammer has carefully arranged. After this partner scanned the QR code with the web3 wallet without a private key, it would redirect to a webpage. The webpage has a code set up in the background to scam authorization. You think it’s just a simple transfer operation, but in fact, it is an operation to scam your wallet authorization in the background.

When you think you are just transferring one USDT to the other party, but when you click confirm, what he calls in the background is not the transfer operation, but the authorization operation. The content of the authorization is to transfer the control of your wallet to the scammer's wallet address, allowing the scammer to steal all your wallet's assets.

The underlying logic is to set up a multi-signature wallet. This multi-signature can also be said to transfer the control of your current wallet address to the scammer's address. For those who don't understand multi-signature, you can look it up yourself; I won't elaborate here. Here, he has changed the control of your wallet based on the backend code. You think you are clicking to confirm the transfer, but in fact, he is calling the operation to transfer control of your wallet in the background.

In my previous sharing about the scam of sharing public mnemonic phrases, he only scammed some gas fees. In this case, he directly stole all the assets in your wallet. In any case, he needs to obtain your authorization in order to transfer your wallet's funds, so when friends are transferring, they must be very cautious.

Generally, when you transfer or authorize, your wallet will have prompts. However, some novices do not look at any prompts and directly click confirm. If you don’t know how to use a web3 wallet, then don’t use it; honestly use the wallet address from the exchange. Additionally, when interacting with smart contracts, always pay attention to the wallet prompts and don’t blindly click authorize. This is a real case shared by a group friend who got scammed today; I hope all friends can take it as a warning and not be fooled again.

Alright, that's all for this issue. If you found it helpful, please support me with a simple three-click action, follow me, and I will continue to update on how to uncover scams. See you next time.