Today, I will share a real case of a friend being cheated, hoping to raise everyone's vigilance and avoid being deceived. I have introduced this kind of scam before, but today I will use this case to analyze the scammers' scam process in detail, so that everyone can understand their real purpose and the logic behind it. Although the scam methods are diverse, the ultimate purpose is the same. I hope everyone can learn from it and not be deceived in the future.
The cause of the incident was that the scammers bought USDT at a high price. One USDT could be exchanged for 9.4 RMB, which was very tempting. The scammers asked the friends to use a certain web3 private keyless wallet to operate. In fact, it is the same to use other wallets such as a certain wallet, IM, TPtoken wallet, etc. The key to the problem lies in the subsequent operations, not the wallet itself.
The scammers used the idea that USDT on exchanges is easy to track, and induced the users to withdraw USDT to a web3 wallet. At the scammers’ suggestion, the users created a keyless wallet using a mobile app, and then transferred USDT to this new wallet. In fact, the scammers’ real purpose is to get you to operate a web3 wallet so that they can commit fraud later.
This web3 wallet of a certain exchange can be any web3 wallet, and it doesn’t matter what network it uses (such as TRON, Binance Smart Chain, polygon or Ethereum, etc.), scammers can find a way to steal your USDT.
Since it was a newly created wallet, the scammer knew that there was no TRX in it for gas fees, so he transferred 100 TRX (actually 130) to the friend as gas fees. Then, the scammer asked the friend to transfer him a USDT to test whether the wallet can transfer money normally. This step is very critical. The main purpose of the scammer is to let you perform the transfer operation to confirm that your account can transfer money normally, thus paving the way for subsequent fraud. Common rhetoric also includes buying and selling black U, fake U, etc., and the ultimate goal is to let you transfer a sum of money from your wallet to the other party's wallet.
If the friend cancels the transaction at this time, he can avoid being cheated and earn some TRX. But obviously, the friend is not familiar with the web3 wallet and still transfers a USDT to the scammer. Note that the TRX payment address provided by the scammer is a QR code. This QR code is not the real wallet address, but a webpage carefully arranged by the scammer. After the friend scans the code with the web3 private keyless wallet, he will jump to the webpage, and the background of the webpage has a code for defrauding authorization.
You think it is just a simple transfer operation, but in fact the scammers call the authorization operation in the background, transferring the control of your wallet to the scammer's wallet address, thereby defrauding all the assets in your wallet. The logic behind this is to set up multi-signature for the wallet, that is, to transfer the control of the current wallet address to the scammer's address. Those who don't understand multi-signature can check the information by themselves, and I won't go into details here. In short, the scammers changed the control of your wallet through the background code, making you mistakenly think that you clicked to confirm the transfer, but in fact it was an operation to transfer the control of the wallet.
I have previously shared scams that disclose mnemonics or require authorization. Those scams only scammed some gas fees, but in this case, the scammers directly scammed all the assets in your wallet. In any case, the scammers need to obtain your authorization to transfer the funds in your wallet. Therefore, everyone must be very cautious when transferring or authorizing. The wallet will have prompts, but some novices may click to confirm without reading the prompts. If you don’t know how to use a web3 wallet, don’t try it easily, and honestly use the wallet address of the exchange. When interacting with smart contracts, be sure to carefully check the wallet prompts and don’t blindly authorize.
The above is the real case of a group member being cheated that I shared today. I hope everyone can learn from it, be more vigilant, and avoid being deceived.
Musk-themed puppy ρꪊρρⅈꫀડ has 16,000 coin addresses and a market value of less than 100 million, so it has good potential. #比特币走势观察 #AIAgent热潮 #加密市场反弹 #比特币诞生16周年 #币安Alpha上新