'Dark Forest', a concept derived from (The Three-Body Problem), is also the most naked summary of the current Web3 security landscape.

The crypto industry, especially on-chain as an emerging field, has ample room for imagination and innovative gameplay. However, it is also like a 'dark forest'; whether old users or new players, familiarizing oneself with the various risks one may encounter on-chain and striving to avoid them is an eternal topic we need to learn continuously.

Recently, a scam targeting non-custodial wallet users has quietly gained popularity, utilizing the observation wallet (wallets that support 'observation mode') feature. Through a fabricated trust mechanism and carefully designed logical chains, it traps victims without any defense. For ordinary users, this scam may seem basic, yet it is highly deceptive and destructive.

Scammers exploit novice users' unfamiliarity with decentralized technology and wallet operation processes to steal crypto assets. In this context, understanding and being vigilant about these common yet deadly security risks becomes particularly important. This article will analyze the operation mode of this new type of scam in detail and provide users with a series of preventive tips.

What is the 'observation wallet' mode of a non-custodial wallet?

It is well known that the observation wallet mode is a feature of non-custodial wallets for crypto assets, allowing users to view the balance and transaction history of specific wallet addresses.

Due to the transparency of the blockchain, all on-chain wallet addresses, corresponding balances, and transaction records are transparent and visible. Users can enter any blockchain wallet address into blockchain explorers and other tools to view its asset balance and on-chain records, including receipts, transfers, on-chain authorizations, etc. During this process, the wallet owner's identity remains anonymous unless he/she actively discloses it.

As a non-custodial wallet, SafePal also offers an observation wallet mode. For example, when users create a new wallet, they can choose to create a new wallet, restore an old wallet, or import an observation wallet mode (click here to view the official tutorial on importing observation wallet mode with SafePal).

The image below compares the observation wallet mode with the normal wallet homepage, from which it can be seen that the observation wallet only allows viewing balances, but does not have transfer, swap, or other operational items.

When users import into observation wallet mode, they only need to fill in the wallet address to conveniently view the on-chain balance and transaction records of this wallet. However, since the observation wallet does not represent actual wallet ownership and only provides viewing functionality, users cannot operate the assets in the wallet while in observation mode.

For this reason, the observation wallet mode is generally used for the public to track and monitor the on-chain funding situation and trends of specific wallet addresses, such as regulatory monitoring of blockchain anti-money laundering, funding traces of hacking incidents, etc.

However, it is important to note that it does not support users in conducting any transfer transactions to this wallet address, nor does it equate to ownership of that specific wallet address. Only users who possess the private key/seed phrase of the wallet address can access and manage the assets within that wallet address.

The scams we mentioned today are designed by scammers who exploit users' unfamiliarity with this background knowledge.

How does the 'observation wallet' scam work?

The core operation of this scam is that the scammers contact and manipulate the victims, making them believe they can access the funds of the wallet address (often scammers use wallet addresses with a large amount of funds), and tell the victim that they need to make transactions to unlock their funds. However, in reality, they can only view the wallet balance and have no access or ownership.

The following outlines a typical operation of this scam:

Scammers approach users: Scammers impersonate wallet team support staff, often contacting users through social media platforms (such as Twitter, Telegram, or Reddit), initiating conversations by offering 'help' or 'investment' related to wallet issues. Some scammers may also post 'fake help requests' online, similar to 'I have a problem with my funds and can't withdraw them; can someone help me? I'm willing to pay a large reward.'

Disseminating false information: Scammers claim that users' wallets need to be 'verified' or 'upgraded' to access the funds within. They often guide users to download wallet apps from app stores to make it seem like they are assisting them in the normal wallet creation process.

Import wallet address: Then, the scammer asks the user to import the address into the wallet in observation mode, allowing the user to see the wallet's balance, which may contain a significant amount of cryptocurrency. The scammer continues to claim that the user needs to pay Gas Fees or deposit additional cryptocurrency into the specified wallet address, which is a trick to make users believe that they need to pay fees to unlock the funds in that wallet address.

Theft of funds: Once users send funds to the scammer's address, they will receive nothing in return, and the scammer will disappear. In other cases, the scammer may continue to request more funds to be deposited or transferred to the wallet address under other false pretenses or promises.

Why is this scam effective?

This scam is effective because users often do not fully understand that due to the transparency of the blockchain, all wallet addresses can be tracked and viewed on-chain. Viewing the balance in a wallet address may lead inexperienced users to mistakenly believe that this equates to accessing or owning the wallet, while in fact, it is just a viewing function.

In this scam, the scammers exploit the victims' lack of understanding of the observation wallet mode while also igniting the victims' greed or sympathy through the conversation process, creating an opportunity for exploitation.

So how can you protect yourself? It's simple. If you are using SafePal or any other decentralized or non-custodial crypto asset wallet, please pay close attention to the following security tips to avoid falling into these scams.

  • Do not trust messages from strangers: Normally, the official wallet team will never contact users through social media or direct messages (DMs). Any unsolicited offers for assistance or wealth opportunities, or requests for personal information should be treated with extreme caution.

  • Understand the observation mode or view on-chain wallet addresses: Whether it’s SafePal or other non-custodial wallets, the observation wallet mode is a feature that allows users to view wallet balances; it allows users to track wallet balances and transaction histories but does not permit any transfers or withdrawals (actual access to the designated wallet address requires a private key or seed phrase). Users cannot transfer funds from the wallet in observation mode, so if someone asks you to 'unlock' or 'access' funds in observation mode, don't doubt it, that's a scam.

  • Avoid sending funds to unknown addresses: If someone asks you to send funds to an unknown address to 'unfreeze' your crypto assets, this is a dangerous warning sign. Scammers typically ask users to pay Gas Fees or other charges, but SafePal and most legitimate wallet platforms never require users to transfer funds to a specific address to unlock funds.

  • Only download applications from official websites: Ensure you only download wallet applications from official app stores (like Google Play Store or Apple App Store), and avoid downloading from unverified websites or links, as these applications may be malicious or fraudulent apps.

  • Report suspicious activity: If you encounter suspicious messages or potential scams, please report them immediately to the wallet's official channels. This helps protect the community and prevents others from becoming victims.

Conclusion

'Not Your Key, Not Your COIN'.

This is actually one of the cruelest statements in Web3, as 'decentralization' and 'security accountability' are two sides of the same coin. When asset ownership is truly returned to individuals, each user is forced to take responsibility for their own assets, completely entering the 'dark forest'.

As the methods of on-chain scams diversify, learning and understanding how blockchain non-custodial and decentralized wallets work, as well as familiarizing oneself with common scams, has become an essential survival skill for every Web3 user.

Always remain vigilant and safely navigate the on-chain 'dark forest'; this is a required lesson for all of us to adapt to the rules of the decentralized world.