[New Cryptocurrency Scam Takes Advantage of Ethereum Nodes, Leaving Users Vulnerable]
Recently, cybersecurity experts at SlowMist Technologies uncovered a sophisticated cryptocurrency scam. The scam exploits remote procedure call (RPC) interfaces disguised as legitimate Ethereum nodes, specifically targeting user trust and relaxed vigilance.
The scam begins by tricking the victim into creating an imToken wallet and transferring 1 USD stablecoin and 1 Ethereum. This step lays the foundation for the scammer's subsequent actions. The scammer then tricks the victim into changing their RPC URL to a scammer-controlled node, thereby gaining full control of the victim's digital wallet.
Scammers further used Tenderly's fork function to create a fake trading environment, fake the balance of USD stablecoins, and mislead victims into transferring funds. By the time the victim becomes aware of the fraud, the scammer has disappeared.
SlowMist Technology emphasizes that the success of this scam is based on the abuse of trust in the victim, ultimately leading to significant property damage. The company's security team reminds users to be extra cautious when conducting transactions and avoid using RPC nodes from unknown sources to ensure asset security.
