Exposing cryptocurrency scams: Wallet authorization traps

Exposing cryptocurrency scams: Wallet authorization traps

I only transferred him 1 USDT, and the 500,000 in the wallet was stolen. A real case.

Today, I share a real case of a partner who was scammed. In fact, I have shared this type of scam before, but today I will use a real case from a partner to illustrate how the scammer guided this partner step by step into being scammed.

I will share in detail what the scammer's main purpose is throughout the process, and why he needs you to operate this way.

In fact, the logic behind it, I have shared in a previous article. However, the methods of this scam are varied, but the final goal is the same. I hope that after sharing this partner's experience, everyone will learn from it and avoid being scammed in the future.

The origin of the matter is the scammer offering a high price for USDT, 1 USDT can exchange for 9.4 RMB. The scammer asks this partner to use a certain web3 non-custodial wallet; it doesn’t really matter which wallet you use. Whether it's a certain wallet or IM, TPtoken wallet, or any other web3 wallet, the operation is the same. The essence of this issue is not the wallet, but the operations you perform afterward.

This is the scammer's script. He says that the USDT on the exchange is easier to track, and he instructs this partner to withdraw the USDT to a web3 wallet. Following the scammer's advice, this partner created a non-custodial wallet using a certain mobile app. Then the scammer asked this partner to transfer the USDT to the newly created non-custodial wallet. In fact, the scammer's goal is to manipulate your web3 wallet, so he guides you to transfer funds to the web3 wallet.

This certain web3 wallet can be any other web3 wallet. At this point, the scammer still cannot control your assets. This is the scammer guiding this partner to withdraw USDT from a certain wallet to a certain non-custodial wallet. The network used for the wallet is TRON, which has no relation to the network you are using. Whether you use Binance Smart Chain, Polygon network, or Ethereum network, they can all be used to trick your USDT away.

Since the wallet used was just created, the scammer knows that your wallet doesn’t have TRX for gas. He will transfer 100 TRX to your wallet as gas fees. In fact, later the scammer seems to have transferred 130 TRX to this partner as gas fees. Here, the scammer has already transferred some TRX to this partner, and then he asks this partner to transfer him 1 USDT to test the wallet.

At this point, I will repeat three times, it is very, very, very important. The main goal of this scam is to make you perform this transfer operation; this is one of the scammer's scripts. Asking you to transfer 1 USDT to him mainly serves to confirm that your account can transfer normally. If your account can transfer normally, then he will offer a high price to buy your USDT, etc. This type of script may vary widely, and some scripts for buying and selling black-market or fake USDT are basic operations. His ultimate goal is singular: to transfer funds from your wallet to the other party's wallet. A common script is to ask you to transfer 1 USDT to verify whether it is real USDT.

If this partner cancels the transaction at this moment, he can avoid being scammed and even earn some TRX. But evidently, this partner does not understand how to use the web3 wallet, and he still transferred 1 USDT to the scammer. Note that the scammer provided the TRX receiving address as a QR code.

In fact, this QR code is not a wallet address, but a webpage carefully set up by the scammer. After this partner scans the code with the web3 non-custodial wallet, it redirects to a webpage. This webpage has background code designed to trick you into granting authorization. You think it's just a simple transfer operation, but in reality, it's an operation to trick you into authorizing your wallet.

When you think you have only transferred 1 USDT to the other party, but when you click confirm, the operation he is calling in the background is not a transfer operation; it is an authorization operation. The content of the authorization is to transfer the control of your wallet to the scammer's wallet address, so the scammer can steal all the assets from your wallet.

The logic behind this is to set up a multi-signature wallet. This multi-signature can also be described as transferring control of your current wallet address to the scammer's address. If you don't understand multi-signature, just Baidu it; I won't elaborate here. Essentially, he has changed the control of your wallet based on the background code. You think you are clicking to confirm the transfer, but in reality, he is calling to transfer control of your wallet.

Previously, I shared about scams related to public mnemonic phrases or requests; they only scam some gas fees. In this case, he directly scams all the assets from your wallet. Regardless, he always needs to obtain your authorization for the operation to transfer your wallet's funds, so partners must be very cautious when transferring.

Generally, when you transfer or authorize, your wallet will give you prompts. However, some novices don’t look at any prompts and directly click confirm. If you don’t know how to use a web3 wallet, then don’t use it; honestly use the wallet address from the exchange. Additionally, if you're interacting with a smart contract, you must pay attention to the wallet prompts and not blindly click authorize. This is a real case shared by a group friend who got scammed, and I hope all partners take it as a warning and not fall for scams again.

Alright, that’s all for this episode. If you found this helpful, please support me with a like, share, and follow. I will continue to update on scam revelations, and see you next time.