Please separate wallets for different purposes! !
If the user holds an inscribed wallet and signs something in an untrusted place, then the scriptpubkey is a simple lock requirement of all 5120 + pubkey, pointing to the beneficiary address
https://mempool.space/address/bc1p3855zyj8tchy40xvm50pcutghq9mp657j7yd7ehxms03q6jev6pq99mdx4
Another related address found is
https://mempool.space/address/bc1pjmc03c0wjvdnlkduf5rwg28tmxhav4c8a95hfqefh7f6x7twlads6kuzyr
Although it is not a zero-dollar purchase, the user’s assets can be taken away at a very low price. Then, in order to intercept the wallet, 600 is added with the inscription and output to the transfer address. The taproot here is understandable, but why do some people have to install it for the SegWit wallet?
Then the hacker removed the 600 and separated the inscription. I don’t understand how he did it yet. I need to track more transaction data. I will continue later.
So which group is the most suspicious? Judging from the common behavior paths of existing users, there are already highly suspected groups.
You think you are getting a bargain, but as long as your wallet address is not separated by purpose, you will not only have to pay mining fees, but also have your assets phished away...
Soon™
@sfhoo
So while trying to make sense on what happened to @PackBagPoints . We found the drainers address.....
As you can see, the drainer is using the same technic for all transactions. First combining the pad stamp with the target inscription, and send a small amount back to the…
