Original author: SlowMist Security Team

background

In the last issue of Web3 Security Getting Started and Avoiding Pitfalls Guide, we analyzed some typical airdrop scams and explained the various risks that users may face when receiving airdrops. Recently, the SlowMist AML team noticed a significant increase in the number of users compromised by fake mining pool scams when analyzing the MistTrack stolen forms submitted by victims. Therefore, in this issue, we will provide an in-depth analysis of several common fake mining pool scams and put forward corresponding safety suggestions to help users avoid pitfalls.

You want his rest, he wants your life

Fake mining pool scams mainly target new Web3 users. Scammers take advantage of new users' lack of understanding of the cryptocurrency market and their desire for high returns, and trick them into investing money through a series of carefully designed steps. These scams usually rely on the mechanism that "funds need to be kept in the pool for a period of time to generate returns", making it difficult for users to detect that they have been deceived in a short period of time. Under the guidance of the scammers, users often continue to invest more funds in pursuit of higher interest rates. When users are unable to continue to provide funds, the scammers will threaten that this will result in the inability to redeem the principal, and ultimately users will continue to suffer losses under heavy pressure.

According to the descriptions of many victims, scammers set up fraud groups on Telegram pretending to be well-known exchanges. The members of such fraud groups can easily reach thousands or tens of thousands, which can easily make people relax their vigilance. Many users use the number of group members as one of the factors to distinguish the authenticity of accounts when searching for official accounts on Telegram. It is true that the number of people in the official group will be larger, but this logic may not be correct when it is reversed. It is hard to imagine that scammers set up a group with tens of thousands of people just to deceive a few "sheep", and even the "chat" in it is bait. It is worth noting that a group with more than 50,000 people has less than 100 people online. Referring to the number of online people in other groups with tens of thousands of people, users may realize that something is wrong.

For novice users, the scammers also provided detailed operation tutorials to teach users how to check the staking status of the mining pool, how to download the wallet, and how to transfer funds to the scammers' contract address. Using the illusion of the liquidity mining economic incentive mechanism, the scammers successfully attracted users to invest funds. After the user transferred funds to the contract address and received rebates, he wanted to invest more funds to obtain more benefits. This move fell into the trap of the scammers, and in the end, all the funds invested by the users were taken away by the scammers.

What’s even more disgusting is that some scammers even return counterfeit coins when giving rebates to users. New users who don’t know the truth think they have really received the rebates, until they try to trade the rebated coins and find out that they are counterfeit coins and have no value.

The scam in the picture below is to steal user funds by inducing users to perform malicious authorization. The scammers pretended to be officials and claimed that there was a "super node mining activity" and invited users to participate in mining. After the user clicked on the phishing link according to the operating instructions, he was induced to perform malicious authorization, which eventually led to the theft of funds.

Another scam is that the scammers first guide users to the fraudulent platform and manipulate the platform data to create the illusion that users are "profitable". However, these profits only exist on the platform display and do not represent the actual increase in assets. At this stage, users have been deceived by the scammers' "superb" investment ability. Next, the scammers further invite users to participate in mining pool activities and stipulate that users need to recharge 5% or 8% of the total assets in USDT to the recharge account every day to activate the mining pool. In order to obtain dividends, and under the pressure of "if you don't continue to recharge, you can't redeem the principal", users continue to recharge the account provided by the scammers. Seeing this, everyone understands that this gameplay means that users have to recharge more USDT every day than the day before.

Looking at the above fake mining pool scams, I believe readers should have noticed that this type of scam does not actually use very advanced technology, but these novel gameplays and seemingly regular operating procedures are extremely confusing for new Web3 users, and inexperienced new users can easily fall into the trap.

Summarize

In this issue, we analyze several common fake mining pool scams, hoping to help users be more vigilant and avoid being scammed when encountering similar situations. We also provide some safety suggestions to help users enhance their prevention capabilities:

  • Be wary of unrealistic profit promises: If an investment opportunity promises returns that are too good to be true, it is often a scam.

  • Do not authorize casually: Avoid clicking on unknown links and performing authorization operations.

  • Be skeptical: Carefully verify the authenticity of the group, and do not judge its credibility based solely on the number of people in the group. Be skeptical of operations involving fund transfers, and confirm the authenticity of the activities from multiple sources.