Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
SlowMist Exposes Scam Using Malicious RPC Node Modifications

SlowMist Exposes Scam Using Malicious RPC Node Modifications

CryptopotatoCryptopotato2024/04/27 20:52
By:Chayanika DekaMore posts by this author

A cryptocurrency scam is targeting users in physical offline transactions and utilizing USDT for payment.

SlowMist, in collaboration with imToken, has uncovered a new breed of cryptocurrency scam that targets users in physical offline transactions, utilizing USDT as the mode of payment.

This fraudulent scheme operates by tampering with Ethereum node Remote Procedure Calls (RPC) to defraud unsuspecting victims.

Scammer’s Strategy

Initially, the scammer persuades the target to download the legitimate imToken wallet and fosters trust by transferring 1 USDT and a small amount of ETH as bait.

Subsequently, the scammer instructs the user to redirect their ETH RPC URL to a node controlled by the former, particularly using the modified node. Through this manipulation, the bad actor then falsifies the user’s USDT balance to make it seem as though funds have been deposited.

However, when the user attempts to transfer out the USDT, they discover they’ve already been deceived. But, by then, the scammer has disappeared without a trace, according to SlowMist’s findings .

The blockchain security firm also revealed that Tenderly’s Fork feature is not only capable of modifying balances but also contract information thereby posing an even graver threat to users.

As such, understanding RPC is crucial in comprehending the mechanism of such scams, SlowMist observed. RPC serves as a medium to interact with blockchain networks, enabling users to perform various actions such as checking balances and creating transactions. Typically, wallets connect to secure nodes by default, but connecting to untrusted nodes can lead to malicious modifications, resulting in financial losses.

Suspect Address Flagged for Pig Butchering Scam

Further analysis by MistTrack revealed the depth of the scam’s operations. Investigation into a known victim’s wallet address (0x9a7…Ce4) shows that they received 1 USDT and 0.002 ETH from another address (0x4df…54b).

This address, in turn, has transferred 1 USDT to multiple addresses, indicating repeated fraudulent activities. These addresses are flagged as “ Pig Butchering Scammers” by MistTrack, and are associated with various trading platforms, and implicated in multiple scam incidents.

You Might Also Like:

  • CertiK: Exit Scams and Exploits Led to $160M Losses in Crypto Sector in February
  • 50% of Solana's Recent Token Launches Revealed as Malicious Scams: Report
  • OneCoin's Head of Legal and Compliance Sentenced to 4 Years in Prison
0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!