<img src="https://crypto.news/app/uploads/2023/05/crypto-news-Hacker-front-view-portrait-blockchain-and-artificial-intelligence-background-white-neon-color-cyber.jpg” />
A new scam targets users through physical transactions involving USDT, exploiting a modified remote procedure call (RPC) feature on ethereum nodes.
according to a reportAccording to security firm Slowmist on April 26, the scam is designed to trick unsuspecting users. It involves convincing them to download the legitimate imToken wallet and sending them 1 USDT and small amounts of eth as bait.
The victim is then instructed to change their eth RPC URL to a node that has been maliciously modified and is under the control of the scammer.
An RPC allows applications to run code on a computer to communicate with a blockchain and, as such, is essential for the development of decentralized applications (dApps). In this case, ethereum RPC interacts with nodes, queries balances, sends transactions, or interacts with smart contracts.
After the user modifies the RPC URL, a falsified wallet balance is displayed on the victim's side, making them believe that they have received a substantial amount of funds. When the user tries to transfer the miner's fees to withdraw USDT, he discovers the deception. By then, the scammer had removed all traces of him and disappeared with the transferred fees.
“Users often focus solely on whether funds have been credited to their wallets, overlooking potential risks. Scammers take advantage of this trust and negligence, using credible tactics such as transferring small amounts of money to trick users,” Slowmist researchers wrote.
Slowmist added that an investigation of one of the victim's wallets revealed that he received 1 USDT and 0.002 eth from the scammers' address. Tracing that address showed that the scammer had sent 1 USDT to three other wallets.
The scammer's address was associated with multiple trading platforms and was also flagged as “Pig Butcher Scammers” by chain tracking tool MistTrack.
As such, Slowmist urged users to “remain vigilant during transactions,” adding that users should be “skeptical of others” to avoid being defrauded.
Scams in the cryptocurrency sector continue to plague market participants despite growing awareness. In April, there were several cases where scammers got the best of unsuspecting cryptocurrency users.
On April 17, Hollywood star Tom Holland's x account was hacked to promote crypto scams. Earlier this month, YouTube witnessed a flood of fake Space x giveaways disguised as livestreams focused on the April 8 solar eclipse.
