Reports have emerged of a new scam tactic preying on individuals through physical transactions involving USDT, utilizing a modified remote procedure call (RPC) feature on Ethereum nodes.
As detailed in a recent analysis by cybersecurity firm Slowmist on April 26, the scam aims to ensnare unsuspecting victims by persuading them to download the legitimate imToken wallet app.
Victims are enticed with the promise of receiving 1 USDT and small amounts of ETH as initial bait.
The mode of operation involves instructing the victim to alter their ETH RPC URL to a node that has been tampered with by the scammer, putting it under their control.
RPC functionality is integral for decentralized application (dApp) development, enabling applications to execute code on a computer and communicate with the blockchain.
In this scam, Ethereum RPC facilitates interactions with nodes for querying balances, initiating transactions or engaging with smart contracts.
Once the victim adjusts the RPC URL, a falsified wallet balance appears, giving the impression of substantial funds received.
However, when the victim attempts to transfer the miner’s fees to cash out the USDT, the deception becomes evident.
By this time, the scammer had eradicated all traces and absconded with the transferred fees.
Slowmist researchers caution that users often overlook potential risks, focusing solely on credited funds in their wallets.
Exploiting this trust and negligence, scammers employ convincing tactics such as sending small amounts of money to deceive users.
Further investigation into one victim’s wallet revealed a receipt of 1 USDT and 0.002 ETH from the scammer’s address.
Tracking this address unveiled the scammer’s dispersal of 1 USDT to three other wallets.
The scammer’s address was associated with various trading platforms and flagged as “Pig Butchering Scammers” by MistTrack, an on-chain tracking tool.
Amidst growing cryptocurrency awareness, Slowmist emphasizes the importance of user vigilance during transactions, urging scepticism to mitigate fraud risks.
Despite increasing awareness, cryptocurrency scams persist. In April alone, several instances occurred, including the hacking of Hollywood star Tom Holland’s X account to promote crypto scams and the proliferation of fake Space X giveaways on YouTube during the April 8 solar eclipse.