According to CryptoPotato, SlowMist, in partnership with imToken, has discovered a novel cryptocurrency scam that exploits users in physical offline transactions, with USDT being the preferred payment method. The fraudulent scheme manipulates Ethereum node Remote Procedure Calls (RPC) to swindle unsuspecting victims.
Initially, the scammer convinces the target to download the legitimate imToken wallet and builds trust by transferring 1 USDT and a small amount of ETH as bait. The scammer then instructs the user to redirect their ETH RPC URL to a node under their control, specifically using the modified node. Through this manipulation, the scammer falsifies the user's USDT balance to appear as if funds have been deposited. However, when the user tries to transfer the USDT, they realize they've been duped. By this point, the scammer has vanished, as per SlowMist's findings.
The blockchain security firm also disclosed that Tenderly's Fork feature can not only alter balances but also contract information, posing a more significant threat to users. Therefore, understanding RPC is essential in grasping the workings of such scams, SlowMist noted. RPC acts as a conduit to interact with blockchain networks, allowing users to perform various actions like checking balances and creating transactions. Wallets typically connect to secure nodes by default, but linking to untrusted nodes can result in malicious modifications, leading to financial losses.
Further analysis by MistTrack revealed the extent of the scam's operations. An investigation into a known victim's wallet address shows that they received 1 USDT and 0.002 ETH from another address. This address has transferred 1 USDT to multiple addresses, indicating repeated fraudulent activities. These addresses are flagged as 'Pig Butchering Scammers' by MistTrack, and are linked to various trading platforms, and implicated in multiple scam incidents.