In a recent discovery, cybersecurity specialists at SlowMist Technologies identified a complex cryptocurrency scam that uses the RPC (Remote Procedure Call) of Ethereum nodes, which are falsely set up as controllers for the scam. This con job has been carefully tailored to be predatory towards the target’s need to trust the protection or relaxation, and as such, numerous victims have fallen prey to the rapacious robbery of assets.
The scheme starts with luring the target to create the actual imToken wallet by claiming a nominal transfer of 1 USDT and 1 Ethereum. The scheme’s execution involves manipulating the victim’s trust. This first process paves the way for the deceit that will come in the end.
When the trust can be instilled, the fraudster then guides the victim, so that they will modify their RPC URL ETH to a node set up by the fraudster. A seemingly harmless tweak holds the power to do the scammer a great favor. It gives him or her ultimate control over the pertinent information kept in the victim’s digital wallet.
Using Tenderly’s fork feature in the next phase of the scam, the scammer creates a fake USDT balance by creating a false environment that the scammer pretends is the user’s account. By that way, it is possible to make a user who sent funds to the person, which is not a reality but an illusion of the transfer’s truth.
Yet, the victim discovers this is a sting after depositing the funds anyway, only to find there was a scam. Now, the scammer gives no response and gradually disappears into thin air, leaving a path of deceitfulness and bank balance in the background.
While the shop feature is used for anonymous transactions and address spreading, the fork feature can be abused in a variety of ways—shifting contract data shortens uncertain participants.
The report of SlowMist Technology gives the green light: scams of this kind create trouble through trust and inattention, eventually leading to the loss of a great deal of assets. The SlowMist security team is ensuring to protect users against all odds through this precautionary measure. They recommend users be more cautious when transacting, and they will also compound their efforts to not transact on suspicious RPC nodes.