Scammers leverage malicious ETH RPC nodes to target imToken wallet

04/26/2024 17:03
Scammers leverage malicious ETH RPC nodes to target imToken wallet

A new scam is targeting users via physical transactions involving USDT, exploiting a modified remote procedure call (RPC) function on Ethereum nodes

Scammers leverage malicious ETH RPC nodes to target imToken wallet

A new scam is targeting users via physical transactions involving USDT, exploiting a modified remote procedure call (RPC) function on Ethereum nodes.

As per a report by security firm Slowmist on April 26, the scam is designed to deceive unsuspecting users. It involves convincing them to download the legitimate imToken wallet and sending them 1 USDT and small amounts of ETH as bait.

The victim is then instructed to change their ETH RPC URL to a node that has been maliciously modified and is under the control of the scammer.

A RPC allows applications to run code on a computer to communicate with a blockchain and is, as such, essential for the development of decentralized applications (dApps). In this instance, Ethereum RPC interacts with nodes, querying balances, sending transactions, or interacting with smart contracts.

After the user modifies the RPC URL, a falsified wallet balance is displayed on the victim’s end, leading them to believe that they have received a substantial amount of funds. When the user attempts to transfer the miner’s fees to cash out the USDT, they spot the deceit. By then, the scammer had removed all his traces and disappeared with the transferred fees.

“Users often focus only on whether funds have been credited to their wallets, overlooking potential risks. Scammers take advantage of this trust and negligence, using believable tactics such as transferring small amounts of money to deceive users,” researchers at Slowmist wrote.

Slowmist added that an investigation into one of the victim’s wallets revealed that it received 1 USDT and 0.002 ETH from the scammers’ address. Tracking that address showed that the scammer had sent 1 USDT to three other wallets.

The scammer’s address was associated with multiple trading platforms and was also flagged as “Pig Butchering Scammers” by the on-chain tracking tool MistTrack.

As such, Slowmist urged users to “remain vigilant during transactions,” adding that users should be “skeptical of others” to avoid being defrauded. 

Scams in the cryptocurrency sector continue to plague market participants despite growing awareness. In April, there were multiple instances where scammers got the best of unsuspecting crypto users.

On April 17, Hollywood star Tom Holland’s X account was hacked to promote crypto scams. Earlier in the month, YouTube witnessed a flood of fake Space X giveaways under the guise of live streams focused on the April 8 solar eclipse. 

Read more --->