Scams, do you want some, here they are – The cryptocurrencies are a vibrant ecosystem that is constantly reinventing itself. However, faced with the wealth that can be concentrated, it also attracts hackers and scammers from all walks of life. Every week, or almost, we face new techniques. This week we come back with a new scam plaguing Twitter.
A hot new scam on Twitter
For several weeks, many Twitter users have been the target of a new type of scam: student wallet scam.
In practice, this new scam is rooted in a scam already well known to the general public, that of the rich Nigerian prince.
Thus, various Twitter users have received some surprising messages in their DMs.
In his message, the scammer presents himself as a student with several thousands of USDT on a wallet. Unfortunately, no one is unable to withdraw funds and need help. This offers the Twitter user to withdraw the funds for him, in exchange for which the user will obtain a reward.
To make the withdrawal, the scammer reveals the seed phrase allowing access to his wallet to the Twitter user. Therefore, the user is able to restore the wallet and have control over it.
Obviously, these messages seem extremely shady. However, it is difficult to know how the scammer can profit from his scam, knowing that he deliberately gives control over his wallet.
The underside of the Twitter scam
Although these messages are suspicious, the fact that the scammer reveals his seed phrase still leads to questioning. In effect, the Twitter user may be tempted to try to withdraw said funds.
However, for the scam to work, the wallet disclosed by the attacker does not contain any ETH. Therefore, it is impossible to carry out any transaction, because the wallet does not have any assets to pay transaction fees.
This is where the scam comes into its own. The scammer is only waiting for one thing: for the victim to deposit ETH to pay the transaction fees to make the withdrawal.
Thus, the scammer has a bot that constantly monitors the address disclosed to its victims. When a victim comes to deposit funds, with the aim of withdrawing the thousands of USDT, the bot will automatically withdraw the deposited ETH to another address.
The transaction will take place in an instant, leaving no time for the victim to react. Neither one nor two the funds deposited by the victim are stolen by the attacker.
Finding the scammer
Faced with the resurgence of this scam, we conducted a small investigation. First, we tried to recover the wallet on the Ethereum network. However, the addresses we were able to access were entirely blank. White cabbage on Ethereum.
However, things get interesting when we look at other channels. Thus, the same seed phrase allows access to the same wallet, but on the BNB Smart Chain and this time, bingo, there is activity.
One of the two addresses we managed to recover recorded more than 70 different transactions in the last 10 days.
The pattern of transactions is always the same: the address records an incoming transaction and within minutes an outgoing transaction to another address.
One point remains surprising. This is because the address does not hold any funds. The said 5,000 USDT is not present and never was. Thus, the victims of this scam do not even seem to take the time to verify that the funds are present.
However, the analysis of outgoing transactions was tedious. Indeed, the bot never sends the funds to the same address, so as to cover the tracks.
Nevertheless, after some research, we still end up discovering a interesting address. This one piqued our curiosity in particular, because it had a much higher balance than the other addresses, which probably act more like a relay address.
Since its creation, this address has seen a volume of nearly $30,000in BNB, USDT and USDC.
Another point made it possible to validate our thesis according to which this address was suspect. Indeed, the block explorer, BSCScan allows its users to write comments concerning specific addresses.
It turns out that the address in question does have a comment:
” The wallet associated with this address belongs to a known scammer. He poses as a manager of Bot Shiller. It looks like the exit wallet for his scams. »
Thus, this wallet would indeed belong to a scammer. This potentially leads several types of scams in the cryptocurrency ecosystem and repatriates part of its earnings to this address.
This scam serves as a reminder that it is important to remain vigilant in this ecosystem. When an offer, whatever it is, seems too attractive, there is a good chance that it is a scam.
Other scams proliferate across the ecosystem. Thus, another widespread scam aims to attack Discord servers of known projects, in order to carry out a phishing attack.This type of attack was recently recorded on the Bored Ape Project Discord.