Cryptocurrencies are a vibrant ecosystem that is constantly reinventing itself. However, in the face of the wealth that can be concentrated, it also attracts hackers and scammers from all walks of life. Every week, or so, we come across new techniques. This week, we’re back with a new scam that’s been going around on Twitter.
A new scam that’s on the rise on Twitter
For several weeks, many Twitter users have been the target of a new type of scam: the student wallet scam.
In practice, this new scam is rooted in a scam already well known to the general public, that of the rich Nigerian prince.
Thus, various Twitter users have received some surprising messages in their DMs, to say the least.
In his message, the scammer presents himself as a student with several thousand USDT in a wallet. Unfortunately, the person is unable to withdraw the funds and asks for help. The scammer offers the Twitter user to withdraw the funds for him/her, in exchange for which the user will get a reward.
To make the withdrawal, the scammer reveals the seed phrase to access his wallet to the Twitter user. As a result, the user is able to restore the wallet and gain control over it.
Obviously, these messages seem extremely suspicious. However, it’s hard to know how the scammer can profit from his scam, knowing that he deliberately gives away control over his wallet.
Behind the Twitter scam
Although these messages are suspicious, the fact that the scammer reveals his seed phrase still begs the question. Indeed, the Twitter user may be tempted to try to withdraw the said funds.
However, for the scam to work, the wallet revealed by the attacker does not contain any ETH. Therefore, it is impossible to perform any transaction, as the wallet has no assets to pay for the transaction fees.
This is where the scam makes sense. The scammer is only waiting for one thing: for the victim to deposit ETH to pay the transaction fees to make the withdrawal.
Thus, the scammer has a bot that constantly monitors the address revealed to its victims. When a victim comes to deposit funds, with the aim of withdrawing the thousands of USDT, the bot will automatically withdraw the deposited ETH to another address.
The transaction will take place in an instant, leaving no time for the victim to react. No sooner or later, the funds deposited by the victim are stolen by the attacker.
In search of the scammer
Faced with the resurgence of this scam, we conducted a small investigation. At first, we tried to retrieve the wallet from the Ethereum network. However, the addresses we were able to access were completely blank. Blank on Ethereum.
However, things get interesting when we look at other chains. For example, the same seed phrase allows access to the same wallet, but on the NBB Smart Chain and this time, bingo, there is activity.
One of the two addresses we managed to retrieve has recorded more than 70 different transactions in the last 10 days.
The pattern of transactions is always the same: the address records an incoming transaction and within minutes an outgoing transaction to another address.
One point remains surprising. The address does not hold any funds. The said 5,000 USDT are not present and never were. Thus, the victims of this scam do not even seem to take the time to check if the funds are present.
However, the analysis of the outgoing transactions was tedious. Indeed, the bot never sends the funds to the same address, so as to cover its tracks.
Nevertheless, after some research, we seemed to have found an interesting address. This one piqued our curiosity because it had a much higher balance than the other addresses, which probably act more as a relay address.
Since its creation, this address has seen a volume of nearly $30,000, in BNB, USDT and USDC.
Another point validated our thesis that this address was suspicious. Indeed, the block explorer BSCScan allows its users to write comments about specific addresses.
It turns out that the address in question does indeed have a comment:
“The wallet associated with this address belongs to a known crook. He is posing as a Bot Shiller manager. This looks like the exit wallet for his scams.”
So, this wallet would indeed belong to a scammer. This one potentially runs several types of scams in the cryptocurrency ecosystem and repatriates some of his earnings to this address.
This scam serves as a reminder that it is important to remain vigilant in this ecosystem. When an offer of any kind seems too enticing, there is a good chance that it is a scam.
Other scams proliferate throughout the ecosystem. For example, another common scam aims to attack Discord servers of known projects in order to conduct a phishing attack. This type of attack has recently been recorded on the Discord of the Bored Ape project.