Reveal hackers the secret! Scan code to transfer money to control your digital wallet

  1. Attackers pretend to be customers lurking in the community
  2. When a user transfers money or withdraws proceeds for help, the attacker promptly contacts the user to assist in processing
  3. They can very patient to answer your questions, and after send a work order system disguised as a decentralized bridge, allowing users to enter mnemonic words to solve their transaction abnormalities.
  4. The attacker steals assets after obtaining the private key and hacks users.
  1. The attacker sends the malicious QR code prepared in advance to the user;
  2. The attacker induces the user to use the wallet to scan the QR code to transfer.
  3. After the user enters the specified amount, the transfer transaction is confirmed (the actual operation is the process that the user approve authorizes to the attacker USDT)
  4. Then a large amount of USDT in the user’s wallet is lost (the attacker calls TransferFrom to transfer the user’s USDT)
  1. The attacker forged a trading platform or DeFi project
  2. The attacker induces the user to use the wallet to scan the QR code to receive the airdrop
  3. After the user scans the code, click to receive the airdrop (actually, it is also the process by which the user approve authorizes the attacker’s USDT)
  4. Then a large amount of USDT in the victim account was transferred (the attacker called TransferFrom to transfer the user USDT)
  1. The attacker faked the customer service of Binance, Huobi and other exchanges
  2. The attacker informs the user that the account is abnormal and triggers risk control, and the use of funds needs to remove the abnormal state;
  3. The attacker’s customer service induces users to transfer funds to a secure account (actually a hacker account) and upgrades the victim’s account
  4. After the user transferred the funds to the secure account, the attacker immediately blocked the user.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
lunaray

lunaray

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.