Reveal hackers the secret! Scan code to transfer money to control your digital wallet

  1. Attackers pretend to be customers lurking in the community
  2. When a user transfers money or withdraws proceeds for help, the attacker promptly contacts the user to assist in processing
  3. They can very patient to answer your questions, and after send a work order system disguised as a decentralized bridge, allowing users to enter mnemonic words to solve their transaction abnormalities.
  4. The attacker steals assets after obtaining the private key and hacks users.
  1. The attacker sends the malicious QR code prepared in advance to the user;
  2. The attacker induces the user to use the wallet to scan the QR code to transfer.
  3. After the user enters the specified amount, the transfer transaction is confirmed (the actual operation is the process that the user approve authorizes to the attacker USDT)
  4. Then a large amount of USDT in the user’s wallet is lost (the attacker calls TransferFrom to transfer the user’s USDT)
  1. The attacker forged a trading platform or DeFi project
  2. The attacker induces the user to use the wallet to scan the QR code to receive the airdrop
  3. After the user scans the code, click to receive the airdrop (actually, it is also the process by which the user approve authorizes the attacker’s USDT)
  4. Then a large amount of USDT in the victim account was transferred (the attacker called TransferFrom to transfer the user USDT)
  1. The attacker faked the customer service of Binance, Huobi and other exchanges
  2. The attacker informs the user that the account is abnormal and triggers risk control, and the use of funds needs to remove the abnormal state;
  3. The attacker’s customer service induces users to transfer funds to a secure account (actually a hacker account) and upgrades the victim’s account
  4. After the user transferred the funds to the secure account, the attacker immediately blocked the user.

--

--

--

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The World’s First Non-Cuttable Material

Threat Modelling Journey — Developing a Centralised Enterprise Capability

Lunaray Token Security Scan Report

Why You Got Hacked By NSA Malware…Scams

Why You Got Hacked by NSA Malware - Get Your Self Scam Free

Get your vaccine for the Log4Shell software pandemic

Technical Foundations For Clinical IoT & Mobile

🎉 Liquidity Mining on MyTrade Moonbeam is now live!

Quarashi Ico Review: The Next Generation All In One Platform.

Quarashi Ico Review: The Next Generation All In One Platform.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
lunaray

lunaray

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

More from Medium

Lunaray Security Scan Report

Source code OpenVPN code for free 2022

“Jump-start Your SOC Analyst Career” A Roadmap to Cybersecurity Success by Tyler Wall and Jarrett…

Free VPS from hax.co.id