If it sounds too good to be true…
by
Like anyone with open Twitter DMs, my message requests box is a dumpster fire. Unsolicited messages pile up like pizza leaflets.
They’re an eclectic mix of PR outreach, spam, crypto promotions, and occasionally, religious proselytization.
But this morning, I received a message that genuinely piqued my interest. A stranger named Eddie sent what appeared to be his crypto private key and a request to transfer the contents to his wallet.
The wallet purportedly contained 9860 Tether (USDT) tokens. Tether is a stablecoin. Each crypto token is equivalent to a dollar. For my effort, Eddie would allow me to keep 300 USDT tokens, or $300.
This is obviously a scam, but I’m not sure how it works or what the endgame is.
Any insight, crypto friends? pic.twitter.com/XD0VePVNyz
I wasn’t born yesterday. This was obviously a scam. But it was a scam I hadn’t seen before. Twitter is rife with crypto grifters, but most are fairly mundane.
The most common tactic sees hacked verified accounts pretend to be well-known crypto-maximalists like Elon Musk. These accounts promise to double people’s money, provided they send a certain amount of crypto to another address.
And there are pump-and-dump schemes. Bad actors will build a following of fellow crypto enthusiasts and aggressively promote a particular token, ICO, or dApp product.
As interest spikes, so too do prices. When the token reaches a particular level, the promoters will cash out, leaving their gullible victims to shoulder a massive loss.
Those two scams are as endemic as they are boring. But the message I received earlier this morning? I hadn’t seen that before. It piqued my interest.
Okay, so here’s the thing: Private keys should be kept… well… private.
They’re analogous to the PIN code on your debit card. If someone else knows it, there’s little to prevent them from draining your account.
Many crypto scams try and steal their victims’ private keys. This scam seemingly did the exact opposite. That’s what made it so intriguing.
Fortunately, I’m not the first person to be targeted. While this scam isn’t as common as the notorious Elon Musk Twitter grift, it’s happened to enough people to be reasonably well-documented.
Before I dissect this scam, I need to explain some Crypto 101 to you.
Cryptocurrencies are decentralized. Transactions are processed, verified, and recorded by other computers within the network. This requires dedicated computational power, electricity, and storage space.
To incentivize people to run these nodes, many cryptocurrencies charge transaction fees (or ‘gas fees’ in the Ethereum world). These fees reward node operators.
With me so far? Good. Let’s go back to the scam.
If a victim recreates the wallet, they’ll see that every token promised in the original message is there. But they’ll also see that the wallet lacks the funds necessary to make the payment.
So, the victim transfers the gas fees. These are usually a fraction of the promised cut. They’ll still make a profit.
But here’s the trick: the wallet is connected to a smart contract. These sound complicated. They aren’t.
Put simply, smart contracts are computer programs that perform specific actions when a condition is met. In this case, the smart contract will automatically transfer out any gas fees that hit the wallet.
This happens in a matter of seconds. Smart victims will realize they’ve been duped. Silly victims will re-send the gas money again and again, thinking that something went wrong and they need to try again until it eventually works.
Each time, the scammer siphons off the gas fees from the crypto transaction.
I sound like your dad here. And no, I don’t care. If something sounds too good to be true, it almost certainly is.
Nobody will offer a random stranger free money for something as perfunctory as recovering their wallet. People don’t entrust strangers with the contents of their crypto wallets. Especially when they contain the web3 equivalent of thousands of dollars.
Scams are particularly horrible because they exploit the weaknesses that make society necessary. The (usually positive) attributes like trust, friendliness, and a willingness to make others.
And they’re almost always more effective during times of genuine economic strife. Desperate people are often more willing to take risks.
It’s why sales of lottery tickets spike during recessions. It’s also why multi-level marketing companies (which are, at best, thinly-veiled pyramid schemes) found it easier to recruit during the turmoil of the COVID-19 pandemic.
We have two weapons against scammers: skepticism and awareness. One is developed, the other is learned. As such, I’d encourage you to share this post with anyone you think might fall victim to this type of private key scam.
Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.
Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Past work can be found on The Register, Forbes, The Next Web, and Business Insider.
Subscribe to the KnowTechie Newsletter
Are you wondering whether the future of Bitcoin is smooth or rocky? If so,…
As the world continues to move in an increasingly decentralized direction, it stands to…
Wondering the amount of energy Bitcoin mining consumes? If so, here is a report…
Why are banks investing in Bitcoin and its underlying technology? Here are the reasons…
Wondering if bitcoin is likely to replace other payment methods? If so, Here is…
Wondering how long it takes miners to confirm Bitcoin transactions? If so, here is…
Myria L2 allows you to create a wallet with one click, mint, trade, and…
These three crypto projects are designed to give you the financial security you need…
Copyright © 2022 KnowTechie LLC / Powered by Kinsta