The SlowMist security team has made a startling discovery: a new cryptocurrency scam exploiting altered Ethereum nodes’ remote procedure call (RPC) function.
This fraudulent scheme typically targets physical offline transactions, using Tether USDT as the primary payment method.
The scam begins by persuading the victim to download the authentic imToken wallet. To gain trust, the scammer transfers a small amount of 1 USDT and 3,136 ETH as bait.
The scammer then instructs the victim to alter their ETH RPC URL to a node controlled by the scammer, using the link: https://rpc.tenderly.co/fork/34ce4192-e929-4e48-a02b-d96180f9f748.
By employing Tenderly’s fork feature, the scammer falsifies the user’s USDT balance, creating the illusion of a deposit into the victim’s wallet. Consequently, users mistakenly believe the funds are genuine.
When attempting to cash out the USDT, users realize they have been deceived. By this stage, the scammer has vanished without a trace.
In addition to manipulating displayed balances, the fork feature poses a more severe threat by altering contract information.
SlowMist Technology’s report highlights how this scam exploits users’ trust and negligence, resulting in significant asset losses. Users are urged to remain vigilant when trading and to steer clear of untrusted RPC nodes.
RPC allows a program to execute code remotely on a server, mimicking local execution. In Ethereum blockchain, RPC interacts with nodes for querying balances, sending transactions, or interacting with smart contracts.
According to SlowMist, users can manipulate balance values using Tenderly’s custom JSON-RPC to control account balances within Tenderly Forks.
To set a specific balance, users can utilize the code snippet “ether4s.utils.hexvalue(aBignumberish)” to convert the big number value into a suitable format, without leading zeros. This snippet enables setting the balance value to 100 ETH for one or more addresses through the tenderly_setBalance custom RPC endpoint.
A similar scam has surfaced on Telegram, allowing attackers to drain a victim’s crypto wallet without requiring confirmation for a transaction. Though it doesn’t demand transaction approval, the method seems to necessitate tricking the user into signing a message.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up