Address generation
How scammers use your transaction history against you and why the copy button can be dangerous.
rug pulls and honeypots
Fraudsters every year create more and more new ways of deception to obtain victim's funds. The most common cryptocurrency thefts are rug pulls and honeypots.
These methods of theft did not appear by accident. People can be gullible, so convincing explanations of scammers often allows to deceive an unprepared user. The best way to deceive a person is to think about what you would do if you were the victim. Would you believe the words? Would you check any of these factors?
That is why, in the vastness of WEB3, a new scam has appeared. It consists in generating addresses that have similar characters at the beginning and end of the address.
The use of this method of deceiving users is due to the fact that most users copy addresses with the clipboard from the most frequently used location. For example, transaction history.
The use of this method of deceiving users is due to the fact that most users copy addresses with the clipboard from the most frequently used location. For example, transaction history.
Often, the user checks the first and last digits and letters of the address to control the transaction. Not surprising, though, since the chance of a match between addresses with the same start and end approaches zero. But it's not zero...
Let's imagine, for example, that there is a grandson who often sends USDT to his grandmother. Grandma's address starts with TH8i and ends with 4liK. The grandson perfectly remembers both the first and last characters of the grandmother's address, since they are the ones that flash in the transaction history, therefore, to transfer tokens, he uses the transaction history.
Then the day comes when the grandson wants to transfer funds to his grandmother. He opens his transaction history and sees the address: TH8i…4liK, copies it by clicking the button and transfers the tokens. But the tokens do not go to the grandmother, but to the attacker, who calculated the transfer of tokens in advance and added his address to the victim's transaction history.
Then the day comes when the grandson wants to transfer funds to his grandmother. He opens his transaction history and sees the address: TH8i…4liK, copies it by clicking the button and transfers the tokens. But the tokens do not go to the grandmother, but to the attacker, who calculated the transfer of tokens in advance and added his address to the victim's transaction history.
So how did the scammer do it?
It's simple: the attacker deliberately looks for addresses with the same behavior pattern. So, if the address transfers crypto assets to the same address on a permanent basis, then it falls under its type of victim.
After the attacker selects such users who transfer funds to addresses on a regular basis, the attacker generates an address that has similar characters, and then sends a small part of the tokens to the sender address, hoping that the user will not check every character from the string in 33 characters (often, the number of characters can reach up to 64) and will transfer funds not to the final recipient, but to the hands of a fraudster.
After the attacker selects such users who transfer funds to addresses on a regular basis, the attacker generates an address that has similar characters, and then sends a small part of the tokens to the sender address, hoping that the user will not check every character from the string in 33 characters (often, the number of characters can reach up to 64) and will transfer funds not to the final recipient, but to the hands of a fraudster.
Our team has already managed to work out such a case of fraud, so we will give an example of an address that was involved in this whole scheme.
Pay attention to the number of transactions! 132,916 USDT token transfers, with each transaction worth 0.03 USDT. The total amount spent by the scammer is about $4,000.
An example of such a fraud
The victim wanted to transfer a certain amount of funds to the TV…Et address. The fraudster transferred 0.03 USDT to the victim's address, thereby adding his address to the transaction history. Fraudster's address: TV…Et.
The fraudster did not have the funds for long - within 6 hours after this incident, there was a movement of funds to the transit address, from where the funds were combined with other stolen funds and were withdrawn to CEX. The attacker's transit address is the final link in the chain, where all the addresses to which he sends funds belong to the OKX exchange.
Thus, the attacker spent about $4,000 and received about $8,000 in one transaction.
As we can see, in the chart below, the movement of funds begins on November 26, 2022, because it was at this moment that all addresses imitating the real addresses of users were created.
Thus, the attacker spent about $4,000 and received about $8,000 in one transaction.
As we can see, in the chart below, the movement of funds begins on November 26, 2022, because it was at this moment that all addresses imitating the real addresses of users were created.
In total, 23 transactions came out from this address in the amount of $153,803 (equivalent to 153,803 USDT). This amount, presumably, is laundered funds of the victims through the OKX exchange.
To summarize, it is very important to understand that when using blockchain, care and caution are required.
For blockchain security, use proven tools to identify addresses and transactions.
Be careful!
Don't let scammers fool you - always study and double-check the information available to you.
If you have been a victim of fraud or if you know of any such cases, tell us!
We also recommend