Author: SlowMist Security Team
Background
In the previous issue of Web3 Security Beginner's Guide to Avoiding Pitfalls, we analyzed some typical airdrop scams and explained the various risks that users may face when claiming airdrops. Recently, the SlowMist AML team noticed a significant increase in the number of users who suffered losses due to fake mining pool scams while analyzing the stolen MistTrack forms submitted by victims. Therefore, in this issue, we will delve into the analysis of several common fake mining pool scams and provide corresponding security recommendations to help users avoid falling into traps.
You plot against him, and he plots against you
Fake mining pool scams mainly target new Web3 users. Scammers take advantage of the insufficient understanding of the cryptocurrency market and the desire for high returns among new users, luring them to invest through a series of carefully designed steps. These scams typically rely on the mechanism of "funds need to be deposited in the pool for a period of time to generate returns," making it difficult for users to realize they have been scammed in a short period. Guided by the scammers, users often continue to invest more funds in pursuit of higher interest. When users are unable to continue providing funds, the scammers threaten that this will result in the inability to redeem the principal, ultimately causing continuous losses for the users under immense pressure.
According to the descriptions of multiple victims, scammers impersonate well-known exchanges on Telegram to establish scam groups. These scam groups often have thousands or even tens of thousands of members, making it easy for people to lower their guard. Many users on Telegram use the number of group members as one of the factors to determine the authenticity of an official account. It is true that the official group will have a large number of members, but this logic does not necessarily hold true in reverse. It is hard to imagine that scammers would establish a group with tens of thousands of people just to scam a few "sheep," and even the "chatter" inside is bait. It is worth noting that a group with over fifty thousand members has fewer than one hundred people online. By comparing the online status of other groups with thousands of members, users may realize that something is amiss.
For novice users, scammers also provide detailed operation tutorials, teaching users how to check the status of the mining pool pledge, how to download wallets, and how to transfer funds to the scammer's contract address. By creating the illusion of liquidity mining economic incentives, scammers successfully attract users to invest funds. After users transfer funds to the contract address and receive rebates, they want to invest more funds to gain more returns, falling right into the scammers' trap, and ultimately, all the funds invested by the users are taken by the scammers.
What's even more despicable is that some scammers return fake coins to users as rebates, and unsuspecting new users believe they have received genuine rebates until they try to trade the rebated coins and realize they are worthless.
The scam in the image below induces users to maliciously authorize and steal their funds. Scammers impersonate official entities claiming to have "super node mining activities" and invite users to participate in mining. Following the operation guide and clicking on phishing links, users are induced to maliciously authorize, ultimately leading to fund theft.
Another scam involves guiding users to a fraudulent platform and creating the illusion of user "profit" by manipulating platform data. However, these profits only exist in the platform's display and do not represent actual asset increases. At this stage, users are already confused by the scammers' "superb" investment capabilities. Subsequently, the scammers further invite users to participate in mining pool activities and stipulate that users need to recharge 5% or 8% of their total assets in USDT to the deposit account daily to activate the mining pool. Under the pressure of "if you do not continue to recharge, you will be unable to redeem the principal," users continue to recharge funds to the account provided by the scammers. By now, everyone should understand that this method means users have to recharge more USDT every day than the previous day.
After comprehensively examining the above fake mining pool scams, readers should realize that these scams do not actually involve highly advanced technology. However, these novel methods and seemingly legitimate operational processes are extremely confusing for new Web3 users, making inexperienced users susceptible to falling into traps.
Conclusion
In this issue, we analyzed several common fake mining pool scams in the hope of helping users increase vigilance when encountering similar situations and avoid falling victim. We also provided some security recommendations to help users enhance their defense capabilities:
Be wary of unrealistic profit promises: If an investment opportunity promises excessively attractive returns, it is often a scam.
Avoid authorizing casually: Refrain from clicking on unknown links and performing authorization operations.
Maintain a skeptical attitude: Carefully verify the authenticity of groups and do not judge their credibility solely based on the number of group members. Maintain a skeptical attitude towards operations involving fund transfers and confirm the authenticity of activities from multiple sources.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
