Background
In the previous issue of Web3 security pitfall avoidance guide, By analyzing some typical airdrop scams, we explain the various risks that users may face when receiving airdrops. Recently, while analyzing MistTrack stolen forms submitted by victims, the SlowMist AML team noticed a significant increase in the number of users compromised by fake mining pool scams. Therefore, in this issue, we will provide an in-depth analysis of several common fake mining pool scams and put forward corresponding safety suggestions to help users avoid pitfalls.
You care for others, and they care for you
The fake mining pool scam mainly targets new users of Web3. Scammers take advantage of new users' lack of understanding of the cryptocurrency market and desire for high returns, and trick them into investing funds through a series of carefully designed steps. These scams usually rely on the mechanism that "funds need to be stored in the pool for a period of time to generate income", making it difficult for users to realize that they have been deceived in a short period of time. Under the guidance of scammers, users often continue to invest more money in order to pursue higher interest rates. When users are unable to continue to provide funds, scammers will threaten that this will result in the inability to redeem the principal, and end users continue to suffer losses under heavy pressure.
According to the descriptions of many victims, scammers pretended to be well-known exchanges to establish fraud groups on Telegram. The members of such fraud groups often number in the thousands or tens of thousands. People, it’s easy to let your guard down. When many users search for official accounts on Telegram, they regard the number of people in the group as one of the factors that determine the authenticity of the account. It is true that the number of people in the official group will be larger, but this logic is not necessarily correct when it is reversed. It is unimaginable that a scammer has established a group with tens of thousands of people just to deceive a few "sheep", and even the "chat" in it is just bait. It is worth noting that a group with more than 50,000 people has less than 100 people online. Referring to the online number of other 10,000 people, users may realize that something is wrong.
For novice users, the scammer has also provided detailed operation tutorials to teach users how to check the pledge status of the mining pool, how to download a wallet, and how to transfer funds to the scammer's contract address. Using the illusion of an economic incentive mechanism for liquidity mining, scammers successfully attracted users to invest funds. After the user transfers money to the contract address and receives the rebate, he wants to invest more funds to obtain more income. This action falls into the trap of the scammer, and in the end all the funds invested by the user are taken away by the scammer.
What's even more disgusting is that some scammers even return counterfeit coins when giving rebates to users. New users who don't know why they really think they have received rebates only find out that they are fake coins when they try to trade the rebate coins. value.
The scam in the picture below is to steal user funds by inducing users to perform malicious authorization. Scammers pretend to be official and claim to have "super node mining activities" and invite users to participate in mining. After the user clicks on the phishing link according to the operation guide, he is induced to perform malicious authorization, which ultimately leads to the theft of funds.
There is also a scam in which scammers first guide users to a fraud platform and create the illusion that users are "profitable" by manipulating platform data. However, these profits only exist on the display of the platform and do not represent actual increases in assets. At this stage, users have been deceived by the scammer’s “superior” investment capabilities. Next, the scammer further invites users to participate in mining pool activities and stipulates that users need to recharge 5% or 8% of total assets in USDT to the deposit account every day to activate the mining pool. In order to obtain dividends and under the pressure of "the principal cannot be redeemed if they do not continue to recharge," users continue to recharge the accounts provided by the scammers. After seeing this, everyone understands that this gameplay means that users must deposit more USDT every day than the previous day.
Looking at the above fake mining pool scams, I believe readers should notice that this type of scam does not actually use advanced technology, but these novel gameplay and seemingly formal operating procedures are very important to new Web3 users. It is said to be extremely confusing and new users with little experience can easily fall into the trap.
Summary
In this issue we analyze several common The fake mining pool scam hopes to help users be more vigilant when encountering similar situations and avoid falling for it. We also provide some security suggestions to help users enhance their prevention capabilities:
Be careful not to Realistic Promises of Returns:If an investment opportunity promises returns that are too enticing, it is often a scam.
Don’t authorize at will: Avoid clicking on unknown links and performing authorization operations.
Be skeptical: Double-check the authenticity of the group, don’t base it solely on the size of the group Determine its credibility. You should also remain suspicious of operations involving fund transfers and confirm the authenticity of the activities with multiple parties.