In collaboration with imToken, SlowMist has discovered a new type of cryptocurrency scam. This scam targets users in physical offline transactions, using USDT as payment. The fraudster manipulates Ethereum node Remote Procedure Calls (RPC) to deceive victims.


In partnership with imToken, SlowMist has identified a novel type of cryptocurrency fraud, which exploits victims during real-life, offline deals, using Tether (USDT) for transactions.

This deceitful method manipulates Ethereum node Remote Procedure Calls (RPC) for the purpose of swindling innocent victims.

Scammer’s Strategy

At the outset, I, as a cunning imposter, convince my victim to install the genuine imToken wallet on their device. To establish trust, I transfer a token equivalent to 1 USDT and a meager quantity of Ether as an enticement.

Afterward, the scammer directs the user to change their Ethereum RPC URL to one that the scammer manages. By doing so, the fraudster can manipulate the data and deceive the user into believing that their USDT balance has been increased with newly deposited funds.

If a user tries to move their USDT but finds they’ve been tricked instead, it turns out that the swindler has already vanished, based on SlowMist’s investigation.

The blockchain security company disclosed that Tenderly’s Fork function isn’t just limited to adjusting balances, but it can also alter contract details. This expansion of capabilities presents a more serious risk for users.

From an analyst’s perspective, grasping the concept of Remote Procedure Call (RPC) is essential for unraveling the intricacies of blockchain scams. RPC functions as a communication bridge between users and blockchain networks, empowering them to execute tasks like balance inquiries and transaction creation. Ordinarily, wallets link up with trusted nodes, but engaging with unsecured nodes carries the risk of manipulation and ultimately results in financial losses.

Suspect Address Flagged for Pig Butchering Scam

Upon closer examination by MistTrack, the extent of the fraudulent scheme came to light. The targeted wallet with the address 0x9a7…Ce4 was found to have received 1 USDT and a small amount of 0.002 ETH from another account, specifically located at 0x4df…54b.

As a crypto investor, I’ve come across an address that has raised my suspicion due to its transaction history. This address has transferred 1 USDT to several other addresses on numerous occasions. Based on the information provided by MistTrack, these addresses are labeled as “Pig Butchering Scammers.” They have been flagged for suspected fraudulent activities and are linked to various trading platforms. I’ve also discovered that they’ve been implicated in multiple scam incidents.

Read More

2024-04-27 22:16