Like anyone with open DMs on Twitter, my message request box is a rubbish fire. Spam accumulates like pizza posts.
It’s an eclectic mix of PR outreach, spam, crypto-promotions and, at times, religious proselytizing.
But this morning I received a message that really piqued my interest. A stranger named Eddie sent what appeared to be his encrypted private key and requested that the contents be moved to his wallet.
money for nothing
The wallet is claimed to hold 9,860 Tether (USDT) tokens. Tether is a stable currency. Each crypto token is equivalent to one dollar. For my efforts, Eddie will allow me to keep 300 USDT tokens, or 300 dollars.
I wasn’t born yesterday. Obviously this was a scam. But it was a scam I had never seen before. Twitter is full of crypto experts, but most of them are pretty ordinary.
The most common approach is that verified and hacked accounts pretend to be as famous in the crypto space as Elon Musk. These accounts promise to double people’s money, provided a certain amount of encryption is sent to another address.
And there they are Pumping and discharging schemes. Bad actors will build a following of fellow crypto enthusiasts and aggressively promote a specific token, ICO or dApp product.
As interest rises, prices also rise. When the token reaches a certain level, the promoters will cash out, leaving their gullible victims to bear a heavy loss.
These two tricks are as endemic as they are boring. But the message you received earlier this morning? I haven’t seen that before. It sparked my interest.
Well, here’s the thing: private keys should be kept…well…private.
It’s similar to the PIN code on your debit card. If someone else knows it, there’s nothing to stop them from draining your account.
Many crypto scams attempt to steal the private keys of their victims. This scam seems to have done the exact opposite. This is what made it so interesting.
Fortunately, I am not the first person to be targeted. Although this scam is not as common as the popular Elon Musk Twitter, it has happened to enough people to be reasonably well documented.
step on gas
Before I dissect this scam, I need to explain some Crypto 101 to you.
Cryptocurrencies are decentralized. Transactions are processed, verified and recorded by other computers within the network. This requires computing power, electricity and dedicated storage space.
To incentivize people to run these nodes, many cryptocurrencies charge transaction fees (or “gas fees” in the Ethereum world). This fee rewards contract operators.
with me yet? Good. Let’s get back to the scam.
If the victim recreates the wallet, they will see that every token pledged in the original message exists. But they will also see that the wallet lacks the funds to make the payment.
Therefore, the victim remits the gas fee. These are usually a small part of the promised reduction. They will continue to make a profit.
But here’s the trick: the wallet is connected to a smart contract. This looks complicated. They are not.
Simply put, smart contracts are computer programs that perform specific actions when a condition is met. In this case, the smart contract will automatically remit any gas charges that hit the wallet.
This happens within seconds. Smart victims will realize that they have been deceived. Silly victims will resend the gas money over and over again, thinking that something has gone wrong and they need to try again until it finally works.
Each time, the fraudster withdraws the gas fee from the crypto transaction.
If it sounds too good to be true…
I look like your father here. And no, I don’t care. If something sounds too good to be true, it almost certainly is.
No random stranger would offer free cash for something as routine as getting their wallet back. People do not trust strangers with the contents of their encrypted wallets. Especially when web3 contains the equivalent of thousands of dollars.
Scams are especially egregious because they take advantage of the weaknesses that make society necessary. Traits (usually positive) such as confidence, friendliness, and willingness to make others.
It is always more effective in times of real economic conflict. Desperate people are often more willing to take risks.
this is the reason Lottery ticket sales soar during recessions. It is also why multi-level marketing firms (which are, at best, thin pyramid schemes) find it easier to recruit. During the disruptions caused by the COVID-19 pandemic.
We have two weapons against fraudsters: suspicion and awareness. One is developed and the other is learned. As such, I would encourage you to share this post with anyone you think might fall victim to this type of private key scam.