Fraudsters exploit malicious ETH RPC nodes to target imToken wallet users

A fresh scheme is preying on users through physical transactions involving USDT, taking advantage of a modified remote procedure call (RPC) function on Ethereum nodes.

According to a report by security firm Slowmist on April 26, the scam is specifically designed to deceive unsuspecting users. It involves persuading them to download the legitimate imToken wallet and sending them 1 USDT and small amounts of ETH as a lure.

The victim is then instructed to change their ETH RPC URL to a node that has been maliciously altered and is controlled by the scammer.

RPC enables applications to execute code on a computer to communicate with a blockchain and is crucial for the development of decentralized applications (dApps). In this case, Ethereum RPC interacts with nodes, inquiring about balances, sending transactions, or engaging with smart contracts.

Once the user modifies the RPC URL, a falsified wallet balance is displayed on the victim’s end, leading them to believe that they have received a significant amount of funds. However, when the user tries to transfer the miner’s fees to cash out the USDT, they discover the deception. By that point, the scammer has erased all traces and disappeared with the transferred fees.

“Users often only focus on whether funds have been credited to their wallets, overlooking potential risks. Scammers exploit this trust and negligence, employing believable tactics like transferring small amounts of money to deceive users,” said researchers at Slowmist.

Slowmist also stated that an examination of one victim’s wallet revealed that it received 1 USDT and 0.002 ETH from the scammers’ address. Tracking that address uncovered that the scammer had sent 1 USDT to three other wallets.

The scammer’s address was linked to multiple trading platforms and was labeled as “Pig Butchering Scammers” by the on-chain tracking tool MistTrack.

As a result, Slowmist urged users to “remain cautious during transactions,” emphasizing that users should be skeptical of others to avoid being defrauded.

Despite increasing awareness, scams in the cryptocurrency sector continue to plague market participants. In April, there were numerous instances where scammers successfully targeted unsuspecting crypto users.

On April 17, Hollywood star Tom Holland’s X account was compromised to promote crypto scams. Earlier in the month, YouTube experienced a surge of fake Space X giveaways disguised as live streams focused on the April 8 solar eclipse.

Read more: SpaceX giveaway scam inundates YouTube with deep fake Elon Musk.