Trending News: From traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall StreetThe lively thrill of CZ and MEME BNB Chain is in progressPoW mining does not constitute securities issuance. No registration is required. See what the US SEC said.PumpFun fills up the Swap puzzle, the first encrypted dApp outline appearsTrump: The United States will dominate cryptocurrencies and next-generation financial technologyWhy are North Korean hackers so good at stealing cryptocurrencies?Why can BSC successfully replicate the Solana Ecological Meme miracle?Hacker storm resurfaces: OKX suspends DEX, Binance winsAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraEthereum price falls into a “cursed” downward trend and may continue throughout the yearStrategic Reserves and Game of Thrones II: The Encrypted Order in the Trump AgeRAY rose by more than 22% in 24 hours: Raydium LaunchLab In-depth Research ReportPectra upgrade countdown Vitalik explains the “Wallet Security” strategy in detailIt turns out that this is how BSC gets rich by beating dogsThe Middle East is coming, and the Golden Dogs are constantly on the BSC chainMubarak soared by 1300 times CZ has added several more A8 players to BSCBankless: What are native Rollups?Bitwise: Why is it said that the tariff war triggered a sharp pullback in BTC is a buying opportunityBTC pullback nearly 30% When will institutional funds returnEthereum Don’t let newcomers downThe narrative of altcoin ETF is not working?Time of liquidity ebb: Who is protecting the Tower of Babel of Ethereum?The next major upgrade to Bitcoin?Evaluation of OP_CAT and OP_CTVMake encryption great again Trump helps Wall StreetThe latest speech by former vice president of the central bank: The rise and challenge of cryptocurrenciesBitcoin’s crossroads: Bear or new highs, where will the market goLinkedIn Recruitment Phishing AnalysisGold hits record high How long will it take for Bitcoin to beTrump adviser David Sacks’ “clearance drama”Meme currency market review: How many people have caught the Golden Dog in the past year?3 Reasons Why Ethereum Still Being Bullish After Slump to 17-Month LowJudicial disposal of virtual currencies: Beware of becoming illegal financial activitiesFinancial advisors and large brokerage firms drive the next wave of Bitcoin ETF adoptionBTC ETF Next Process: Financial Advisors and Big Institutions Lead the Expansion WaveSudden news: Trump’s stake in BinanceLogical analysis of Binance’s share reduction and MGX investment: Valuation Motivation and Market InfluenceEthereum Prague Upgrade In-depth Research Report: Ecological Impact and Future OutlookCan the Pectra upgrade reshape the Ethereum ecosystem?Binance surrenders to the UAEGolden Encyclopedia | What role does gold, oil, and BTC play in the US reserves?How did Meme coins go from online jokes to crypto culture engines?Users don’t want VC coins or meme coins. So what do users want?a16z: Exploring the efficient and secure path of zkVMGlassnode: Is there still a bull market?What is the bottom of this round of declineARK Research Report: Oversold, Currency Circulation—A Study on the Crypto Market in FebruaryWeb3 Consumer Application mainstream paradigm, opportunities and challengesEthereum standing at the intersectionWhat made Solana revenue plummet 93% from its January high?Glassnode: Is the metaverse cold?The data on the chain tells you the answerStill bullish?Or are we in the stage of “wealth extinction”?Founder of Cardano: From ETH veteran to “not doing business” all-rounderA brief history of the relationship between Ethereum and ZKTexas Senate advances Bitcoin Reserves Act with bipartisan supportCysic: The future of Ethereum expansion lies in hardware rather than softwareThe reason why the market “vote with its feet” Bitcoin war reserve planThe inside story of the meeting where Trump’s cabinet and Musk clashDOGE Operation: How Musk uses an unofficial team to leverage the White HouseTrump signs executive order for BTC strategic reservesGold VS Bitcoin: One World Two SystemsCan Odin.fun, which is under the hacker’s misunderstanding, shoulder the banner of Bitcoin ecological revival?Coingecko: Who is the biggest culprit of the demise of this round of Meme currency market?From billionaires to prisoners: SBF talks about life in prison and FTX bankruptcy cloudFrom Hong Kong to Denver Ethereum is entering the “Dunkirk Moment”Interpretation of Trump’s crypto reserve executive order: BTC arms race officially beginsThe United States officially establishes a strategic reserve of cryptocurrencies, and the good news is out.From Hong Kong to Denver Ethereum is entering the “Dunkirk Moment”Golden Encyclopedia | What is a multi-signature cold wallet?How safe is it?Ethereum’s second Pectra test has a vulnerability that may cause upgrade delaysBankless: Take stock of the top five hottest airdrop opportunities in the crypto fieldDeFi regulation ushers in a turning point, U.S. lawmakers want to abolish IRS’s broker rulesCultural differences or are there any high places in the temple and not worry about the people?CZ falls into a whirlpool of public opinionStrategic Reserves and Game of Thrones: The Encrypted Order in the Trump AgeTrump’s Congressional Speech: US Economy, Tariff Policy, Vision of RevivalWhat are the highlights of the White House Cryptocurrency Summit? Who will participate?Preview of the White House Cryptocurrency Summit: Policies Reset Hope and Uncertainty Still AlwaysWhere is the stage of this cycle we are in?What macro issues should be cared about?When DeFi meets AIEthereum Foundation officially announces new leadershipQuick view of Binance’s 11th HODLer airdrop project: GoPlus SecurityCoinbase: On-chain lending market structure and its impactHayes: Still in a bull cycle, Trump’s BTC will reach $1 millionWhat factors have caused the crypto market to fall in February?Will it continue to weaken in the futureIf Musk fails this time, the US debt crisis will be out of controlPantera Partner: The Rise of Cryptocurrencies in AsiaMeme Coin: From social experiments to retail investors’ “value extraction” tool
Mon. Apr 7th, 2025
Trending News: From traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall StreetThe lively thrill of CZ and MEME BNB Chain is in progressPoW mining does not constitute securities issuance. No registration is required. See what the US SEC said.PumpFun fills up the Swap puzzle, the first encrypted dApp outline appearsTrump: The United States will dominate cryptocurrencies and next-generation financial technologyWhy are North Korean hackers so good at stealing cryptocurrencies?Why can BSC successfully replicate the Solana Ecological Meme miracle?Hacker storm resurfaces: OKX suspends DEX, Binance winsAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraEthereum price falls into a “cursed” downward trend and may continue throughout the yearStrategic Reserves and Game of Thrones II: The Encrypted Order in the Trump AgeRAY rose by more than 22% in 24 hours: Raydium LaunchLab In-depth Research ReportPectra upgrade countdown Vitalik explains the “Wallet Security” strategy in detailIt turns out that this is how BSC gets rich by beating dogsThe Middle East is coming, and the Golden Dogs are constantly on the BSC chainMubarak soared by 1300 times CZ has added several more A8 players to BSCBankless: What are native Rollups?Bitwise: Why is it said that the tariff war triggered a sharp pullback in BTC is a buying opportunityBTC pullback nearly 30% When will institutional funds returnEthereum Don’t let newcomers downThe narrative of altcoin ETF is not working?Time of liquidity ebb: Who is protecting the Tower of Babel of Ethereum?The next major upgrade to Bitcoin?Evaluation of OP_CAT and OP_CTVMake encryption great again Trump helps Wall StreetThe latest speech by former vice president of the central bank: The rise and challenge of cryptocurrenciesBitcoin’s crossroads: Bear or new highs, where will the market goLinkedIn Recruitment Phishing AnalysisGold hits record high How long will it take for Bitcoin to beTrump adviser David Sacks’ “clearance drama”Meme currency market review: How many people have caught the Golden Dog in the past year?3 Reasons Why Ethereum Still Being Bullish After Slump to 17-Month LowJudicial disposal of virtual currencies: Beware of becoming illegal financial activitiesFinancial advisors and large brokerage firms drive the next wave of Bitcoin ETF adoptionBTC ETF Next Process: Financial Advisors and Big Institutions Lead the Expansion WaveSudden news: Trump’s stake in BinanceLogical analysis of Binance’s share reduction and MGX investment: Valuation Motivation and Market InfluenceEthereum Prague Upgrade In-depth Research Report: Ecological Impact and Future OutlookCan the Pectra upgrade reshape the Ethereum ecosystem?Binance surrenders to the UAEGolden Encyclopedia | What role does gold, oil, and BTC play in the US reserves?How did Meme coins go from online jokes to crypto culture engines?Users don’t want VC coins or meme coins. So what do users want?a16z: Exploring the efficient and secure path of zkVMGlassnode: Is there still a bull market?What is the bottom of this round of declineARK Research Report: Oversold, Currency Circulation—A Study on the Crypto Market in FebruaryWeb3 Consumer Application mainstream paradigm, opportunities and challengesEthereum standing at the intersectionWhat made Solana revenue plummet 93% from its January high?Glassnode: Is the metaverse cold?The data on the chain tells you the answerStill bullish?Or are we in the stage of “wealth extinction”?Founder of Cardano: From ETH veteran to “not doing business” all-rounderA brief history of the relationship between Ethereum and ZKTexas Senate advances Bitcoin Reserves Act with bipartisan supportCysic: The future of Ethereum expansion lies in hardware rather than softwareThe reason why the market “vote with its feet” Bitcoin war reserve planThe inside story of the meeting where Trump’s cabinet and Musk clashDOGE Operation: How Musk uses an unofficial team to leverage the White HouseTrump signs executive order for BTC strategic reservesGold VS Bitcoin: One World Two SystemsCan Odin.fun, which is under the hacker’s misunderstanding, shoulder the banner of Bitcoin ecological revival?Coingecko: Who is the biggest culprit of the demise of this round of Meme currency market?From billionaires to prisoners: SBF talks about life in prison and FTX bankruptcy cloudFrom Hong Kong to Denver Ethereum is entering the “Dunkirk Moment”Interpretation of Trump’s crypto reserve executive order: BTC arms race officially beginsThe United States officially establishes a strategic reserve of cryptocurrencies, and the good news is out.From Hong Kong to Denver Ethereum is entering the “Dunkirk Moment”Golden Encyclopedia | What is a multi-signature cold wallet?How safe is it?Ethereum’s second Pectra test has a vulnerability that may cause upgrade delaysBankless: Take stock of the top five hottest airdrop opportunities in the crypto fieldDeFi regulation ushers in a turning point, U.S. lawmakers want to abolish IRS’s broker rulesCultural differences or are there any high places in the temple and not worry about the people?CZ falls into a whirlpool of public opinionStrategic Reserves and Game of Thrones: The Encrypted Order in the Trump AgeTrump’s Congressional Speech: US Economy, Tariff Policy, Vision of RevivalWhat are the highlights of the White House Cryptocurrency Summit? Who will participate?Preview of the White House Cryptocurrency Summit: Policies Reset Hope and Uncertainty Still AlwaysWhere is the stage of this cycle we are in?What macro issues should be cared about?When DeFi meets AIEthereum Foundation officially announces new leadershipQuick view of Binance’s 11th HODLer airdrop project: GoPlus SecurityCoinbase: On-chain lending market structure and its impactHayes: Still in a bull cycle, Trump’s BTC will reach $1 millionWhat factors have caused the crypto market to fall in February?Will it continue to weaken in the futureIf Musk fails this time, the US debt crisis will be out of controlPantera Partner: The Rise of Cryptocurrencies in AsiaMeme Coin: From social experiments to retail investors’ “value extraction” tool
Mon. Apr 7th, 2025

Slow fog: reverse fishing reveals the routine of fishing with token accuracy

By: Liz, slow fog

background

Recently, CYBER RESCUE fished the victim under the guise of “can help recover/recover stolen funds” under the guise of “helping recover/recovering stolen funds” under the guise of “it’s possible to get rid of the stolen funds.”In response to this situation, the Slow Fog Security Team reversely phished the scam and disclosed its fraud process, hoping that the majority of users would be vigilant and avoid being deceived.

The fraud process

As a victim, we contacted CYBER RESCUE, who claimed to be able to recover stolen funds 100%. The following is the fraud process of the fraudster:

1. CYBER RESCUE first asks the victim about the time of the stolen, the wallet used and the reasons for the stolen, and then says that the stolen funds can be recovered 100%. The method is to process the transaction through USDT under the BNB smart chain network and the stolen funds will be processed.Redirect to the victim’s wallet.The victim needs to download MathWallet, which the scammer explained was to guide the victim to transfer the user settings and redirect the funds to the victim’s wallet.

2. The scammer then asked the victim to click “Add Custom Asset” on the homepage to guide the user to enter the USDT contract 0x55d398326f99059ff775485246999027b3197955 (the contract address is correct). At this time, MathWallet will automatically recognize that the token has an accuracy of 18.

At this point, the scammer emphasized: when pasting the contract address, change Decimals from 18 to 0.Thus the victim added a USDT token with correct contract but incorrect precision.Here we explain what Decimals is (decimals). In tokens, Decimals represents the number of minimum scatterable units of the token, which determines the accuracy of the token in transactions and calculations.The higher the value of Decimals, the higher the accuracy of the token.

After the victim did as he did, the scammer said that this would be fine. He wanted to freeze the stolen funds and return them to the victim’s account. Now the victim needs to provide a metamask wallet (MetaMask wallet).Because the translation software translated the MetaMask wallet into a metamask wallet, this confused the victim and the scammer was shocked. You don’t have a MetaMask wallet?

3. At this point, the scammer began his magical operation of “retrieving” the stolen funds:

After the scammer checked the stolen transactions we provided to him, he said that he could only recover $89,589 of the stolen funds. The reason he gave was that the remaining funds had entered the foreign exchange market and were converted into local currency.

The scammer then asked the victim to send a screenshot of the MathWallet Account and reminded the victim: Please stay online, success or failure will be the first to do so.This sentence is somewhat confusing. The victim has lost money. The scammer’s supervision at this time will make the victim think about seizing this opportunity to recover the money. How could he realize that he was about to fall into another trap?.

The scammer asked the victim to click on the Export Private Key in Manage Wallet to guide the victim to copy the private key to him.The scam’s explanation of the need for a private key is to connect the app to redirect transactions to the victim’s wallet.If the scammer’s previous operations did not arouse you, but now he cares about your private key, run away!

The victim sent the private key to the scammer.Soon, the scammer said that the operation was done and he could check his wallet.The victim looked at the wallet and found that the number of USDTs did turn into 89589 that the scammer just promised to recover. What’s going on?

Query on the block browser and found that the number of money transferred by the scammer to the victim was 0.00000000000000089589 USDT.This is because the victim previously changed the Decimals of the custom token in the wallet from 18 to 0 under the guidance of the scammer. Therefore, although the number of transfers by the scammer to the victim is 0.00000000000000000089589 USDT, the victim’s wallet will show that 89589 USDT is received.

(https://bscscan.com/tx/0x00901c40073dc1ec64041a3aee689874406fdb1bf7b112a6c380ec3839d6a8e5)

The scammer has already cheated on his private key. How do he make a profit next?He told the victim that he needed to have enough BNB available balance to execute transactions to other accounts, which should be 10% of the initial balance in the BNB smart chain network.If the victim believes it, transfer the BNB worth about $8968 into the wallet as required, and it will be stolen by the liar.

We used a block browser to view the scammer’s address (0xe27126d1c17B42Eb42783655D339a782f779BABA) and found that the address was frequently transferred to other addresses in small amounts, which means that the scammer continued to use this fraud to commit crimes.

(https://bscscan.com/txs?a=0xe27126d1c17B42Eb42783655D339a782f779BABA&p=1)

Use MistTrack(https://misttrack.io/) to query the address, and you can see that the source of the handling fee for this address is Binance.MistTrack has blocked the relevant addresses and will continue to monitor abnormal funds.

MathWallet Update

After receiving feedback from the case, MathWallet immediately fixed and released a new version, banning users’ manual modification of precision.Users who have already installed MathWallet should upgrade in the App Store or Google Play.

Summarize

There are endless scams in the dark forest of blockchain. The scammers in this article even pretend to be on-chain tracking experts and phish the stolen victims. During the fraud process, it can be said that they teach the victims how to give the private key step by step.The Slow Fog Security Team hereby reminds users to be vigilant. No matter what identity the other party is approaching you, do not give a private key and beware of being stolen.If your cryptocurrency is unfortunately stolen, we will provide free community assistance services for case assessment, only if you submit your form in accordance with the classification guidelines (stolen funds/scam/scam ransomware).At the same time, the hacker address you submitted will also be synchronized to the InMist Threat Intelligence Cooperation Network for risk control.(Note: Submit the Chinese form to https://aml.slowmist.com/cn/recovery-funds.html, and submit the English form to https://aml.slowmist.com/recovery-funds.html)

    • jakiro

    Related Posts

    LinkedIn Recruitment Phishing Analysis
    LinkedIn Recruitment Phishing Analysis

    Author: 23pds & Thinking background In recent years, phishing incidents against blockchain engineers have occurred frequently on the LinkedIn platform. Yesterday, we noticed a post posted by @_swader_ on X.This…

    Continue reading
    “Long -termists’ in the Crypto industry
    “Long -termists’ in the Crypto industry

    Author: dapangdun Long -termists seem to be a very unpleasant word at the moment, because most people in the circle are pursuing “opportunities for getting rich” and “real wealth feedback”.…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Meme

    From traditional replication to innovation Can Backpack seize the future?

    • By jakiro
    • March 26, 2025
    • 21 views
    From traditional replication to innovation Can Backpack seize the future?
    People

    Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortality

    • By jakiro
    • March 26, 2025
    • 20 views
    Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortality
    Ethereum

    Ethereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?

    • By jakiro
    • March 26, 2025
    • 22 views
    Ethereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?
    Research Report

    Coingecko: How do investors view the potential of crypto AI technology?

    • By jakiro
    • March 26, 2025
    • 52 views
    Coingecko: How do investors view the potential of crypto AI technology?
    Research Report

    Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast market

    • By jakiro
    • March 26, 2025
    • 18 views
    Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast market
    Ethereum

    The latest updates from ETH and Solana: What are the things to pay attention to?

    • By jakiro
    • March 25, 2025
    • 19 views
    The latest updates from ETH and Solana: What are the things to pay attention to?
    Home
    News
    School
    Search