A cryptocurrency scam targeting the gullible and greedy on Twitter has been busted wide open by a concerned user of the social media platform.
A self-professed blockchain expert – known only by their Twitter handle of Clement – of Lausanne, Switzerland, refused to be taken in by the con, in which a threat actor poses as a hapless student who doesn’t know how to use a Tronix (TRX) crypto-wallet – and offers to pay anyone who “teaches” them handsomely.
“Many people received messages on Twitter asking for help to retrieve TRX on Tron,” posted Clement. “They provide their mnemonic and private keys, and promise you a few hundred USDT [Tether stablecoin] if you help them. It looks too good to be true... and it is!”
Next Clement retweeted the original message from the digital trickster, which reads: “Hi! I’m a student. I received USDT6,800 but I don’t know how to sell USDT to get USD [dollars] to my account. Can you teach me how to use my Trust wallet? I will pay USDT300 as a reward!”
Trust is ironically the operative word – because that is exactly what the scammer or scammers behind the ploy are hoping to abuse, so they can scarper with some illicit cash.
“When you import the seed in a compatible wallet (e.g, MathWallet) you'll get the address associated with the private key,” explained Clement. “By visiting tronscan (the equivalent of etherscan for Tron), we can see that we have the private key of an address that contains 400 USDT, awesome!”
Here comes the sting
But when the unwary victim tries to access the cryptocurrency – either to move it or steal it – they find that they cannot.
“When we try, we get an error (and no clue about it),” said Clement. “What most users will think is that they don't have enough TRX to pay the fees since the address has only a few cents for gas.”
The scam appears to rest on the victim deciding to put some money in the account to try to kickstart it into life again so they can access the funds. “However, it doesn't solve the problem, and even with a few dollars worth of TRX , we have the same error,” said Clement. “And if we wait a few minutes, we will see that the TRX we sent was sent back to another address... we got scammed!”
How the scam worked
Clement’s investigation brought to light more evidence that something ‘phishy’ was afoot: “When we look at the transaction history, we see that the address is super active (more than 30 transactions in the last 24 hours). Weird for a student that doesn't know how to use a wallet, right?”
Further digging by Clement suggests that the “account had delegated its signing permission to another address(es).” This apparently allowed the crook or crooks behind the scam to move TRX to another place, whereas the victim would have been unable to do so.
Clement urges all Twitter users and crypto-enthusiasts to steer well clear of this or any similar-looking scams: “To sum up, don't interact with these ‘students.’ It is obviously a scam, and too good to be true! Too many people get scammed every day with this method.”
More from Cybernews:
Subscribe to our newsletter