paint-brush
Here's-My-Private-Key Scam in Crypto: How It Traps Unsuspecting Usersby@alfredodecandia
6,405 reads
6,405 reads

Here's-My-Private-Key Scam in Crypto: How It Traps Unsuspecting Users

by Alfredo de CandiaNovember 14th, 2021
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Scam is based on the fact that we must never reveal our private key or seed to anyone because if we do, we will lose all the funds within it. Criminals deliberately publish their private key in chat or private messages, in the hope that someone can insert the private key into the wallet and see that there are crypto with a value and ready to be moved to our wallet with a simple transaction. The victim, seized by the greed of getting over 3 thousand dollars in his hands, neglects checks because he knows that if another user has made the same steps, he will be able to take them before him.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail

Coins Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Here's-My-Private-Key Scam in Crypto: How It Traps Unsuspecting Users
Alfredo de Candia HackerNoon profile picture


In the crypto and blockchain world, unfortunately, we find scammers who strive to be able to directly or indirectly steal the funds of the unfortunate who for one reason or another fall victim to the same scammers.


There are several scams and tricks that criminals use but this time we will focus on a really devious one that few know or recognize, which is the one that concerns the seed or the private key.


Before going into detail and understanding how it works, this scam is based on the fact that we must never reveal our private key or our seed to anyone because if we do, we will lose all the funds within it.


Knowing this, criminals deliberately publish their private key or seed in chat or private messages, in the hope that someone can insert the private key or seed into the wallet and see that there are crypto with a value and ready to be moved to our wallet with a simple transaction.


And here is the scam as the relative address will have cryptocurrencies with a certain value, but will be devoid of Ethereum in order to be able to make the transaction to release these cryptocurrencies, and therefore since the value is greater than the fee to be paid, then we are the first to send ETH to the wallet and then make the exit transaction with the swag.


Unfortunately, we have done nothing but play the game of the scammer as the relative address has systems to be able to release any incoming transaction and Ethereum to a different address so when the victim sends X ETH to then make the transaction, the criminal already will have processed that transaction to another address of his and so we actually gave the ETH to the criminal as a gift.

The case

Considering that I’m in the crypto and blockchain sector for 10 years, I know and experienced the various scams that have occurred over the years and it is very easy for me to recognize them and avoid falling, but unfortunately not all of us are so informed about the same and then we will see together how to recognize this scam and how it all happens.


The first step is to come across a message that reveals either the private key or the seed of an address, as in this case:


At this point, the unsuspecting user immediately runs to insert the private key or the seed into a wallet, usually the one recommended by the scammer, in our case Trust Wallet, and to our surprise, we will see over $3,000 ready to wait for us:


As we can see we have 32 thousand Minerum (MNE) tokens that have that value on paper but that if we check where we can exchange it we only find that HotBit has the MNE / ETH pair.


Unfortunately, the victim, seized by the greed of getting over 3 thousand dollars in his hands, neglects these checks because he knows that if another user has made the same steps, he will be able to take them before him.


Therefore the first thing he does is that to make the transaction to withdraw these tokens but will be greeted by the message that the ETH balance to pay the fees is too small and therefore he will have to send more to be able to make the related transaction, in our case it takes just under 0.02 ETH:


So, the victim transfers a little over 0.02 ETH to cover the transfers to HotBit. But, as we can check on any explorer, any Ethereum revenue transactions are quickly pulled by criminals to another address which is regularly emptied into other addresses.

How to Verify Wallet Address before sending tokens?

Let's consider that despite we are on the Etherem blockchain, it is possible to check the same address on other blockchains as well as in the case of Polygon (MATIC) and as soon as we search on an explorer of that network, here we find some suspicious things such as a transaction from a address already reported as "Fake_Phishing1" which going to deepen leads us to another message that warns us as follows:


"Warning! There are reports that trying to withdraw or move this token via their website could lead to a loss of funds. Please exercise caution when interacting with the contract address. "


And here in a couple of clicks, we can see how this address is entangled in a scam just described and which also operates on other blockchains such as the Binance Smart Chain (BSC), enhancing and branching the scam also on these blockchains and others that use the Ethereum blockchain as a reference point.


Furthermore, another system that we can use to check the various addresses is the comments section that we find in some explorers and in fact here we can see how all the comments talking about Scam and therefore about scam.

How to defend yourself?

Obviously, criminals play on our naivety and our avarice, but if we keep in mind one of the sayings in this industry "Don’t Trust, Verify!" so before doing any operation it is always good to check and verify all the information regarding something strange or that is too good to be true because in 99% of cases it is beautiful and good scams.


In this case, it is also good to check the information on the token to actually understand if it is something useful or a token created by the criminals themselves to bite the victims since it is easy to list a token on any DEX.


Another interesting tool to use since we must also check the token is the Token Sniffer one and in fact just enter the name of the MNE token and we have a negative report with a warning about the relative address that has already carried out other scams before this one.


For Italians readers I made also a video in which I explain more details of this kind of scams: