SCAM REVIEW: Validate Your Wallet
Know Your Crook
0x432e
April 4th, 2022

Bottom Line Up Front

Someone claiming to be a project support team or admin DMs asking if a question you posted in the channel was ever answered. Regardless of your answer, they will find some pretext to say you need to validate your wallet, and will send you a link to do so. The link is to a phishing site, and will most often ask you to enter your wallet seed phrase.

Overview

The particular approach used in this scam usually comes after a project makes some big announcement, and takes advantage of people asking questions about it. In this case, the SmartCoin team announced it was the last day to request a wallet reputation transfer to a new wallet, but the initial wording was a bit confusing, leading to a lot of questions in the channel.

Here, the scammer forwarded my question into a DM to give themselves a little more credibility. When I said that my question had in fact been answered, they changed tactics and asked if I was participating in the “airdrop bonus”. So, I played along.

"Haven't heard a out that" - damn talk to text...
"Haven't heard a out that" - damn talk to text...

They asked me to send my wallet address to “get me through on their data base system”, a phrase which I assume made sense to them. In reality, they probably just wanted to see how much they’d be able to steal from me, so I grabbed the address of some random whale and sent it along.

Obviously satisfied, I was then sent a link, and instructions on how to validate my wallet.

I need to find a good QR code I can start sending these people
I need to find a good QR code I can start sending these people

The site they sent me to looked generic enough, until I clicked on “Get Started” and was immediately asked for my seed phrase.

Real 'stonks' energy at the bottom of the page
Real 'stonks' energy at the bottom of the page
They even let people upload a json - how convenient!
They even let people upload a json - how convenient!

Another common approach to this scam is via email, where the message will come in from an account pretending to be a popular wallet service (Metamask, TrustWallet, etc). The message will usually say your wallet or account is going to be locked soon unless you take action, and ask you to follow a link to “verify your wallet”. As with the example above, the site they link will either try to trick you into giving up your seed phrase, or ask you to connect to a malicious contract that will drain your funds. Your email spam filter will most likely catch these kinds of emails, but sometimes they slip through. Suffice to say, no wallet service will ever email, DM, or otherwise contact you directly asking you to “verify” yourself or your wallet.

Not today, Satan.
Not today, Satan.

The Takeaway

No matter who is asking or how they dress up the request, you should never, under any circumstances, give out your wallet’s seed phrase. It will never be needed for troubleshooting, tech support, connecting to websites/dapps, entering giveaways, or anything else involving another person. Similarly, when connecting your wallet to a site or dapp, pay close attention to the permissions being asked - they should never include unlimited spending, and making transactions without notifying you.

Have a question, comment, tip, inside info, or anything else? Email KnowYourCrook@ProtonMail.com

Subscribe to Know Your Crook
Receive the latest updates directly to your inbox.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
4mzEIdG5FgOJneS…46JbKOYpnihGQhg
Author Address
0x432eECA27232499…1a70eAe886404f4
Content Digest
6eYKwbiBMTczIAL…i3HvmDSGEq4N82M