Recently, a new type of scam has emerged where scammers manipulate users' wallet balances by tricking them into changing their RPC node settings. The scam works as follows:
- The scammer poses as a buyer and convinces the user to use the imToken wallet for receiving tokens. They first transfer a small amount of USDT and ETH to the user's wallet to gain their trust.
- Then, using the excuse that the imToken network is unstable, the scammer asks the user to change their ETH network's RPC node to a link provided by them. However, this RPC link actually comes from Tenderly's "blockchain simulator" and is not a real Ethereum network node.
- With the user modifying their network node settings as instructed, the scammer gains the ability to manipulate transaction records and balances in the user's wallet. Leveraging a simulator, they execute counterfeit "transfers," falsely indicating the receipt of USDTs on the wallet homepage, creating a misleading impression of payment. Exploiting users who believe they've received tokens, the scammer swiftly concocts an excuse to vanish.
- When users attempt to withdraw or cash out USDT later on, they realize that they are unable to do so. Upon switching back to their original RPC node, those USDTs disappear and there are no related records on block explorers - only then do they realize they have been scammed.
Users are vulnerable to such scams mainly because they lack understanding about core concepts like "RPC nodes". An RPC node acts as a bridge for data interaction between wallets and blockchain networks; it handles operations such as checking balances and sending transactions. Usually, wallets use secure default nodes which don't require any changes from users. However, if someone blindly trusts others' suggestions and connects their wallet with an untrusted node, it exposes their token balance and transaction information in danger of being manipulated, leading to misleading user decisions and financial losses.
The problem is that for most ordinary users, the concept of RPC nodes is unfamiliar. When scammers ask them to modify their RPC node, users are unaware of the potential risks involved and simply comply without questioning.
The imToken Security Team advises caution when it comes to any requests involving modifying network settings while using wallets - don't easily trust such requests. If you have any doubts about unfamiliar operations, please contact imToken through support@token.im.
imToken Official Contacts
- Website: https://token.im
- Weibo: https://weibo.com/imToken
- Twitter: https://twitter.com/imTokenOfficial
- Discord: https://discord.com/invite/imToken