Recently, some users have lost assets after using fake “energy rental” platforms. Scammers lure users with promises of extremely low prices and “fees covered by the platform,” then trick them into signing malicious token approval transactions on phishing websites, ultimately stealing USDT from their wallets.
Case Study
A user saw an advertisement in a community claiming:“Rent 64,000+ energy for just 0.5 TRX.”
He then visited a phishing website, buytrx.ch, which offered seemingly legitimate features such as “Instant Swap” and “Energy Rental.”After clicking “Rent Now,” his wallet prompted a signature request. Mistakenly believing it was a confirmation of a TRX payment, he approved the request without carefully reviewing the details.
Shortly afterward, over 70,000 USDT was transferred out of his wallet.Only then did he realize that what he signed was not a standard transfer transaction. The transaction history showed changes to token allowances and calls to malicious contracts.
How the Scam Works
1. Exploiting a Real User Need
On the Tron network, transactions consume on-chain resources (energy and bandwidth). Since burning TRX is costly and staking TRX locks up funds, users often turn to lower-cost energy rental services.Scammers exploit this demand by offering unrealistically low prices to lure users to phishing websites.
2. Disguised Rental Flow, Actual Malicious Token Approval
This is the core of the scam.Legitimate energy rental is essentially a standard transfer: you send TRX or USDT to a service provider, and they delegate energy to you. The process does not involve any token approval.
However, phishing websites mimic this flow and trick users into signing malicious token approval transactions.Once approved, you effectively grant the attacker’s contract permission to spend your USDT, allowing them to transfer your assets at any time.
3. Delayed Attacks to Avoid Detection
Some attackers do not steal funds immediately after obtaining approval. Instead, they monitor the wallet on-chain and wait until more USDT is deposited before executing malicious transfers.
This delayed strategy is highly deceptive and makes it easier for users to overlook the risk.
How to Safely Obtain Energy
Rent via the Transfer Page
On the USDT transfer page in imToken, use “Pay TRX to Rent Energy” to rent energy and complete your transaction in one step. This method is efficient and can save around 30% in transaction costs.
Purchase with USDT
Go to the Tron wallet homepage in imToken and open the “Buy TRX” DApp. You can use your USDT balance to purchase energy or TRX. The process can be completed with a single signature.
PSA:
1. Always Verify Before Signing: Before signing any transaction related to energy rental, carefully review the details. Make sure it is a standard “transfer to address” transaction.
If you see prompts such as token approval requests, unlimited allowance, or unknown contract addresses, stop immediately.
2. Regularly Revoke Token Approvals:Make it a habit to regularly review your wallet’s authorization records. If you find any unknown approvals, revoke them promptly.
- Tools: In imToken, go to the Tron wallet homepage, swipe left, and tap “Revoke” to manage token approvals. Or search for Revoke.cash in the “Browser” page to manage approvals on Ethereum, EVM, and Layer 2 networks.
- For step-by-step instructions, refer to: My USDT was sent out from my wallet without my consent. How did that happen?
imToken Is Always Protecting Your Token Security
In February, imToken marked a total of 75,067 risky tokens, banned 437 risky DApp websites and flagged 441 risky addresses.
If you encounter any suspicious tokens or DApps, please report them to us at support@token.im to help protect other users.
Closing Thoughts
Scams are constantly evolving, and it can be difficult for everyday users to stay fully protected. imToken is committed to detecting threats quickly, developing solutions, and keeping the community informed through timely alerts and education—so we can reduce losses and improve overall crypto safety.
We invite you to read and share the imToken Wallet Security Monthly Report, and work with imToken to keep every token safe.