The world of cryptocurrencies knows many ways of fraud. Sometimes the deception involves defrauding victims of private keys. But there is also a reverse scheme where attackers provide private keys to the victim.

Honeypot

A famous expression says: “Free cheese only comes in a mousetrap.” In the cryptocurrency market, in most cases, such folk wisdom does not deceive. In the field of cybersecurity, there is a term “Honeypot”. In a broad sense, it means a decoy that is placed to deceive a victim or identify an attacker. In some cases, the positions of the victim and the fraudster are completely intertwined.

We are talking, in particular, about a cunning method of fraud, when an attacker tells the victim the private key to his wallet for some innocent purpose. For example, he asks for help figuring it out, withdrawing money, or even just accepting it for free (there are
interesting examplewhen a scammer writes on behalf of a Chinese user who, after the ban on cryptocurrencies in the country, is ready to simply give them away to the first lucky person he comes across).

Probably everyone who has ever encountered a crypto wallet knows: under no circumstances should you give your private key to anyone. The recipient of the message, having received someone else’s key, is preparing to teach a lesson to the person who so maliciously neglects the main rule of security, and wants to transfer his money to himself. The result is a situation where both parties are simultaneously criminals and see each other as a victim. It’s not hard to guess who will outwit whom.

Let’s look at the mechanics of the process in detail.

Step one: message with access key

The victim receives a message approximately as follows:

“Good afternoon! I received $8,000 in cryptocurrency and don’t know how to convert it into regular money. Can you help me? I’m willing to pay $100 for help. Here is my wallet address: (the address of a real wallet where there really is some kind of cryptocurrency), here is my seed phrase (IMPORTANT: 1. Next 2. Valid 3. Should 4. Seed 5. Phrase 6. Which 7. Opens 8. Access 9. To 10. Wallet 11. With 12. Cryptocurrency!). Thank you in advance!”

The attacker in this case relies on the greed of the recipient. And if the calculation turns out to be correct,
the victim gains access to a crypto wallet where some funds are actually stored.

Step two: commission question

But there is a nuance: the tokens on the wallet are not the native coin of the blockchain. This means that they can be set in motion only with the help of a commission already in the native coin (for example, ETH in Ethereum, or BNB in ​​Binance Smart Chain), which (what a coincidence!) is not on the wallet. Accordingly, the victim, in order to pay the transaction fee and transfer the crypt to himself, needs to add some native coins to his wallet. As a rule, we are talking about an amount equivalent to several dollars, so the victim, anticipating a much larger profit ($8,000 in our example), transfers the commission amount. And… the amount disappears.

Step three: sweeper script

Actually, the deception was accomplished. The funds that the fraudster left on the wallet as bait remained intact (very often they cannot be withdrawn). Tokens that were sent to pay the commission are automatically transferred to the third wallet using the sweeper script (translated from English as “cleaner” or “sweeper”). The script, or bot as it is otherwise known, monitors transactions broadcast to the network, as well as the mempool or transaction pool where pending transactions are temporarily stored. Once the script identifies an incoming or outgoing transaction from the target wallet, it creates a new transaction before the original one is completed. Intercepted funds
transferred to walletwritten in the script by its owner.

The essence of the scheme

If you look at the address of such wallets in the block explorer, then most likely there will be transactions related to the receipt of commissions from victims and the lightning-fast transfer of these funds to a third-party wallet – this is the work of sweeper scripts. It’s clear that you can’t earn much on a commission of a couple of dollars from one victim, but this is where economies of scale come into play. If the sending of the message was at least somewhat large-scale and successful, then the attacker can already acquire tangible passive income from many attempts to get to the funds in his wallet.

How to avoid falling for such a scheme

Quite simply: as with everything in the cryptocurrency world, reasonable caution should be exercised. You can avoid such fraud at different stages:

  1. Ignore the message. It is quite safe to assume that no one in their right mind would share the keys to their wallets. If you look at the message in isolation from the dubious benefits, it will immediately become clear: it is too suspicious to be true.

  2. Use the block explorer. Even a quick analysis of transaction history will put everything in its place. You will clearly see how others are led into the scheme and, of course, you will not participate in this. Moreover, some block explorers specifically
    can mark addressesinvolved in fraudulent schemes, so you may not even need to delve into your transaction history.

  3. Do not transfer commission. The alarm should flash the moment you are required to part with your coins, even if it is a small amount. After all, the prospect of increasing the scammers’ wealth may well sober up a possible victim.