In the world of Web3, filled with opportunities and traps, I personally experienced a scam of "saving someone only to be scammed myself." Through phishing for recovery phrases and setting traps with multi-signature wallets, the scammers used small miner fees as bait to harvest unsuspecting users.
Looking at this picture, I received an email because I made some educational videos about Web3, and I would receive some user comments. If I didn't have time to check, they would send me an email reminder. The content was: Thank you for your explanation! I need some advice: I have a certain wallet with some USDT in it, and I have the recovery phrase. How should I proceed to transfer them to Binance?
Let me explain a bit. USDT is a type of stablecoin in Web3, and it can be exchanged one-to-one for US dollars. The recovery phrase is the mnemonic phrase for a Web3 wallet; whoever has it essentially has your bank account number and password and can immediately transfer all your money away. Therefore, the first thing every newcomer to Web3 is told is not to share their wallet mnemonic phrase and private key with anyone.
I quickly replied to him: Hurry up and delete it; if others see it, your money will be gone.
After a while, no one replied, so I thought I would log into his account first; if there was money, I could transfer it out to help him save it. I started the operation.
I downloaded the wallet, logged in with the recovery phrase, entered the 12 mnemonic words, confirmed, and found over 1000 US dollars—not a small amount.
I thought I would transfer it to an exchange first, which would make it easier to send it to him later. I clicked send, entered my address, and selected the maximum amount. It reminded me that this transaction required at least 10 TRX to pay for the miner fee.
TRX is Ripple's coin; one TRX is 0.16 US dollars, so 10 is 1.6 US dollars, which is okay. Worried about future complications, I transferred over 20 TRX, and with the transfer fee, it cost about 5 US dollars.
Let me explain the concept of miner fees. Financial activities in Web3 occur on-chain, and each main chain has a main chain coin. For example, Bitcoin, Ethereum, and TRX are main chains, and any activity that occurs on a specific chain requires payment in that chain's main chain coin, which we also call Gas fees.
After transferring the Gas fees, I started to withdraw the over 1000 US dollars, but another prompt appeared: this account is a multi-signature account and is waiting for approval from other accounts... I knew I had been scammed.
In the Web3 world, a multi-signature wallet (Multisig Wallet) is a very secure type of wallet. Simply put, a multi-signature wallet is like a "joint safe" that requires multiple "keys" to open. These "keys" can be authorizations from different people, such as project team members, company directors, or even family members. Funds can only be transferred or used when a pre-set number of holders jointly approve it.
After understanding this, I wanted to see if anyone else had been scammed. I found the transaction records because actions that occur on-chain can be found and are immutable, and I was shocked once again.
52 transactions in one day; my brain couldn't keep up, so I used a calculator to add it up: 1595.8 TRX, total price 1868.68 yuan.
After the incident, I sent the message the scammer left me to my partner and asked him how to handle it. He is one of the earliest people in China to engage with blockchain and an Ethereum evangelist who founded a blockchain company in 2017, which reached a peak market value of nearly 10 billion yuan. His reply was also to log in and help him withdraw it and then transfer it to him.
Web3, a vast ocean of stars, is fraught with thorns. Everyone, take care and DYOR.
Welcome to join the community
Welcome to the community WeChat: BQ221858
Welcome to follow Weibo: @QuarkMing202
Welcome to follow Twitter: @xian202766693