Like anyone with open Twitter DMs, my message requests box is a dumpster fire. Unsolicited messages pile up like pizza leaflets.
They’re an eclectic mix of PR outreach, spam, crypto promotions, and occasionally, religious proselytization.
But this morning, I received a message that genuinely piqued my interest. A stranger named Eddie sent what appeared to be his crypto private key and a request to transfer the contents to his wallet.
Money for nothing
The wallet purportedly contained 9860 Tether (USDT) tokens. Tether is a stablecoin. Each crypto token is equivalent to a dollar. For my effort, Eddie would allow me to keep 300 USDT tokens, or $300.
I wasn’t born yesterday. This was obviously a scam. But it was a scam I hadn’t seen before. Twitter is rife with crypto grifters, but most are fairly mundane.
The most common tactic sees hacked verified accounts pretend to be well-known crypto-maximalists like Elon Musk. These accounts promise to double people’s money, provided they send a certain amount of crypto to another address.
And there are pump-and-dump schemes. Bad actors will build a following of fellow crypto enthusiasts and aggressively promote a particular token, ICO, or dApp product.
As interest spikes, so too do prices. When the token reaches a particular level, the promoters will cash out, leaving their gullible victims to shoulder a massive loss.
Those two scams are as endemic as they are boring. But the message I received earlier this morning? I hadn’t seen that before. It piqued my interest.
Keys to the kingdom
Okay, so here’s the thing: Private keys should be kept… well… private.
They’re analogous to the PIN code on your debit card. If someone else knows it, there’s little to prevent them from draining your account.
Many crypto scams try and steal their victims’ private keys. This scam seemingly did the exact opposite. That’s what made it so intriguing.
Fortunately, I’m not the first person to be targeted. While this scam isn’t as common as the notorious Elon Musk Twitter grift, it’s happened to enough people to be reasonably well-documented.
Step on the gas
Before I dissect this scam, I need to explain some Crypto 101 to you.
Cryptocurrencies are decentralized. Transactions are processed, verified, and recorded by other computers within the network. This requires dedicated computational power, electricity, and storage space.
To incentivize people to run these nodes, many cryptocurrencies charge transaction fees (or ‘gas fees’ in the Ethereum world). These fees reward node operators.
With me so far? Good. Let’s go back to the scam.
If a victim recreates the wallet, they’ll see that every token promised in the original message is there. But they’ll also see that the wallet lacks the funds necessary to make the payment.
So, the victim transfers the gas fees. These are usually a fraction of the promised cut. They’ll still make a profit.
But here’s the trick: the wallet is connected to a smart contract. These sound complicated. They aren’t.
Put simply, smart contracts are computer programs that perform specific actions when a condition is met. In this case, the smart contract will automatically transfer out any gas fees that hit the wallet.
This happens in a matter of seconds. Smart victims will realize they’ve been duped. Silly victims will re-send the gas money again and again, thinking that something went wrong and they need to try again until it eventually works.
Each time, the scammer siphons off the gas fees from the crypto transaction.
If it sounds too good to be true…
I sound like your dad here. And no, I don’t care. If something sounds too good to be true, it almost certainly is.
Nobody will offer a random stranger free money for something as perfunctory as recovering their wallet. People don’t entrust strangers with the contents of their crypto wallets. Especially when they contain the web3 equivalent of thousands of dollars.
Scams are particularly horrible because they exploit the weaknesses that make society necessary. The (usually positive) attributes like trust, friendliness, and a willingness to make others.
And they’re almost always more effective during times of genuine economic strife. Desperate people are often more willing to take risks.
It’s why sales of lottery tickets spike during recessions. It’s also why multi-level marketing companies (which are, at best, thinly-veiled pyramid schemes) found it easier to recruit during the turmoil of the COVID-19 pandemic.
We have two weapons against scammers: skepticism and awareness. One is developed, the other is learned. As such, I’d encourage you to share this post with anyone you think might fall victim to this type of private key scam.
Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.