Security PSA: Mining Pool Scams Targeting Self-Custody Wallets

By Coinbase Security Team

Source: Scam Site

• Clicking the ‘Receive’ button displays a pop up similar to this

Source: Scam Site

• Clicking this ‘Receive’ button will then display a fake pop-up designed to impersonate the Coinbase Wallet interface. The permissions that are displayed are not the true permissions that are actually being requested and are intentionally displayed in a way to attempt to trick users into clicking ‘Connect’

Source: Scam Site

• Viewing the smart contract via a trusted token approval checker shows the true permissions being requested. The scammer gains delegated transaction approval status with an unlimited transaction allowance within the victim wallet, meaning the scammer can approve USDT sends of any amount on behalf of this wallet.

Source: etherscan.io

• Attackers will remove USDT from the victim’s wallet and the scam site will show that their balance is increasing. Scammers will frequently reassure victims that if they add more funds, they will get more USDT in returns by mining.
• At the end of the period, the funds are not returned to the victim and no profits will be received.
• If the victim contacts customer support via the fraudulent website, the attacker may indicate they detected irregular activity on the account and that in order to fix that issue, the victim would need to pay additional USDT to ‘release’ the funds. However, no funds are ever returned regardless of whether or not the victim makes payment.

The following security steps can be taken to defend your assets:

• Be wary of investments that claim a guaranteed return
• Be wary of investment advice and opportunities from unknown or untrusted sources
• Do not visit or connect self-custody wallets to any unknown site
• Do not hold high value assets in the same wallet used to regularly interact with dapps. Use cold storage or custodial solutions such as the freely available Coinbase Vault.
• Use a token approval checker to validate actual permissioning on self-custody wallets and revoke approvals that you did not knowingly authorize.

Coinbase is working with industry partners to take down these sites and developing ways to warn users when visiting known scam sites in order to help limit the damage caused by this type of scam.

Security PSA: Mining Pool Scams Targeting Self-Custody Wallets was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.