Background

In the last edition of our Web3 Security Beginner’s Guide, we discussed typical airdrop scams and the risks users might encounter when claiming airdrops. Recently, the SlowMist AML team observed a notable rise in users falling victim to fake mining pool scams while reviewing MistTrack theft reports from victims. Therefore, in this edition, we will explore several prevalent fake mining pool scams and offer security tips to help users avoid these traps.

The Bait and Switch

Fake mining pool scams are especially targeted at new Web3 users. Scammers exploit newcomers’ limited knowledge of the crypto market and their eagerness for high returns to trick them into investing money. These scams often operate on the premise that “funds must remain in the pool for a while to yield returns,” making it hard for users to realize they’ve been duped quickly. Under scammers’ influence, users may keep investing more money in hopes of higher returns. When users can no longer contribute funds, scammers may threaten that they won’t be able to reclaim their initial investment, causing users to incur continuous losses under pressure.

Victims report that scammers pose as reputable exchanges on Telegram to create fraudulent groups. These scam groups can have thousands or even tens of thousands of members, which can easily lull people into a false sense of security. Many users, when searching for official accounts on Telegram, use the number of group members as a criterion to judge an account’s legitimacy. While it’s true that official groups tend to have more members, this logic doesn’t always apply in reverse. It’s hard to believe that scammers would set up a group with tens of thousands of members just to scam a few individuals, and even the “chatter” inside is part of the bait. Notably, in a group with over fifty thousand members, if fewer than a hundred are online, users might sense something is off by comparing this with other similarly sized groups.

For beginners, scammers go the extra mile by providing detailed instructions on how to check the mining pool’s staking status, download a wallet, and transfer funds to the scammer’s contract address. By creating the illusion of profitable liquidity mining, scammers entice users to invest. After transferring money to the contract address, users receive a rebate, which encourages them to invest even more, thinking they’ll earn greater returns. This is exactly what the scammers want, and eventually, all the funds the users invest are stolen by the scammers.

What’s even worse is that some scammers return counterfeit tokens as rebates. Unsuspecting new users believe they’ve received a genuine rebate, only to find out when they try to trade these tokens that they are fake and worthless.

Another scam involves tricking users into granting malicious permissions, which allows scammers to steal their funds. Pretending to be officials, scammers announce a “supernode mining event” and invite users to join. By clicking on a phishing link in the provided instructions, users are misled into authorizing malicious transactions, leading to their funds being stolen.

In yet another scheme, scammers first lure users to a fraudulent platform and manipulate the data to create a false sense of “profit.” These profits are only visible on the platform and don’t reflect any real asset increase. At this point, users are already fooled by the scammers’ supposed investment prowess. The scammers then invite users to join mining pool activities, requiring them to deposit 5% or 8% of their total assets in USDT daily to keep the mining pool active. Under the pressure of “if you don’t keep depositing, you can’t get your principal back,” users continue to deposit into accounts controlled by the scammers. By now, it’s clear that this setup means users must deposit more USDT each day than the day before.

In reviewing these fake mining pool scams, it’s evident that while the scams don’t involve advanced technology, their novel strategies and seemingly legitimate processes are very misleading for new Web3 users, making it easy for inexperienced users to fall into these traps.

Summary

In this edition, we’ve analyzed several common types of fake mining pool scams with the hope of helping users stay alert and avoid falling victim to similar schemes. We also offer some security tips to help users strengthen their defenses:

• Be Wary of Unrealistic Returns: If an investment opportunity promises returns that seem too good to be true, it often is a scam.
• Avoid Unnecessary Authorizations: Refrain from clicking on unknown links and granting permissions indiscriminately.
• Maintain a Skeptical Attitude: Carefully verify the authenticity of groups and do not judge their credibility solely based on the number of members. Always be skeptical of any operations involving fund transfers and double-check the legitimacy of activities from multiple sources.

Disclaimer：

1. This article is reprinted from [慢雾科技]，All copyrights belong to the original author [慢雾安全团队]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. The Gate Learn team translated the article into other languages. Copying, distributing, or plagiarizing the translated articles is prohibited unless mentioned.