The SlowMist security team has uncovered a novel cryptocurrency scam that exploits altered Ethereum nodes’ remote procedure call (RPC) function. This type of fraud commonly targets physical offline transactions, employing Tether USDTUSD as the preferred payment method.
According to SlowMist findings, the scam starts with convincing the victim to download the legitimate imToken wallet and gain trust by transferring a small amount of 1 USDT and Ether 
ETHUSD as bait.
Subsequently, the scammer directs the victim to change their ETH RPC URL to a node controlled by the scammer (https://rpc.tenderly.co/fork/34ce4192-e929-4e48-a02b-d96180f9f748).
The scammer modifies the node using Tenderly’s fork feature, which falsifies the user’s USDT balance to make it appear that the scammer has deposited funds into the user’s wallet. When users view the balance, they mistakenly believe the funds are legitimate.
However, upon attempting to transfer out the miner’s fees to cash out the USDT, they realize they have been deceived. By this point, the scammer has disappeared without a trace.
In addition to modifying displayed balances, the fork feature can alter contract information, presenting an even more significant threat to users.
SlowMist Technology’s report stated that this type of scam exploits users’ trust and negligence, resulting in asset losses. The SlowMist security team reminds users to remain vigilant when trading and avoid using untrusted RPC nodes.
A remote procedure call lets a program run code on one computer on a remote server, mimicking local execution. In blockchain like Ethereum, RPC interacts with nodes, querying balances, sending transactions, or interacting with smart contracts.
Credit: Source link
