Event Highlights: GoPlus "Web3 Ghost Stories" Episode 2 Space

Author: GoPlus

This is the most bizarre and ridiculous experience I've had entering Web3. "Brother, you are not sincere at all!" "How could I deceive you?" These phrases led me to fall into a meticulously crafted scam involving a highly educated, beautiful woman with exceptional intelligence and emotional intelligence…

------Web3 wallet theft victim James

Rita's Adventure

More than half a month ago, Rita was looking for a job in Web3 and saw a recruitment post from a "beautiful boss" named Cao Brown Doris looking for an assistant. This assistant position had no salary but promised a lot of trading knowledge. Rita noticed that many real KOLs were following Cao Brown and was very tempted. With a learning mindset, she proactively chatted with the "beautiful boss" and learned that during her graduate studies at Wharton, a professor suggested she learn about Bitcoin. She then established the early BitcoinMarket trading platform with her classmates, but the platform was hacked, resulting in the theft of over 20,000 Bitcoins, leading to its closure. Then, the "beautiful boss" began asking Rita how long she had been in Web3, what her main job was, and her interests. To Rita's surprise, this "beautiful boss" shared her passion for yoga and Pilates…

Slowly, Rita was captivated by the "beautiful boss's" high looks, emotional intelligence, and financial acumen. After realizing she could handle the job responsibilities, she signed up for the assistant position. The next day, the "beautiful boss" started to lure Rita into converting the exchange funds into ETH, claiming their institution analyzed that ETH could rise to $8,000 this August. Step by step, she suggested Rita withdraw funds to her wallet, repeatedly urging her to act, which made Rita suspicious. She refused to withdraw, citing that she would transfer the funds to a friend for safekeeping, and from then on, the "beautiful boss" stopped responding.

James's Scam Experience

Like Rita, James was blinded by the "beautiful boss" persona crafted on Twitter and privately applied for the assistant position. After successfully applying, the "beautiful boss" kept painting a bright future for James:

"I'll give you some funds to learn for the first two weeks, and after two weeks, I'll give you 100,000 USDT. After making money smoothly for two months, I'll give you 2 million USDT to manage officially."

"Let me show you my smallest wallet with 16 ETH; I can transfer it to you to play with."

"My last assistant earned 144 ETH after learning from me and then went to Vietnam. I can manage it myself, but I'm too busy…"

What truly made James lower his guard was not the temptation but the "sincerity" of the "beautiful boss." They chatted about Wang Yangming, shared interests, and her life in Singapore, discussing where she planned to travel and settle… They talked all night long.

After fully trusting her, the "beautiful boss" began guiding him to withdraw his funds to a wallet, even asking James to screenshot his wallet's private key under the pretext of teaching him how to issue tokens. When he hesitated slightly, the "beautiful boss" began the classic PUA scam tactics:

"You are not sincere at all, you lack integrity, and you're wasting everyone's time."

"I have several other applicants for the assistant position who are eager to come, but I'm really trying to help you."

"Do you not trust me, brother?!"

Thus, James completely fell for it. When the "beautiful boss" suggested he transfer more funds to facilitate block production and warned him that failing to transfer would cause his hardware wallet's PIN to expire and lead to damage, he hesitated not at all and transferred his last ETH and BNB. Within a minute, all the funds in his wallet were emptied, and from then on, the "beautiful boss" stopped responding, continuing to scam on her carefully packaged Twitter account.

Interesting Dialogue Sharing

Bytehunter founder Martin: When interacting on the blockchain, it's essential to learn some basic blockchain knowledge. Accelerating block production can only be done by increasing Gas on new or still-packaged transactions; initiating a new transfer will not speed up old transactions. Even more absurd is that the PIN is merely a payment verification password for the wallet and cannot cause damage to the hardware wallet due to PIN expiration; the wallet's private key is equivalent to your bank card and password, representing your money. Once sent or leaked to others, they gain complete control over all funds in the wallet corresponding to that private key, which is extremely dangerous—do not do it!

GoPlus Chinese Community: By tracking multiple on-chain transaction records, it seems that James is not the only victim; we also discovered that the scam address transferred funds to a Wallet Drainer address.

GoPlus Fang Tou Zai: Yes, the funds transferred to the Wallet Drainer are likely the service fee for purchasing scam toolkits. Nowadays, Web3 scams are no longer individual efforts; they have formed a complete and mature industrial chain, with various attack methods and smooth SOP coordination across upstream, midstream, and downstream. Upstream scammers are responsible for producing Trojan horses, phishing contracts, and scam toolkits that target Twitter, email, Telegram, and evade different security rules; midstream consists of those who purchase scam toolkits and implement scams, quickly using them to create phishing websites for trending projects or airdrops; downstream focuses on gathering traffic and channel distribution, such as replying to phishing websites on Twitter or Telegram or pushing ads for fake projects and airdrops.

Scam attacks generally emphasize the return on investment. From these time-consuming, targeted scam tactics, it's evident that attackers benefit greatly, while the corresponding victims are extremely vulnerable. We know that North Korea has official attack teams, and globally there are 5 to 6 leading Wallet Drainers, earning tens of millions of dollars annually from scam toolkit revenues. This is just a small portion of the profits from successful attacks, highlighting the vast number of attackers and victims involved and the enormous financial losses. This is terrifying and presents an urgent need for Web3 security projects like GoPlus to conduct more security research, prevention, interception, and theft prosecution aimed at user safety scenarios, providing comprehensive protection for user assets.

GoPlus Chinese Community: Yes, the mature industrial assembly line of the Wallet Drainer scam gang, with refined division of labor, allows them to design targeted phishing scams one-on-one. For example, this "beautiful boss" used different accounts, posing as a loli, a mature woman, and various identities from quantitative institutions and MEME project parties, appealing to diverse demographics.

Bytehunter founder Martin: While helping James track the stolen assets, we discovered that the scammers transferred the money to a centralized exchange. We immediately contacted this exchange to freeze the funds, but all centralized exchanges require police case documentation to freeze the money. So if your on-chain assets are stolen, how should you rescue yourself?

The first step is crucial: prevent secondary theft by immediately transferring all remaining assets to a secure wallet.

The second step is to contact security agencies like GoPlus to trace the flow of stolen funds and blacklist the attacker's address.

The third step is to report to the police and strive for a case filing.

The fourth step is to organize the theft process and gather all evidence chains, such as off-chain evidence: attacker's Twitter, chat, or video records, and on-chain evidence: transaction hashes of the theft.

Finally, contact the exchange to freeze and recover the funds.

Follow-up

The scammer, who used a stolen photo of a beautiful woman on Xiaohongshu and disguised herself as "Cao Brown Doris," tweeted in response after Rita exposed the entire scam, using a secondary account to interact and flood the comments, then immediately launched an "Ekingdog" MEME coin airdrop and private placement.

A meticulously planned chain scam, rolling forward…

Column Introduction:

GoPlus "Web3 Ghost Stories" is a chat column that shares a "ghost story" of Web3 asset theft in each episode, unraveling the details of the story to give listeners a deeper understanding of the monsters and ghosts in the Web3 world, thus dispelling the myths and enabling them to successfully avoid similar risks when encountering such stories.

Space Theme: Web3 Job Hunting Adventure! Happily applying for the "Web3 Boss" assistant position, only to be left crying after being scammed out of my wallet.

Host:

GoPlus Chinese Community: Representing Web3 "newbies" to ask questions.

Speaker:

Rita: Ghost story sharer, Web3 job seeker

James: Ghost story sharer

Martin: Bytehunter Founder

GoPlus Fang Tou Zai