Cryptocurrency Mining Rig Purchase Scam wowzas97: Difference between revisions
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/cryptocurrencyminingrigpurchasescamwowzas97.php}} {{Unattributed Sources}} thumb|Blockchain.infoReddit user wowzas97 reports that when they went to sell their mining rig, they were tricked into installing a fake bitcoin wallet application on their smartphone. Once that was installed, they received a fake payment from the purchasers. The purchasers made off with the mini...") |
(Another 30 minutes complete. All sources merged in. Prevention added. Information relocated around.) |
||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}[[File:Blockchaininfo.jpg|thumb|Blockchain.info Homepage]]Reddit user wowzas97 reports that when they went to sell their mining rig, they were tricked into installing a fake bitcoin wallet application on their smartphone. Once that was installed, they received a fake payment from the purchasers. The purchasers made off with the mining rig, and they realized after they left that the funds had never been transferred. | ||
== About Wowza97 == | |||
Wowza97 was a Reddit user. | |||
== About Blockchain.info == | |||
Blockchain.info is an online web wallet. TBD | |||
== The Reality == | |||
Many wallets will display a pending transaction, and some will even update the wallet balance before the transaction has been confirmed on the blockchain. Miners will confirm the highest transaction in a block. | |||
It's absolutely critical when accepting a payment to ensure that the transaction has been confirmed on the blockchain. For high value transactions, it is likely valuable to ensure that there have been multiple block confirmations. | |||
== What Happened == | |||
Wowzas97 reported on some buyers of their mining rig. He believed he had been paid for his mining rig, however after the rig had been given to the purchaser, he discovered that there was no balance in his wallet. | |||
{| class="wikitable" | |||
|+Key Event Timeline - Cryptocurrency Mining Rig Purchase Scam wowzas97 | |||
!Date | |||
!Event | |||
!Description | |||
|- | |||
|December 27th, 2021 1:27:34 PM MST | |||
|Reddit Post | |||
|Wowzas97 posted about their situation on Reddit<ref name="redditold-11202" />. | |||
|} | |||
== Technical Details == | |||
=== Finding Of Bitcoin Miners === | |||
=== Selection Of Wallet Target === | |||
One fairly important detail to observe in this case is that the criminals requested to try 3 different wallets. This was key, because there's a reasonable chance that many wallets might not report a transaction until it's actually confirmed. They specifically mention choosing "blockchain app" because it "had the fastest delivery time". There is no difference in the blockchain protocol, and so this simply means that the "blockchain app" was displaying transactions prematurely.<blockquote>"Yes, he sent £1 to 3 different wallets, one after each other and blockchain app had the fastest delivery time so we decided on using this specific wallet."</blockquote> | |||
=== Blockchain.info Balance Updated === | |||
Wowzas97 reports on the only thing they checked being their balance on the mobile Blockchain application, which had increased to show $5k worth of bitcoin at the time. This likely happened because there was a pending transaction in the mempool of the bitcoin blockchain. This transaction likely had a low fee to prevent it from being included in a block on the bitcoin blockchain.<blockquote>"Yes, the wallet is on the website you stated blockchain.com, however they also have an app simply called Blockchain which I primarily used. I did have this wallet before I met these people however I had never used it." | |||
" | "From my end, I saw my wallet go from 0 to 5k. With hindsight I of course should've checked the log, but I wasn't looking for any indication I had been scammed." | ||
"Yes | "I used a wallet on the app Blockchain. Yes I physically saw the money on my phone. I understand you can not "undo" a bitcoin transaction which is why when they suggested it in the beginning I felt completely comfortable with it." | ||
"Just to clarify: my wallet was at 0, then I asked for payment. My wallet then went up to the 5k." | |||
The | "When someone sends money via bitcoin it's recorded publicly on a ledger. The fact it wasn't on the blockchain shows that they never sent the money at all."</blockquote> | ||
=== Cancelling The Pending Transaction === | |||
At this point, the criminals need only submit a new transaction to the blockchain with a higher fee, sending their funds to a wallet they control. As the original transaction has not yet been included in a block, there are still funds in the original criminal address. Miners will prefer to mine the transaction with the higher fee, and so the funds will be sent to a wallet they control. | |||
=== Overlay Theory Debunked === | |||
An alternative theory was that there was an "overlay" on the victim's phone, which displayed a fake balance. Such a feat would be tremendously technically challenging. It's not clear how the criminals could accomplish this. | |||
* Physically placing something over the phone would require physical access to the phone and advanced knowledge of what wallet the victim would choose to use, and an assumption that they would use a new wallet which didn't yet have any balance. | |||
* | * Interfering with the connection between the phone and the screen would require taking apart the device. There is nothing to suggest they had prior access to the phone to perform modifications. | ||
* | * Some form of malware could theoretically run on the phone to display false information, but that would have had to be installed prior to the exploit. There is nothing to suggest the criminals had prior access to the phone to install malware, nor that the victim installed any new software on their phone. | ||
<blockquote>"I have never seen this sort of scam and I still do not know specifically how they did it but I have some educated guesses." | |||
"Perhaps cloning or an overlay was used on my phone." | |||
"I am 100% sure the BTC never made it to my wallet. Which is why an overlay may have been on my phone to give the illusion of it being there. | |||
I was using a Samsung phone."</blockquote> | |||
== Total Amount Lost == | == Total Amount Lost == | ||
| Line 79: | Line 70: | ||
== Immediate Reactions == | == Immediate Reactions == | ||
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | ||
=== Post On Reddit About Situation === | |||
Wowza97 posted about their experience on Reddit<ref name="redditold-11202" />.<blockquote>"I had recently finished building my cryptocurrency mining rig and had it run 24/7 to generate income. However I am a university student and to fund my masters in my country you get very little help from the government. I had made the decision to sell it on various sites for £5000. This was neither a good nor bad price; it was very middle of the road. I'm sure you are curious of specific specifications but I do not want to give out any identifying information." | |||
"A man contacted me asking to the general profiling questions and asked to pick it up from my house. I was happy to as it was quite big to post and the insurance was a nightmare. He claimed to have a long drive and arrived with a 2nd man which he said he was bringing. We had previously arranged for the transaction to be sent via bitcoin and I agreed. I showed him the goods that were prepacked and they were both happy. No alarm bells were ringing and even made small talk with myself and my mother at the time. I asked for payment and they had appeared to have paid as the money appeared in my wallet. 10 minutes after they left panic ensued as I had seen the money disappear. I later realised that the money was never in the account as the transaction had not appeared on any log. I hope to learn from this mistake as this had taken a long time to build and a lot of money put in which i can now no longer use to pay my tuition. | |||
I hope others can learn from this as well as myself to always vet people. Get their ID. Take pictures. Take as much identifying information as you can"</blockquote> | |||
=== Community Reactions === | |||
<ref name="redditold-11200" /><ref name="redditold-11201" /><blockquote>I am guessing they payed you in a [different coin] and you have some type of compromised wallet now .</blockquote><blockquote>How did you advertise the sale ? . Check if you can find any information on the profile .</blockquote> | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
| Line 91: | Line 92: | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== Individual Prevention Policies == | == Individual Prevention Policies == | ||
{{Prevention:Individuals: | Many wallets will display a pending transaction, and some will even update the wallet balance before the transaction has been confirmed on the blockchain. Miners will confirm the highest transaction in a block. | ||
It's absolutely critical when accepting a payment to ensure that the transaction has been confirmed on the blockchain. For high value transactions, it is likely valuable to ensure that there have been multiple block confirmations. | |||
{{Prevention:Individuals:Double Check Transactions}} | |||
{{Prevention:Individuals:End}} | {{Prevention:Individuals:End}} | ||
== Platform Prevention Policies == | == Platform Prevention Policies == | ||
{{Prevention:Platforms: | This scheme relies on a lack of knowledge in how the bitcoin blockchain (and other blockchains) work. | ||
{{Prevention:Platforms:Cryptocurrency Safety Quiz}} | |||
{{Prevention:Platforms:End}} | {{Prevention:Platforms:End}} | ||
== Regulatory Prevention Policies == | == Regulatory Prevention Policies == | ||
{{Prevention:Regulators: | This scheme relies on a lack of knowledge in how the bitcoin blockchain (and other blockchains) work. | ||
{{Prevention:Regulators:Cryptocurrency Education Mandate}} | |||
{{Prevention:Regulators:End}} | {{Prevention:Regulators:End}} | ||
== References == | == References == | ||
<references><ref name="redditold-11200">[https://old.reddit.com/r/Scams/comments/rpwhxe/scammed_out_of_my_cryptocurrency_mining_rig/hq82n76/ Tradegrow | <references> | ||
<ref name="redditold-11200">[https://old.reddit.com/r/Scams/comments/rpwhxe/scammed_out_of_my_cryptocurrency_mining_rig/hq82n76/ <nowiki>Tradegrow - "I am guessing they payed you in a [different coin] and you have some type of compromised wallet now ." - Reddit</nowiki>] (Oct 3, 2022)</ref> | |||
<ref name="redditold-11201">[https://old.reddit.com/r/Scams/comments/rpwhxe/scammed_out_of_my_cryptocurrency_mining_rig/hq82z8x/ Tradegrow | <ref name="redditold-11201">[https://old.reddit.com/r/Scams/comments/rpwhxe/scammed_out_of_my_cryptocurrency_mining_rig/hq82z8x/ Tradegrow - "How did you advertise the sale ? . Check if you can find any information on the profile ." Reddit] (Oct 3, 2022)</ref> | ||
<ref name="redditold-11202">[https://old.reddit.com/r/Scams/comments/rpwhxe/scammed_out_of_my_cryptocurrency_mining_rig/ Wowza97 - Scammed out of my cryptocurrency mining rig - Reddit] (Jun 2, 2023)</ref> | |||
<ref name="redditold-11202">[https://old.reddit.com/r/Scams/comments/rpwhxe/scammed_out_of_my_cryptocurrency_mining_rig/ Scammed out of my cryptocurrency mining rig | </references> | ||
Latest revision as of 13:04, 1 September 2023
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Reddit user wowzas97 reports that when they went to sell their mining rig, they were tricked into installing a fake bitcoin wallet application on their smartphone. Once that was installed, they received a fake payment from the purchasers. The purchasers made off with the mining rig, and they realized after they left that the funds had never been transferred.
About Wowza97
Wowza97 was a Reddit user.
About Blockchain.info
Blockchain.info is an online web wallet. TBD
The Reality
Many wallets will display a pending transaction, and some will even update the wallet balance before the transaction has been confirmed on the blockchain. Miners will confirm the highest transaction in a block.
It's absolutely critical when accepting a payment to ensure that the transaction has been confirmed on the blockchain. For high value transactions, it is likely valuable to ensure that there have been multiple block confirmations.
What Happened
Wowzas97 reported on some buyers of their mining rig. He believed he had been paid for his mining rig, however after the rig had been given to the purchaser, he discovered that there was no balance in his wallet.
| Date | Event | Description |
|---|---|---|
| December 27th, 2021 1:27:34 PM MST | Reddit Post | Wowzas97 posted about their situation on Reddit[1]. |
Technical Details
Finding Of Bitcoin Miners
Selection Of Wallet Target
One fairly important detail to observe in this case is that the criminals requested to try 3 different wallets. This was key, because there's a reasonable chance that many wallets might not report a transaction until it's actually confirmed. They specifically mention choosing "blockchain app" because it "had the fastest delivery time". There is no difference in the blockchain protocol, and so this simply means that the "blockchain app" was displaying transactions prematurely.
"Yes, he sent £1 to 3 different wallets, one after each other and blockchain app had the fastest delivery time so we decided on using this specific wallet."
Blockchain.info Balance Updated
Wowzas97 reports on the only thing they checked being their balance on the mobile Blockchain application, which had increased to show $5k worth of bitcoin at the time. This likely happened because there was a pending transaction in the mempool of the bitcoin blockchain. This transaction likely had a low fee to prevent it from being included in a block on the bitcoin blockchain.
"Yes, the wallet is on the website you stated blockchain.com, however they also have an app simply called Blockchain which I primarily used. I did have this wallet before I met these people however I had never used it."
"From my end, I saw my wallet go from 0 to 5k. With hindsight I of course should've checked the log, but I wasn't looking for any indication I had been scammed."
"I used a wallet on the app Blockchain. Yes I physically saw the money on my phone. I understand you can not "undo" a bitcoin transaction which is why when they suggested it in the beginning I felt completely comfortable with it."
"Just to clarify: my wallet was at 0, then I asked for payment. My wallet then went up to the 5k."
"When someone sends money via bitcoin it's recorded publicly on a ledger. The fact it wasn't on the blockchain shows that they never sent the money at all."
Cancelling The Pending Transaction
At this point, the criminals need only submit a new transaction to the blockchain with a higher fee, sending their funds to a wallet they control. As the original transaction has not yet been included in a block, there are still funds in the original criminal address. Miners will prefer to mine the transaction with the higher fee, and so the funds will be sent to a wallet they control.
Overlay Theory Debunked
An alternative theory was that there was an "overlay" on the victim's phone, which displayed a fake balance. Such a feat would be tremendously technically challenging. It's not clear how the criminals could accomplish this.
- Physically placing something over the phone would require physical access to the phone and advanced knowledge of what wallet the victim would choose to use, and an assumption that they would use a new wallet which didn't yet have any balance.
- Interfering with the connection between the phone and the screen would require taking apart the device. There is nothing to suggest they had prior access to the phone to perform modifications.
- Some form of malware could theoretically run on the phone to display false information, but that would have had to be installed prior to the exploit. There is nothing to suggest the criminals had prior access to the phone to install malware, nor that the victim installed any new software on their phone.
"I have never seen this sort of scam and I still do not know specifically how they did it but I have some educated guesses."
"Perhaps cloning or an overlay was used on my phone."
"I am 100% sure the BTC never made it to my wallet. Which is why an overlay may have been on my phone to give the illusion of it being there.
I was using a Samsung phone."
Total Amount Lost
The total amount lost has been estimated at $5,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Post On Reddit About Situation
Wowza97 posted about their experience on Reddit[1].
"I had recently finished building my cryptocurrency mining rig and had it run 24/7 to generate income. However I am a university student and to fund my masters in my country you get very little help from the government. I had made the decision to sell it on various sites for £5000. This was neither a good nor bad price; it was very middle of the road. I'm sure you are curious of specific specifications but I do not want to give out any identifying information."
"A man contacted me asking to the general profiling questions and asked to pick it up from my house. I was happy to as it was quite big to post and the insurance was a nightmare. He claimed to have a long drive and arrived with a 2nd man which he said he was bringing. We had previously arranged for the transaction to be sent via bitcoin and I agreed. I showed him the goods that were prepacked and they were both happy. No alarm bells were ringing and even made small talk with myself and my mother at the time. I asked for payment and they had appeared to have paid as the money appeared in my wallet. 10 minutes after they left panic ensued as I had seen the money disappear. I later realised that the money was never in the account as the transaction had not appeared on any log. I hope to learn from this mistake as this had taken a long time to build and a lot of money put in which i can now no longer use to pay my tuition.
I hope others can learn from this as well as myself to always vet people. Get their ID. Take pictures. Take as much identifying information as you can"
Community Reactions
I am guessing they payed you in a [different coin] and you have some type of compromised wallet now .
How did you advertise the sale ? . Check if you can find any information on the profile .
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
Many wallets will display a pending transaction, and some will even update the wallet balance before the transaction has been confirmed on the blockchain. Miners will confirm the highest transaction in a block.
It's absolutely critical when accepting a payment to ensure that the transaction has been confirmed on the blockchain. For high value transactions, it is likely valuable to ensure that there have been multiple block confirmations.
Every approval on Web3 is an opportunity to lose all of the funds present in your wallet. Take the time to review the transaction in full. Fully check over the balance, permissions, and entire address which you are interacting with. Do not trust that your clipboard or any website front-end is guaranteed to provide an accurate address or transaction status. Always perform a test transaction prior to the first high-value transaction in any session.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
This scheme relies on a lack of knowledge in how the bitcoin blockchain (and other blockchains) work.
Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
This scheme relies on a lack of knowledge in how the bitcoin blockchain (and other blockchains) work.
Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 Wowza97 - Scammed out of my cryptocurrency mining rig - Reddit (Jun 2, 2023)
- ↑ Tradegrow - "I am guessing they payed you in a [different coin] and you have some type of compromised wallet now ." - Reddit (Oct 3, 2022)
- ↑ Tradegrow - "How did you advertise the sale ? . Check if you can find any information on the profile ." Reddit (Oct 3, 2022)