4

Can someone explain what might be going on with this wallet for example: https://etherscan.io/address/0x4dcCCF58C6573eB896250b0c9647A40C1673AF44

Look at the last 6 transactions. It's actually 3 coupled transactions where in each couple, the 1st the wallet receives some ether amount, and then in the 2nd it spends the entire amount on fees(???) for a self transaction.

What is that self transaction? and what could explain this behaviour? why spend all that ether on fees?

eth
  • 85,679
  • 53
  • 285
  • 406
shaharsol
  • 561
  • 1
  • 5
  • 15

1 Answers1

1

This was likely a scam (last operated on May-22-2020 06:23:40 PM +UTC).

The idea is to hold a certain amount of tokens in the account, but no ether.

Then, the scammer would "innocently" publish the private key of that account, attempting to lure other users into withdrawing those tokens.

But you cannot do that without any ether in the account, so you first transfer a small amount of ether to it, and then try to withdraw those tokens from it.

Alas, your token-transfer attempt reverts, and while you're busy trying to figure out why, the scammer withdraws the ether that you have transferred.

Q1: what guarantees that your token-transfer attempt will always revert?

Well, a simple require(msg.sender == scammerAccount) statement in the token contract's transfer function guarantees that only the scammer can withdraw those tokens.

Q2: why would such token would ever show up on Etherscan as a valuable asset?

Well, the same question can be asked on a ton of other non-malicious tokens.

goodvibration
  • 26,003
  • 5
  • 46
  • 86
  • Check this (now deleted) answer for a similar scam attempt. – goodvibration Dec 20 '20 at 11:24
  • Wow, great answer and possibility. however, you say it is likely what happened. Isn't there a way to verify it? like what you suggest implies that there is a smart contract somewhere that "listens" on eth transfer into this wallet? isn't there a way to trace such a contract? – shaharsol Dec 20 '20 at 11:38
  • I also don't understand what the scammer wallet owner gets from it. It seems that all the eth transferred to the wallet is then wasted on that self transaction fee. Or is there something I don't understand? – shaharsol Dec 20 '20 at 11:38
  • @goodvibration This kind of scam can also exist without the use of a malicious token contract. For exemple, take a look at : etherscan.io/address/0x001d3f1ef827552ae1114027bd3ecf1f086ba0f9. Every time ethers are sent to the account, an attacker withdraws its using very high fees (>90% of the ETH value) to ensure his transaction gets mined first. – clement Dec 20 '20 at 11:55
  • @clement your example is a little different as there are in transactions and out transactions but not self ones. though it may serve the same malicious principal - i wonder how can we tell? – shaharsol Dec 20 '20 at 12:16
  • 1
    @shaharsol: there is a smart contract somewhere that "listens" on eth transfer into this wallet - not a smart-contract, but an off-chain server (a bot, if you will). – goodvibration Dec 20 '20 at 12:26
  • @shaharsol: I also don't understand what the scammer wallet owner gets from it - you're mixing two accounts here - one account is the one that you posted, whose private key is presumably posted publicly, while the other account (named scammerAccount in my answer above) has a private key known only to the scammer. – goodvibration Dec 20 '20 at 12:28
  • @goodvibration let's take that last transaction from the wallet page on etherscan that I originally posted. The tx value is 0 and the entire amount that was sent to the wallet in the previous tx is now spent on eth. Other then the miners themselves, I don't see anybody else who makes a profit.
    https://etherscan.io/tx/0x6ffdfddc45a01d3af53fea643325b018cf8d7388c4773bc8631da6e0de4f0545     – shaharsol Dec 20 '20 at 13:06
  • @shaharsol: Yes, in this specific one there was no gain for the scammer. But there was no gain for him/her either. Maybe the bot script checks >= 0 rather than > 0 or something like that. In either case, you can view pretty much every transaction prior to this last one, and see that he/she has actually gained a small amount of ether on each one of them. – goodvibration Dec 21 '20 at 07:47