Web3 Security Guide: Avoiding Fake Mining Pool Scams

SlowMist
6 min readAug 30, 2024

--

Background

In the previous edition of our Web3 Security Guide, we analyzed several common airdrop scams and discussed the various risks users may face when claiming airdrops. Recently, the SlowMist AML team noticed a significant increase in the number of users affected by fake mining pool scams while analyzing stolen fund reports submitted via MistTrack. Therefore, in this issue, we will delve into several common types of fake mining pool scams and offer safety tips to help users avoid falling into these traps. While some of the examples we use may be in Chinese, the method behind the scams can applied to in various languages.

Fake Mining Pool Scams

Fake mining pool scams primarily target new Web3 users. Scammers exploit the newcomers’ lack of understanding of the cryptocurrency market and their desire for high returns by luring them into investing funds through a series of meticulously crafted steps. These scams often revolve around the notion that “funds need to be locked in the pool for a certain period to generate returns,” making it difficult for users to realize they’ve been deceived in a short time. Under the guidance of the scammers, users, seeking higher interest rates, often continue to invest more money. When users are unable to provide additional funds, the scammers threaten that this will result in the inability to redeem their principal, causing further financial damage to the victims.

According to several victims, scammers impersonate reputable exchanges on Telegram, setting up fraudulent groups with thousands of members, which can easily lower the guard of potential victims. Many users searching for official accounts on Telegram may mistakenly use group size as a factor in verifying authenticity. While official groups tend to have a large number of members, this logic does not necessarily apply in reverse. It’s unimaginable that scammers would establish a group with tens of thousands of members just to scam a few victims; even the seemingly casual chatter within these groups is part of the bait. A notable red flag is a group with over 50,000 members but less than 100 active online members, which should raise suspicion when compared to other large groups.

For novice users, scammers go the extra mile by providing detailed tutorials on how to check the staking status of mining pools, download wallets, and transfer funds to the scammer’s contract address. By exploiting the illusion of liquidity mining’s incentives, scammers successfully entice users to invest. After sending funds to the contract address, users receive some returns, which tempts them to invest even more in hopes of gaining higher returns. This behavior plays right into the scammers’ hands, eventually leading to the complete loss of the users’ funds.

Even more egregious, some scammers return fake tokens to users as rebates. Unaware, new users believe they have received legitimate returns, only to discover that these tokens are worthless when they attempt to trade them.

The scam illustrated below involves tricking users into granting malicious authorizations, enabling the theft of their funds. Scammers impersonate officials claiming to have a “Super Node Mining Activity” and invite users to participate in mining. After following the instructions and clicking on a phishing link, users are tricked into granting malicious permissions, ultimately resulting in the theft of their funds.

Another type of scam involves directing users to a fraudulent platform and manipulating platform data to create the illusion of profits. However, these profits only exist within the platform’s display and do not represent actual asset gains. At this stage, users are already deceived by the scammers’ seemingly “expert” investment abilities. The scammers then further entice users to participate in mining pool activities, requiring daily deposits of 5% or 8% of their total assets in USDT to activate the mining pool. To receive dividends and under the pressure of “not being able to withdraw the principal if they stop depositing,” users continuously deposit into accounts provided by the scammers. As you can see, this scheme means users have to deposit more USDT each day than the previous day.

Looking at the examples of fake mining pool scams above, readers should notice that these scams do not employ particularly advanced techniques. However, these novel tactics and seemingly legitimate processes can be highly misleading for new Web3 users, who, due to their lack of experience, may easily fall into these traps.

Summary

In this issue, we have analyzed several common fake mining pool scams to help users stay vigilant in similar situations and avoid falling victim. We also offer some safety tips to enhance users’ protective measures:

- Be wary of unrealistic profit promises: If an investment opportunity offers too-good-to-be-true returns, it is likely a scam.

- Do not grant permissions lightly: Avoid clicking on unknown links and authorizing operations.

- Maintain a skeptical attitude: Carefully verify the authenticity of groups and do not judge their trustworthiness based solely on the number of members. For any operations involving fund transfers, maintain a skeptical attitude and confirm the legitimacy of activities through multiple channels.

About SlowMist

At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.

We offers a variety of services that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we wish to help spread awareness and raise the security standards in the blockchain ecosystem.

💬Website 🐦Twitter ⌨️GitHub

--

--

SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.