This article will deeply unveil the theft U industry chain. By analyzing the operational details of the project, it aims to prevent everyone from being deceived.
Theft U requires some simple technologies, such as domain names, servers, Baota, firewalls, do you understand these? Do you know how to download the Dayou source code from the source code site and apply a template?
Common methods:
1. QR code theft U
2. Planting Trojan viruses into U,
3. Stealing U through fake wallets
4. Small amount USDT attack to steal U, where scammers use technical means to steal users' virtual assets, especially USDT assets.
Let's first talk about the logic of theft U. To empty someone's hot wallet, there are only two methods,
1. You know the private key of the other party's wallet.
2. Inducing users to authorize transfers to the wallet through malicious smart contracts.
Both methods can give criminals control over the flow of funds in user wallets.
For example, the most common authorization to U, scammers will first download the latest version of the free and fast source code from the source code site, some scammers, fearing the author has left backdoors, will pay a high price for so-called reliable source code.
I think they are overdoing it, buying it doesn't mean it has no backdoors. In this industry, unless you are using an open-source system or a program you wrote yourself, which software wouldn't leave a backdoor for itself?
The so-called mantis stalks the cicada, with the oriole behind. Small scammers deceive victims, big scammers deceive small scammers, this kind of black-eating-black phenomenon is happening every day.
Next, the scammer will apply a ready-made template to this website, such as using a self-service card issuing system.
They disguise themselves as a platform selling social accounts, but in reality, it is a phishing platform. As long as you dare to place an order and pay, the scammer might obtain your wallet authorization.
Some scammers, in order to deceive your authorization, will compile various scripts. They will tell you that they need to test your wallet first to see if it can transfer normally, tricking you into transferring a USDT to them through a phishing website. In fact, this transfer operation is just to deceive your authorization.
Or it's about getting token airdrops, clicking to receive the airdrop is also to deceive your authorization. Normally, your wallet will have system prompts, but some newcomers do not read any prompts and just click confirm directly.
With this confirmation, their assets will be instantly emptied. There are also some scammers who are technicians themselves and can write some code.
The Dayou system they develop will use the variability of the Trojan to upload the Trojan to the website frontend, and then use the variable dynamic code to evade wallet authorization prompts. So usually when clicking on a link to jump to the payment wallet, pay more attention to unfamiliar platforms and do not easily operate payments.
About using clipboard viruses and fake wallets for payment, there are already many introductions online. Here we'll just briefly go over it, usually, scammers will send you some Trojan virus files.
The names of these files are very enticing, but once you download and open them, any transfer address you copy will change to theirs, like this, clearly I copied an address ending in 135, but when pasting it turned into an address ending in 246.
So, everyone should not randomly download links and files, this is how to avoid such problems. And stealing USDT with fake wallets is because many wallets are open-source, it's relatively simple to imitate one, and this kind of scam is usually a series of traps, newcomers are hard to detect because scammers use high returns to blind newcomers, making them actively cooperate in downloading fake wallets.
Small transfers in the early stage of the fake wallet will not be a problem, but when you have a large amount transferred in, the fake wallet will directly block your account, asking you to pay a so-called security deposit to unfreeze it, then it turns from a scam to a slaughter plate. Until you are completely emptied. So when downloading wallets, be sure to download from the official website, do not download through links sent by strangers.
Then let's focus on this method of using small amount USDT attacks to steal, which is rarely mentioned.
Since every transaction in the blockchain is saved on the chain and is publicly transparent, it can still be viewed, some attackers will obtain the entire blockchain's transfer information, then perform statistical analysis.
They select some active and valuable wallet addresses, then use software to generate a similar address that often transfers to the target address, and proactively send a small amount of USDT to the target wallet through this similar address.
Then when the user makes a transfer, they might accidentally copy that similar address due to their carelessness, thus transferring the USDT to the attacker. So everyone must be careful when transferring, to avoid falling into such scams.
The methods of theft U are actually many, such as, scanning code mining Dayou, OKEx scanning code theft U, e-commerce transfer second U, etc. Each scammer has their own theft U technology, many newcomers due to unfamiliarity with blockchain authorization operations, are fooled by a set of scammers' scripts, and end up confusedly giving the authorization to the other party, then what awaits them is the theft of their wallet.
