My Fake Scam App

We need your permission to pay the Network Fee.

Comments

Post a Comment

Popular posts from this blog

DApp Phishing in Coinbase Wallet - I Lost Over $50,000

Image
A few days ago, all my money, $58,797, in my Coinbase Wallet drained from my wallet without me knowing about it until I opened my wallet. I believe there is a major security issue in Coinbase Wallet where users can easily get phished to give a DApp (Decentralized Application) to take control and grant spending permission to an external entity. My empty wallet 😢 Contacting Coinbase/Wallet Support , which is the only way I know of to reach out to them, was not helpful. All they said is that I may have leaked the recovery phrase, without looking into the details I provided . I found a recent review on Google that describes the situation really well. A recent user review on Google Play Store. I am going to describe what happened in details. My brother-in-law showed me his Coinbase Wallet a few weeks ...
Read more

Inside The Scammer's DApp

Image
With Chrome Dev Tools , I was able to look inside the client code of https://u2e-free.com. This site is the scam dapp that drained all my USDT after my Coinbase Wallet granted them unlimited spending of my USDT. The site is a single-page web application written in Vue.js v2.6.12 and web3.js . Below is the tree view of the site. The application supports two different languages in its UI — English and Chinese, with English as the primary language. I concluded that English is the primary language because there are untranslated texts for the Chinese version as shown below. Next I will focus on the code that implements the Receive button. This is the most important action because it is what obtained the permission to spend unlimited USDT from victims' wallets. Below is the receive function that implements the action. The function above does the following: Obtain the USDT Contract Get the estim...
Read more