Mining/dApp Scam

Mining scams actually like phishing attacks pretending to be "mining" or "liquidity pools", but instead tricks you into authorizing unlimited withdrawals from your cryptocurrency wallet.

They may come with a 24/7 "customer service" chat that give you deceiving explanations.

Mining Pools

Conventionally, mining pools refer to either of 2 activities done on blockchain networks:

1) Liquidity mining pool, whereby those who supply liquidity to decentralized exchanges (ex: Uniswap on Ethereum) are given a portion of fees levied on users of the pool. This is done by providing equal value of two different coins/tokens (ex: $100 worth of ETH, $100 worth of BITC).

2) Proof of Work mining pool. Proof of Work is the consensus mechanism utilized by Bitcoin as well as a few other blockchain networks. Those who wish to generate rewards for themselves in the form of new coins can provide computing power to a Proof of Work blockchain. Those who do this on a small to medium scale typically pool their computing power together in order to smooth out rewards over time, rather than letting luck determine the winners.

The Scams

The mining scams are phishing attacks that tricks you into authorizing permissions on a "smart contract" that actually allow scammers access to your USDT at any time. Whatever the scammers and the site’s customer service claim about their mining pool is a lie. This can include numbers displayed about "your" ETH and USDT, as well as taxes owed and/or pool rules that have been violated.

When you create a self-custody crypto wallet, (e.g. Coinbase Wallet, Metamask) you obtain a "private key" that is safeguarded through encryption. It is equivalent to the series of words known as a “seed phrase” that the crypto wallets ask you to take note upon creation. However, the fraudsters do not need your seed phrase. When a victim clicks on the link to join the fake mining pool, they are clicking a button that will request $10 - $50 of ETH for “gas” a.k.a. network fee. This is merely a front to obtain your digitally signed authorization, allowing unlimited access to your wallet via the USDT smart contract.

Who placed the deceptive smart contracts?

A smart contract is a set of code instructions that could really be anything. It takes some good subject-level expertise and knowledge of the Solidity programming language to uncover exactly what the terms of the contract are.

In this case the Tether company has established the contract for decentralized finance. Some functionalities of the contract allow access to the USDT token, and this is intended for legitimate financial transactions. The scammers use this functionality to steal funds and initiate withdrawals of funds at any time. The funds will transfer to an account they control. Unfortunately once you give authorization, you have pre-agreed to these conditions which outline how the money will flow from your account to theirs.