New: Scam exploits Coinbase Wallet app through DApp function

UPDATE: A solution on how one can extricate oneself from this scam once in it, if not yet too late.


A new scam tactic exploits the Coinbase Wallet application. The scammer teaches a target to download the Coinbase Wallet app (not the Coinbase app) and to go to the DApp (decentralized application) section in it where there is a browser bar. When the target enters a URL given by the scammer into this browser bar, the target immediately (and without realizing) hooks up to a smart contract, which irreversibly drains the contents of the target's wallet. There is no further need for the target's authentication or username/password. This allows fraudsters to steal cryptocurrency from the target's wallet until the target has nothing.


This scam is usually carried out with the help of recruiters on Facebook, Instagram or other online social media sites. The recruiter mentions a way to get stable interest as akin to a savings account by joining a "mining pool". Users must store USDT in their Coinbase Wallet app. Supposedly, the larger the committed amount, the higher the interest, like 0.004-0.0045% per day. When entering the given URL into the Coinbase Wallet application, the mining pool will ask the user to click a button to join the mining pool. This button will charge a "service fee" of $30-50 directly from the user's wallet. Although this seems to be a one-time offer, clicking the link will establish a smart contract with the crook, and the user may not know it. The user pays an original "service fee" and additional small fees (for example, $1) for an indefinite period of time. Or, all contents are straightaway taken all at once. Victims will not be fully informed what the smart contract they just entered truly does.


SOLUTION: If you have entered into such smart contracts, and if not too late, you can enter this address into the browser bar of the wallet app to control all approvals to your wallet and zero out or "kill" the existing contract: https://tac.dappstar.io/#/ (you can enter and check on a regular browser first for more explanation)



A scammer provides victims with step-by-step instructions on how to join the "mining pool" through the Coinbase Wallet app. First, the victim tries to visit the scattered application webpage, and then enters into the browser bar a fraudulent site. The massacre occurs when the user clicks "Receive" to join the "Mining Pool". This will initiate a smart contract, which would irreversibly deplete the user's wallet slowly or immediately until empty.


Conversation with the scam recruiter in English as he tries to sell a target to participate in the fraudulent mining pool. The "mining pool" sold by scammers is not real, but is a smart contract that uses the Coinbase Wallet application to steal user information and empty wallets.


Related Pages:

Coinbase Wallet Has A Major Security Vulnerability

0 次查看