As long as you transfer USDT to the scammer via QR code once, after the second transfer is successful, they can control your wallet, and your USDT will vanish
The main principle is wallet authorization, achieved by exploiting Ethereum contract vulnerabilities to enable remote transfer payments
QR Code Theft Incident
The attacker sends a pre-prepared malicious QR code to the user, luring them to scan the QR code with their wallet for a transfer. After the user inputs the specified amount and confirms the transaction (which actually runs the process of the user approving authorization to the attacker for USDT), a large amount of USDT is lost from the user's wallet, and the attacker calls TransferFrom to take the user's USDT
This method is also known as approve phishing
Airdrop Theft Incident
The attacker impersonates a trading platform or DeFi project, launching obvious airdrop activities through media communities to lure users to scan QR codes to receive airdrops. After the user scans and clicks to claim the airdrop (which is also the user approving authorization to the attacker for USDT), a large amount of USDT is subsequently transferred from the victim's account (the attacker calls TransferFrom to take the user's USDT)
Impersonating customer service to steal private keys
The attacker pretends to be a customer lurking in the community. When a user requests help with a transfer or withdrawal, the attacker contacts the user promptly to assist. By patiently answering questions and sending a fake ticketing system disguised as a decentralized bridge, the user is led to input their mnemonic phrase to resolve the transaction issue. After obtaining the private key, the attacker steals the assets and blocks the user
Fake Wallet Theft Incident
Retail investors search for wallet download addresses on search engines, then download and register. The moment they recharge their assets, they lose control of them because they downloaded a fake app. Please download from the app market; can you really rely on search engines for something so private?
Hardware Wallet Scam
The hardware wallets we see on JD, Pinduoduo are all modified. When you buy them, they are actually second-hand devices. The seller makes alterations to the wallet device before selling it to you. After a few months, they close the store and reopen. When you store a large amount of assets, they can be wiped out instantly
Fraudulent link authorization
After entering Web3, in addition to hoping for the arrival of wealth opportunities, there's also the issue of dealing with the proliferation of scam links. Various scams are hidden behind scam links, and a moment's inattention can lead to instant loss of assets. The assets still exist but no longer belong to you
Mnemonic Phrase Loss
The way to save mnemonic phrases is generally physical, by writing down two copies and keeping them in two places. Most retail investors find it troublesome and only make one copy. Many people take screenshots of their mnemonic phrases in their albums or other third-party storage apps, cloud storage, albums, or memos, which is very unsafe. Many apps can access your phone's album. Using an iPhone, Apple
In another scenario, the scammer pretends to be a novice on social software, claiming they are no longer playing and revealing their mnemonic phrase showing how much USDT is inside. You use their mnemonic phrase to recover the wallet, see there's no GAS fee, and then deposit funds, only to find out you can't transfer out the USDT. This is their trick, scamming you for transaction fees
Response: At any time, on any platform, be vigilant about any private messages from anyone. Do not scan QR codes, do not click links, verify transfer addresses, and safeguard your keys. Most people only have a little, but scammers often do not refuse anyone, which is one reason even the SEC's official account is not immune