Recently, we have observed a growing type of scam that exploits the “custom node” feature in cryptocurrency wallets. Attackers deceive users by forging node data, tricking them into believing that assets like USDT have been received, ultimately leading to financial loss.
What Is a Custom Node?
A custom node allows users to specify a particular network node in their wallet, facilitating connections to different blockchain networks (e.g., mainnet, testnet). While this feature provides flexibility in accessing various blockchain resources, untrusted custom nodes can deliver incorrect data, posing serious security risks.
What TokenPocket Is Doing to Prevent Custom Node Risks
To protect users from custom node-related scams, TokenPocket has implemented several measures:
Default Node Protection: We ensure that users connect to TokenPocket’s default or officially recommended nodes, minimizing the risk from unknown sources.
Warning Prompts: TokenPocket includes security reminders in the custom node settings, urging users to exercise caution when adding third-party RPC nodes.
Security Validation: We have enhanced our detection mechanisms to verify the authenticity of node data, preventing the use of forged nodes.
Reporting Mechanism: Users can report suspicious nodes or potential scams through official TokenPocket channels. We will respond promptly to investigate and address these issues.
How Do These Scams Work?
Scammers often conduct crypto transactions offline or through social media, convincing users to:
Download a wallet app.
Manually add a custom RPC node, which is a fraudulent node set up by the scammer. This node manipulates account balances, transaction histories, and smart contract earnings, misleading users into mistakenly believing they have received assets like USDT — even though no actual transaction has occurred on the mainnet.
The deception can be particularly sophisticated:
Some fake nodes utilize testnets or private chains, closely mimicking the mainnet environment, including matching network IDs, making detection difficult.
Victims typically only realize the fraud when they try to transfer their funds, discovering that the assets are illusory and the transaction fails — by then, it’s often too late.
TokenPocket Security Tips
Avoid trust in third-party RPC nodes provided by unknown individuals, especially during asset transactions.
Refrain from changing default node settings unless absolutely necessary; stick to TokenPocket’s default or officially recommended nodes.
If you encounter suspicious nodes or potential scam attempts, please report them immediately through our official channels.
TokenPocket remains dedicated to monitoring on-chain security trends, raising user awareness, and helping you protect your digital assets. If you have any questions, feel free to reach out to our official support team.