Cryptocurrency is crazy again, so are the scammers. I once met a middleman attack kind of scam, they made it possible by jumping around different communicating tools.
They first sent out an inquiry email saying they had a client looking to build a $500K position of some crypto tokens I was holding, and due to the large quantity, they preferred to make the transaction with me directly without a crypto exchange.
I have had received lots of these kind of emails before and at most time I would just mark them as spam, but that time I was curious how could this scam work out. So I first checked the email security details to ensure the email was sent out from the real domain owner, and it actually was. Then I visited the website represented by their email domain, looked not bad at least. The conversation continued.
Me: “OK, let’s do it! How should we start?”
Scammer: “Thank you. Do you have Telegram? It’s easier to discuss the deal. My ID is xxxxx.”
Me: “Sure, please send me a message at xxxxx, because I’m forbidden by Telegram to chat with strangers.”
Scammer: “Sorry I can’t chat with strangers neither. Please add me as a contact at first.”
We added each other as contact and finally we were in Telegram.
Me: “I don’t have a plan to sell the tokens yet, I know some holders they might be interested in your offer.”
Scammer: “Cool, could you please connect us?”
Me: “What kind of payment do you prefer?”
Scammer: “We will pay with ETH, crypto is easier than bank transfers.”
Me: “Agree. The holders use Mixin Messenger, do you mind installing the app so that I could share the contacts with you? My ID is xxxxx.”
Minutes later, we were in Mixin Messenger and I shared the token holders to them. I thought they would make the deal in a multisig OTC bot called Exin Local, otherwise if they offered other solutions they must be a scammer.
Not a long time before the token holder contacted me to invite me to a Telegram group, then I was 200 percent sure that they were a scammer.
Me: “Please block them, I’m sure they were a scammer. There is no way for a real buyer who prefers other insecure solutions over the convenient multisig Exin Local bot.”
Holder: “They want you to be the agent between us, so if they are scammers, you can just send us back the tokens. We would lose nothing.”
Me: “OK. Let’s finish the show with them.”
We were in Telegram again. After some obvious fake arguments on prices, we were at the most critical steps, transferring the cryptos. And they brought the last place of the conversation, Discord.
Scammer: “Do you have Discord? Our lawyer and accountant need to watch all of our trading steps so that they can make papers.”
Holder: “Yes, we do. Please share the Discord group chat link.”
Scammer: “What’s user Discord tag? I will add you to the chat.”
Me: “I don’t have a Discord account, I always use it anonymously. So please share the link so that I am able to join it.”
Scammer: “Sorry I don’t know how to share Discord chat link. Could you please register a Discord account?”
Then after some more arguments that I didn’t have a plan to register an account, and the holder privately chatted with me to convince me a new account. And I made it. Then we were in Discord. We made some final confirmations about our addresses to receive tokens at first, then the scam happened.
Scammer: “I have sent the ETH to your address. Please check it.”
Holder: “Yes, I received the ETH. Cedric, please release the tokens to them.”
I sent some dirty words then quit the chat, then I chat with the holder in Mixin Messenger.
Me: “They said they have transferred the ETH to you, and you said you have received them.”
Holder: “What? I didn’t receive anything. Where do you chat?”
Me: “In the Discord group. I guess they invited us to two different groups, and fake all of us and our words in both groups.”
Holder: “Holy shit!”
Me: “That’s why they refused to share a Discord group link.”
This attack is clever, they cheat two parties as a middleman. If we didn’t have Exin Local and I was not cautious enough, and they were more patient, they would have made it.