Ripple CTO David Schwartz warned of a big stock scam.
Ripple CTO David Schwartz on twitter warned of a big stock scam. He noted:
Read this if you ever arrange crypto transactions using Telegram, Discord or similar platforms. There’s a sophisticated exchange scam you need to be aware of.
What should have read was the story of how the Head of Product in Aurora nearly got caught by a fascinating and devious crypto scam:
I was approached in Telegram by “Olai”, looking to purchase some AURORA tokens OTC. I have some, and we agreed on terms of the deal. Olai’s explanation for why he’s interested in Aurora reflected quite extensive awareness of what we’re doing, so no alarms sounded at this point.
Olai insisted that we use a third-party escrow to facilitate the transaction, but that I could be the one to propose someone. He didn’t like the first party I suggested, because they refused to accept his friend request in Discord.
Olai suggested: 1. I send the AURORA to Steve 2. Olai sends me a small USDC test transaction 3. Steve send Olai an small AURORA test transaction 4. Olai send me the USDC balance 5. Steve then sends them the AURORA balance
Note that ending me the USDC kinda defeats the purpose of escrow, but if that’s how he wanted to do it, it saved the step of Steve having to send me the USDC, so we proceeded.
When the test transactions were done, Olai said: OK, I just sent you the balance of USDC. Let me know when it arrives, so Steve can send me the balance of AURORA.
After a few moments, Steve pings me—in Signal: Just wanted to double check here that you want me to send the balance – , to which I replied: No, I haven’t received the USDC yet. Steve then sent me something stunning.
Steve sent me a screenshot of his view of the group chat, where *I* am saying: Steve, I confirm receipt of the USDC. You can now send the AURORA balance to Olai.
Insane! That wasn’t visible to me in the group chat!
Obviously, we’re dealing with very creative scammers. Unsure in the moment what to say, I typed: Olai, can you send me the Etherscan URL for your transaction?
A few moments later, Steve sends me the next insane screenshot, of me saying in the chat: OK, Steve, this obviously isn’t going to work out. Could you please immediately return my AURORA to 0xNotMyWalletAddress. The last-ditch scam attempt! Again, this is invisible to me!
My theory of what happened —Gerard, the silent “business partner” in the chat, cloned my Discord profile (dead easy to do) and then *blocked me*. By blocking me, everyone else in the chat could see Gerard’s (my) messages, except me. Haven’t confirmed yet—so just a theory.
I long been accustomed to Discord (and TG) DMs from impersonators. This is the most common scam. But today was a first. I wouldn’t have suspected the ability to impersonate someone in a group chat—*who is present in the same chat!* For me, I got lucky Steve is security freak!
One final observation, since how they pulled this off is still just a theory. It does seems that accepting a friend request is key, and why they rejected my first suggestion (who refused the friend request). I’m now going to go unfriend everyone I don’t know in Discord!
Couple of add-ons: Going non-standard on escrow workflow was obviously a mistake, even if apparently in my favor. We could have used AirSwap. Trustless systems FTW!
An update on this scam — finally figured out the attacker’s tactic. The attacker created *two* group chats in Discord. Steve was impersonated in mine, and I was impersonated in Steve’s. The attackers were apparently relaying some messages between the two.