Warning: This is a simulated phishing attack scenario for educational purposes. Never
share your private keys or seed phrases in real situations.
Background
You've just seen a message on social media claiming they can help you recover stolen cryptocurrency. You
decide to contact them for help.
CYBER RESCUE - Asset Recovery Service
Hello! I'm a technical expert from CYBER RESCUE. We specialize in helping users recover stolen
cryptocurrency assets. When were your assets stolen? What wallet were you using?
I lost 10,000 USDT from my MetaMask wallet yesterday after clicking on a phishing site.
I'm very sorry to hear that. Don't worry, we have a 100% success rate in recovering stolen
funds. We'll use the BNB Smart Chain network to process USDT transactions and redirect the
stolen funds to your wallet.
First, you need to download MathWallet so we can guide you through the proper setup to redirect
the funds to your wallet.
Okay, I've downloaded and installed MathWallet.
Great! Now please click on "Add Custom Asset" on the MathWallet homepage and enter the USDT
contract address: 0x55d398326f99059ff775485246999027b3197955
Important: After pasting the contract address, please change the Decimals from
18 to 0. This is a crucial step in our proprietary technology that helps recover your funds.
MathWallet
Add Custom Asset
Contract:
Name:
Symbol:
Decimals:
How do you think you should set the Decimals?
If you change the Decimals from 18 to 0, how much USDT will your wallet show when the attacker
transfers 0.00000000000089589 USDT?
Token Precision Phishing Attack Explanation
This is a common phishing attack technique where attackers exploit token precision (Decimals)
changes to deceive users.
How the Attack Works:
The attacker convinces the victim to change the token's Decimals from the correct value
(usually 18) to 0
Decimals determine the number of decimal places a token can be divided into, affecting how
the token is displayed
When Decimals is set to 0, the wallet displays tiny amounts of tokens as whole numbers
The attacker transfers a minuscule amount of tokens (like 0.00000000000089589 USDT), but it
appears as 89589 USDT in the victim's wallet
Seeing the large amount of "recovered" funds, the victim trusts the attacker and provides
private keys or transfers funds as requested
How to Protect Yourself:
Never modify the default Decimals value of tokens
Don't trust services claiming to "recover stolen funds"
Never share your private keys or seed phrases
Verify transactions using blockchain explorers, not just wallet displays
Keep your wallet applications updated with the latest security patches
