Let's briefly analyze the criminal methods.
Second, the process analysis
Scan this QR code:
Scan the code with TokenPocket wallet and try to transfer money. Note that it must be a wave field chain. Note the upper left corner of the picture below:
You will find that there will be the following requests in this process. Please pay attention to the method: approval!
The form of this contract is approval, and the above picture means requesting approval to transfer $900000000 t!
The signature of the request here should be authorization, and Tronscan recognizes authorization as transfer.
Now you should understand that if you click Receive, you will authorize your usdt wallet to the attacker's address, and the usdt within 90000000 can be transferred away by the attacker.
This technique is also called "authorized fishing".
Third, continue to track.
The details of requesting signature are as follows:
From the authorization that pops up, it can be seen that the address TVM7GSONDGUP 9SBTKWY 2D HHLVJHEGHGIY is authorized, and then you can check the transfer record of this address, and you can see TRC20 &; TRC72 1 transfer-in records all show 90000000:
These transfers are all victims. This is actually a bug in tronscan. This 90 million is only authorization, not transfer.
For example, just look at the transactions that show an amount of 90 million:
● /
According to the source code obtained by the black-and-white network, the address information will be recorded in the background after scanning the code payment, and the balance can be queried, which supports direct transfer.