Trying to gather some info on XRP scams.

[iLikePeaches]

Hey all,

New here, have been looking into some recent XRP scams and wanted to see if anyone could help provide some more info for me. 

I've been noticing an uptick in scams involving "SetRegularKey" transactions that involve the victim then being drained by this key they designate. My question is, does anyone have any websites or existing emails that lead to this scam? Or perhaps previous documented confirmed cases? 

Finally, are you able to sign a "SetRegularKey" transaction to delete the key using XRPToolkit? 

Thanks all.

[TaterTots]

Hello, hopefully this reaches my intended audience.

I work for a security company in the crypto space (intentionally vague here but happy to prove in the future) and would like to get in touch with the mods of this forum. I am not currently allowed to send private messages, however it seems a mod will have to review this message anyways. 

We notice that the XRP community is heavily targeted by scammers, phishing attempts, etc. As this seems to be a hub for the community, and we have a hard time isolating where most community interaction takes place, I'd like to get in touch with you mods to increase our understanding of any trends in XRP scams beyond what we see, and hopefully improve our proactive efforts to educate users.

On that note, I'm also curious whether you've ever considered creating a "Security" space within the forum like having it as a topic on the landing page: https://www.xrpchat.com/. We'd be happy to put together a post detailing the common themes we see and tips and tricks as the first entry in such a space. 

If you can DM, please DM me to take this convo offline

[at3n]

5 hours ago, iLikePeaches said:

Finally, are you able to sign a "SetRegularKey" transaction to delete the key using XRPToolkit? 

It looks like you can, if you use the "Assign Regular Key" function in XRPToolkit, and just leave the regular key field empty. I didn't test fully, but it gives you a QR code to sign so looks like it should work, as the method to unset a regular key is to submit a SetRegularKey transaction with an empty address:

https://xrpl.org/setregularkey.html

 

5 hours ago, iLikePeaches said:

My question is, does anyone have any websites or existing emails that lead to this scam? Or perhaps previous documented confirmed cases?

I don't have any records of scam sites from the past, but you can find many likely cases of it happening if you use the search function on this site to search "regular key". There was a period maybe 2 or 3 years ago when there were a load of people having been locked out of their accounts, but once we established what the problem was, nobody wanted to reveal how they had been scammed. I asked a lot of people if they would tell us exactly what had happened, to try to raise awareness, but nobody seemed willing to say (which is completely fair of course, but frustrating).

Just to note also that some of the cases were not actually regular key attacks, but the victim had been sold a pre-funded wallet that had already been master-key disabled. The same wallet would be sold to many people to trick them into depositing to it.

[iLikePeaches]

15 hours ago, at3n said:

 

Quote

 I asked a lot of people if they would tell us exactly what had happened, to try to raise awareness, but nobody seemed willing to say (which is completely fair of course, but frustrating).

 

Run into this a lot as well, currently looking into the Token Allocation scam that's been around this past week, any idea if this site sets a regularkey? I don't have the XRP to test it. 

[at3n]

4 hours ago, iLikePeaches said:

Run into this a lot as well, currently looking into the Token Allocation scam that's been around this past week, any idea if this site sets a regularkey? I don't have the XRP to test it. 

I don't know, but I would guess that it does, given that it (the one I've seen) doesn't claim in the instructions that you need to send any XRP to claim the reward.

I can't check right now, but I wonder if it is all done in javascript in the browser, can you edit the rippled server address to point the scam tool at the testnet? Then you can check with a worthless test account what it does?

Disclaimer for obvious reasons: Please nobody interact with any sites claiming an XRP giveaway. Don't mess around with test accounts unless you absolutely know what you're doing.