"Dark Forest" Crossing Manual | A detailed explanation of the anti-theft guide under the new trap of "Observation Wallet".

“The Dark Forest,” which originated from “The Three-Body Problem,” is also the most naked summary of the current Web3 security track.

The encryption industry, especially the emerging field of blockchain, has enough room for imagination and innovative gameplay. However, it is also like a “dark forest,” where both old users and new players need to be familiar with various risks that may be encountered on the chain and try to avoid them. This is an eternal topic that we always need to learn.

Recently, a scam method targeting non-custodial wallet users has quietly become popular. It utilizes the observation wallet (wallet that supports ‘observation mode’) function, and through a forged trust mechanism and carefully designed logical chain, it traps victims who are unprepared. For ordinary users, this kind of scam may seem basic, but it is highly deceptive and destructive.

Scammers use the unfamiliarity of novice users with decentralized technology and wallet operations to steal encrypted assets. In this context, it is particularly important to understand and be vigilant about these common yet fatal security risks. This article will analyze in detail the operation mode of this new type of fraud and provide users with a series of prevention tips.

What is the “watch-only wallet” mode of the non-custodial wallet?

As we all know, the watch-only wallet mode is a feature of the non-custodial wallet for encrypted assets, which allows users to view the balance and transaction history of specific wallet addresses.

Due to the transparency of the blockchain, all wallet addresses, corresponding balances, and transaction records on the chain are transparent and visible. Users can input any blockchain wallet address through a blockchain explorer and other tools to view their asset balances and on-chain records, including receipts, transfers, on-chain authorizations, etc. During this process, the identity of the wallet owner remains anonymous unless they voluntarily disclose it.

As a non-custodial wallet, SafePal wallet also provides the watch-only wallet mode. For example, when users create a new wallet, they can choose to create a new wallet, recover an old wallet, or import the watch-only wallet mode (click here to view the official tutorial on importing the watch-only wallet mode of SafePal).

The following image is a comparison between the observation wallet mode and the normal wallet homepage. From it, we can see that the observation wallet only allows viewing of the balance, but does not have options for transfers, flash exchanges, etc.

When users import the observation wallet mode, they only need to fill in the wallet address, so they can easily view the on-chain balance and transfer records of this wallet. However, since the observation wallet does not represent actual ownership of the wallet and only provides viewing functions, users cannot operate the assets in the wallet in observation wallet mode.

As a result, the wallet model is often used by the public to track and monitor the on-chain fund situation and trends of specific wallet addresses, such as regulatory monitoring of anti-money laundering on the blockchain, fund tracing of hacking incidents, etc.

However, it is important to note that it does not support users to make any transfer transactions on this wallet address, nor does it mean owning the specific wallet address. Only users who have the private key/mnemonic phrase of the wallet address can access and manage the assets in the wallet address.

The scam we mentioned today is a scheme designed by fraudsters to take advantage of users’ unfamiliarity with this background knowledge.

How does the ‘Observing Wallet’ scam work?

At its core, the scam is that the scammer contacts and manipulates the victim into thinking they have access to the funds at the wallet address (usually the scammer will take advantage of a wallet address with a large amount of funds) and tells the victim that they need to make a transaction to unlock their funds, when in reality they can only view the wallet balance without any access or ownership.

The following is the typical operation mode of this scam:

Scammers approaching users: Scammers impersonate wallet team support personnel. They often contact users through social media platforms (such as Twitter, Telegram, or Reddit) and initiate conversations by offering ‘help’ or ‘investment’ related to the wallet. Some scammers may also post ‘fake help posts’ online, similar to ‘I’m having trouble withdrawing money from my wallet, can anyone help me? I’m willing to pay a large reward.’

Fake news: The scammers claim that a user’s wallet needs to be “verified” or “upgraded” in order to access the funds inside. They usually direct the user to download the wallet app from the app store so that it looks like they are walking the user through the normal process of creating a wallet.

Import wallet address: Then, the scammer asks the user to import the address into the wallet in watch-only mode, allowing the user to see the balance of the wallet, which may contain a large amount of cryptocurrency. The scammer will then claim that the user needs to pay a Gas Fee or deposit additional cryptocurrency into a specified wallet address, tricking the user into believing that they need to pay a fee to unlock the funds in that wallet address.

Stealing funds: Once a user sends the solicited funds to the scammer’s address, they will not receive anything in return and the scammer will disappear. In other cases, the crooks may continue to ask for more funds to be deposited or transferred to the wallet address under other false pretenses or promises.

Why does this scam work?

This scam is effective because users often do not fully understand that, due to the transparency of the blockchain, all wallet addresses can be tracked and viewed on the chain. Viewing the balance in a wallet address may lead inexperienced users to mistakenly believe that this is equivalent to accessing or owning the wallet, when in fact it is just a view.

In this scam, the fraudsters took advantage of the victims’ lack of understanding of the wallet pattern and also incited the victims’ greed or sympathy through the chat process, creating an opportunity for exploitation.

So how to protect yourself, it’s simple, if you’re using SafePal or any other decentralized or non-custodial crypto asset wallet, be sure to pay attention to the following security tips to avoid falling for these scams:

• Do not believe messages from strangers in private: Under normal circumstances, the official wallet team will never contact users through social media or direct messages (DM). Any messages that offer help, opportunities to get rich, or request personal information should be treated with extreme caution;
• Understanding the observation mode or viewing the on-chain wallet address: Whether it is SafePal or other non-custodial wallets, the observation wallet mode is a function for viewing wallet balances. It allows users to track wallet balances and transaction history, but does not allow any transfers or withdrawals (actual access to a designated wallet address requires a private key or mnemonic phrase). Users cannot transfer funds from the wallet in observation mode. Therefore, if someone asks you to ‘unlock’ or ‘access’ funds in observation wallet mode, there is no need to doubt, it is a scam;
• Avoid sending funds to unknown addresses: If someone asks you to send funds to an unknown address to “unlock” your crypto assets, this is a danger warning sign. Scammers usually ask users to pay Gas Fee or other fees, but SafePal and most legitimate wallet platforms never require users to transfer funds to a specific address to unlock assets;
• Only download applications from official websites: Make sure you only download wallet applications from official app stores (such as Google Play Store or Apple App Store) to avoid downloading from unverified websites or links, as these applications may be malicious or fraudulent apps;
• Report suspicious activities conveniently: If you encounter suspicious messages or potential scams, feel free to report them to the official wallet channels immediately, which will help protect the community and prevent others from becoming victims of fraud.

Conclusion

「Not Your Key， Not Your COIN」。

This is actually the cruelest sentence in Web3, after all, ‘decentralization’ and ‘security subject responsibility’ are two sides of the same coin. When asset ownership is truly returned to individual control, it also forces each user to take responsibility for their own assets, and thoroughly enter the ‘dark forest’.

Therefore, with the diversified development of on-chain fraudulent methods, learning and understanding the working principles of non-custodial and decentralized wallets, as well as understanding common fraudulent methods, has become an indispensable survival skill for every Web3 user.

Always staying vigilant and safely traversing the ‘dark forest’ on the chain is a compulsory course for each of us to adapt to the rules of the decentralized world.