Matt Henderson, head of product at Aurora Labs, says a sophisticated over-the-counter (OTC) transaction scam is circulating that nearly caused him to lose a stash of his hard-earned cryptocurrency.
Henderson recounted his personal meeting with a scammer known as “Olai” to his Twitter followers on Aug. 5.
The Olai scam essentially involves a victim being tricked into believing that payment has been received for an OTC crypto transaction, when in fact it was not.
Today I almost got caught by a fascinating and devious crypto scam during an OTC transaction. Read on to find out what happened so you can prevent it from happening to you.
— Matt Henderson (@dafacto) August 5, 2022
How it worked
Henderson explained that the crypto scam started when Olai contacted him through the Telegram messaging app and inquired about buying AURORA tokens with USC Coin (USDC).
The pair agreed to execute the transaction via escrow, a common strategy in which a trusted, neutral third party holds assets on both sides of the transaction and releases them to the counterparty when the payment terms are met.
In this case, Henderson selected Aurora Labs’ chief of security Frank Braun to act as the escrow agent, whom he initially referred to as “Steve” in the Twitter thread.
Olai suggested:
1. I send the AURORA to Steve
2. Olai sends me a small USDC test transaction
3. Steve sent Olai a small AURORA test transaction
4. Olai send me the USDC balance
5. Steve then sends them the AURORA balance— Matt Henderson (@dafacto) August 5, 2022
However, Henderson caught something suspicious when his escrow partner shared a screenshot of him allegedly giving the green light to release the full number of AURORA tokens to the buyer.
According to Henderson, the scammers replicated his Discord profile and ordered Braun to release the AURORA token balance to the scammers.
Discord’s blocking feature kept Henderson from knowing that his profile had been cloned and scammers were impersonating him.
Based on this, some security steps I will take in the future:
1. All funds are sent to escrow. No exceptions.
2. Inspect transactions in block explorers. Do not accept verbal acknowledgments.
3. Always create group chats yourself.
4. Verify out-of-band IDs and confirmations.
— Matt Henderson (@dafacto) August 6, 2022
After successfully dodging the scam, Henderson later unpacked the intricacies of the scheme and warned anyone trading crypto via OTC means to exercise extreme caution and avoid falling victim to the sophisticated scheme.
Related: Solana Hacked Crypto Could Be Claimed As Tax Loss: Experts
He also shared that the scammer by the name of ‘Olai’ may still be active in the community as a person who has used a similar name and tactics has been spotted on Telegram, according to Twitter user Scott Yeager.
“How curious… I was recently approached by an Olai Olsen on Telegram who was trying to start an OTC deal and offer USDC. Same character?”
Earlier this year, the United States Federal Trade Commission found that by 2021, nearly half of all crypto-related scams came from social media platforms.
In a report in June, the FTC reported that as much as $1 billion in crypto was lost to scammers throughout the year, more than a fivefold increase from 2020.