YouTube tutorial presents 718% return on staking! — —The latest secret Web3 phishing scam

GoPlus Security
5 min readOct 27, 2022


Recently, GoPlus Security received a risk alert from its partners, that a new type of mass phishing appeared on YouTube. The phishing website pretends to be the wallet, distributing the staking tutorial for DeFi sub-protocol to trick users to approve contract and steal assets.

How does the scammer do?

Step one: Providing the phishing website. The tutorial presents interaction on the BakerySwap exchange, but the phishing address given later is not BakerySwap. BakerySwap is used here to gain trust from users.

Step two: Asking you to connect your wallet, MetaMask or WalletConnect.

Step three: Attracting your attention through high profit. We can identify fake staking nodes on the webpage, SFP achieves 718% annual return, while Eth, Busd only has a few percent.

Step four: The blogger will tell you that someone he knows has staked $100,000 on the site, earning $2,000 a day.

Step five: The blogger will show you how he does it, he stakes $2,500, and receives a staking reward of $50 after 24 hours.

Step six:Telling you that you can withdraw the staking at any time (relaxes your guard and transaction cost) .

Step seven:Once you follow the instructions in the video to complete the staking contract approval, the contract obtains the right to transfer your assets. The attacker will then transfer away your digital assets directly, without giving any notification.

Other scams like this

There are a lot of YouTube scams like this,pretending to be the wallet or project owner, using different wallet names and project names. The video looks quite formal and professional, users can easily get misled, believe it’s an official tutorial. At the same time, they would be attracted by the high profit, and follow the instructions to complete staking.Typing in keywords like “token AIRDROP” on YouTube, there will be lots of scams like this. Scammers use well-known projects and hardware wallets to fake phishing urls and obtain approval.

Some scammers also use ghost accounts to leave praise comments, enhancing credibility.

And I seem to find a pattern. A lot of videos with covers like “AirDrop claim$500” are produced by the same team. Maybe the editor doesn’tbother to change it.

Search YouTube for these key words and lots of such videos will appear on the home page,some even by the same blogger, wearing the same sweater, but under different token names and posted on different accounts. There are hundreds of such videos, most of them have 300–600 views, popular ones can reach 2k-5k. It is estimated that the total number of views has exceeded 300,000+, and the number is still growing.

YouTube is the most popular video media for Web3 users. While it has many resources of interaction guides and project analysis, it has also become a medium for many crypto scams. You have to make a distinction.

Tips to avoid these scams

First of all, do not trust operation guidelines provided by other channels. We should confirm with the wallet or project owner, please go to the official website or make an inquiry in the community.

Secondly, assess the credibility of these YouTubers, do not trust them easily, even if the person looks decent or even a little cute. Go to the homepage of the blogger and check the history of his posting. Do not trust those who only have 300 followers, with no other history videos besides phishing trading.

Thirdly, do not believe in the high profit. Even if not impossible, it is very rare to achieve APR 718% under the current market conditions. So please be more mindful when such high yield appears.

Finally, use professional tools to identify the attack from scammers. It’s not easy for users to recognize such scams. Users can easily fall into the logic of the scammers. But you can rely on professional and proactive security protection tools and functions to identify contract approval risks.

Web3 is full of such security information asymmetries. As ordinary users don’t know code and don’t understand what is approved each time, they are in a very vulnerable position. The approval security API of GoPlus Security allows wallets to plug in the API to identify post-approval risks in real time and manage approval for users.

Users will receive a warning when they approve the attacker’s contract. If those contracts are attacked, the previous approval could be used by attackers to transfer user assets. A prompt will be given in such cases.

Partners already plugged into the API:

API Document:



GoPlus Security

Empowering a #SaferWeb3 with user-driven, open access security solutions. Championing user education for a fortified front against adversaries.

Recommended from Medium


See more recommendations