{"id":50157,"date":"2023-01-18T00:00:00","date_gmt":"2023-01-18T00:00:00","guid":{"rendered":"urn:uuid:1b797037-3940-d7b9-96f6-101a24b4763e"},"modified":"2023-01-18T00:00:00","modified_gmt":"2023-01-18T00:00:00","slug":"payzero-scams-and-the-evolution-of-asset-theft-in-web3","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/","title":{"rendered":"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/payzero-web3-641.jpg\"><!-- OneTrust Cookies Consent Notice start for trendmicro.com --><!-- OneTrust Cookies Consent Notice end for trendmicro.com --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"In this entry we would like to discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam \u201cPayzero\u201d.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"cyber crime,web,research,articles, news, reports,cyber threats\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2023-01-18\"> <meta property=\"article:tag\" content=\"cyber threats\"> <meta property=\"article:section\" content=\"research\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/a\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.html\"> <title>\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/a\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.html\"><br \/>\n<meta property=\"og:title\" content=\"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3\"><br \/>\n<meta property=\"og:description\" content=\"In this entry we would like to discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam \u201cPayzero\u201d.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/payzero-web3-641.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3\"><br \/>\n<meta name=\"twitter:description\" content=\"In this entry we would like to discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam \u201cPayzero\u201d.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/payzero-web3-641.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"51.058582408198\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"809603945\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"11.248786407767\">\n<div class=\"article-details\" role=\"heading\" readability=\"42.06067961165\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Cyber Threats<\/p>\n<p class=\"article-details__description\">In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam \u201cPayzero\u201d.<\/p>\n<p class=\"article-details__author-by\">By: Fyodor Yarochkin, Vladimir Kropotov, Jay Liao <time class=\"article-details__date\">January 18, 2023<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"41\">\n<div readability=\"27\">\n<p>Web3 is a lucrative emerging technology where many participants seek quick profit via the different methods of monetization for their online assets. What makes Web3 different from what\u2019s typically called Web2 is that its&nbsp; users are not only participants but are also the owners of digital assets. Web3 users no longer employ the traditional user and password method for authentication. Instead, the user owns a pair of cryptographic keys and sign the messages. The signature is then used to validate and authenticate user actions.<\/p>\n<p>Compared to Web2, this adds a new layer of complexity as the new paradigm and authentication mechanism can be challenging to comprehend. In Web2, users can employ usernames and passwords for authentication with large online service providers. These companies can then cover the authentication process against third party applications, leaving users to be responsible for remembering the usernames and passwords they use for these service providers.<\/p>\n<p>In Web3, the most import credential \u2014 the private key of the wallet address \u2014is owned by the user. Users must handle these authentication scenarios on their own, which can be a complicated process, especially for newcomers. Figure 1 shows a comparison between Web2 and Web3 from an authentication standpoint.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"4689cb\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-1.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-1.jpg\" alt=\"Figure 1. A comparison of Web 2 and Web3 authentication models\"> <\/a><figcaption>Figure 1. A comparison of Web 2 and Web3 authentication models<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"34\">\n<div readability=\"13\">\n<p>It is difficult, or even nearly impossible for users to remember their cryptographic key, so seed phrases, which are somewhat easier to remember or write down accurately, are used to backup and recreate cryptographic keys.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"91111e\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-2.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-2.jpg\" alt=\"Figure 2. A fake WalletConnect phishing page from a phishing kit seller demo\"> <\/a><figcaption>Figure 2. A fake WalletConnect phishing page from a phishing kit seller demo<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"50.823571175009\">\n<div readability=\"47.369542066028\">\n<p>What exactly are seed phrases? Seed phrases are typically a human-readable sequence of words that could be remembered or written down. Since cryptographic keys are difficult to remember, these seed phrases are used to recover the keys. There is even a saying in world of cryptocurrency \u2014 \u201cnot your keys, not your coins\u201d, referring to the risks of custodial wallets (which are when private keys are managed by a third party). Seed phrases are as important as the keys themselves because they are sufficient enough to create a copy of the keys.<\/p>\n<p>However, as with any new technology, its complexity may lead to several hidden traps. For example, phishing for seed phrases by providing fake <a href=\"https:\/\/walletconnect.com\/\">WalletConnect<\/a> interfaces have become very widespread. There are several scam schemes that have evolved around seed phrase manipulation. A basic example is the theft of wallets via seed phrase phishing or collection. Other examples include using multisignature wallets, wherein malicious actors post seed phrases on forums asking users for help. These seed phrases will act as a trap for online users, who naively think that they can simply take over the wallet of the poster by using those phrases. While they may try to wire money into this wallet for testing purposes, only the original owner of the multiple (thus multisignature) keys is able to control funds and wire money out, therefore trapping these \u201ctesting funds\u201d inside the wallet.<\/p>\n<p>The diversity and complexity of abuse in Web3 is significant, and as cybercriminals rapidly adapt to the fast-paced Web3 technology, defenders must keep up with evolving abuse scenarios.<\/p>\n<p>In this entry we would like to discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam \u201cPayzero\u201d.<\/p>\n<p>In essence, Payzero is a fraudulent scheme where the attackers typically pay nothing to the victim for their digital assets and simply trick them &nbsp;into allowing the transfer of token ownership. Some variants of this scheme were already discussed in <a href=\"https:\/\/www.trendmicro.com\/en_hk\/research\/22\/c\/an-investigation-of-cryptocurrency-scams-and-schemes.html\">our previous publication<\/a> but the volume of activity and associated monetary loss makes us believe that this needs to be explored further. We used datamining techniques to understand the scale of this growing problem.<\/p>\n<p>Before examining its scale, let\u2019s look at a typical Payzero scam scenario. This involves several actors, with Figure 3 illustrating a simple example of this.<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">A buyer: the scammer who intends to take over the tokens.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">A seller: the potential victim.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">A new token owner: it can either be the buyer or a<sup> <\/sup>third party designated by the scammer.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">A token: An NFT token. It can be any ERC721, ERC1155 and ERC20 token. One scam event can lead to the loss of multiple tokens.<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"c4f402\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-3.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-3.jpg\" alt=\"Figure 3. An example showing a Payzero scam\"> <\/a><figcaption>Figure 3. An example showing a Payzero scam<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"38\">\n<div readability=\"21\">\n<p>In a normal transaction, a seller places the token for sale in one of the various token marketplaces, such as Opensea. When the seller is approached by a buyer, the transaction takes place via the platform\u2019s smart contract, transferring the funds and ownership of the token to the new owner.<\/p>\n<h2><span class=\"body-subhead-title\">On-chain vs off-chain marketplaces<\/span><\/h2>\n<p>With off-chain marketplaces, the owner of the NFT token holds the ownership of the token until the transaction to the owner takes place. Meanwhile, with on-chain marketplaces, the token owner transfers the ownership of the tokens to the marketplace\u2019s smart contract and then trading takes place. The trade-off here is the transaction complexity vs. the cost-benefit on the transaction fees.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"491870\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-3.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-4.jpg\" alt=\"Figure 4. Diagram showing an on-chain NFT trading transaction\"> <\/a><figcaption>Figure 4. Diagram showing an on-chain NFT trading transaction<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"1d4965\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-4b.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-4b.jpg\" alt=\"Figure 5. Diagram showing an off-chain NFT trading transaction\"> <\/a><figcaption>Figure 5. Diagram showing an off-chain NFT trading transaction<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"39\">\n<div readability=\"23\">\n<h2><span class=\"body-subhead-title\">Scam Transaction scenarios<\/span><\/h2>\n<p>Imagine a scenario where a victim lists his tokens on a markerplace such as Opensea. In the scam transaction scenario, a buyer (the scammer) usually approaches the victim using a social media or communication platform such as Twitter or Discord and asks the seller to sell the tokens to the buyer.<\/p>\n<p>In earlier versions of the scam (known as the \u201cSetApprovalForAll scam), the scammer would propose to conduct a transaction via a third party site. When the victim agrees to the transaction, the scammer can take ownership of the NFT tokens because the victim calls a smart contract API and gives the scammer operation permission.<\/p>\n<p>Since this has been happening for a while, many users have grown aware of this scam and have become cautious when they are offered to run transactions via a third party. Some wallets have also implemented measures to address the signature scam problem, as seen in Figure 6.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"927ad5\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-5.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-5.jpg\" alt=\"Figure 6. Measures to minimize the effectivity of signature scams\"> <\/a><figcaption>Figure 6. Measures to minimize the effectivity of signature scams<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<p>In the Payzero scam, the owner of the digital assets (NFT tokens) simply \u201cagrees\u201d to sell the digital assets to the new owner at zero cost. By agreeing to this transaction, the user will sign off the transfer of token ownership for free.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"fb83e2\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-6.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-6.jpg\" alt=\"Figure 7. Owners selling digital assets for free to the buyer\"> <\/a> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"f7da90\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-7.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-7.jpg\" alt=\"Figure 7. Owners selling digital assets for free to the buyer\"> <\/a><figcaption>Figure 7. Owners selling digital assets for free to the buyer<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"29.421686746988\">\n<div readability=\"9.8072289156626\">\n<h2><span class=\"body-subhead-title\">The scale of the problem<\/span><\/h2>\n<p>By using a heuristic rule on the blockchain, we were able to record the number of potential token theft incidents from August to December 2022. &nbsp;Figure 8 shows the addresses that have performed the highest number of Payzero scams. We found internet sleuths and victims <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1584955958769614849?s=20&amp;t=uR7gHd5gUytJ8JH2nKRaxQ\">discussing these scammers on Twitter<\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"926521\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-8.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-8.jpg\" alt=\"Figure 8. Wallets that have performed the Payzero scam the highest number of times\"> <\/a><figcaption>Figure 8. Wallets that have performed the Payzero scam the highest number of times<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"d05e63\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-9a.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-9a.jpg\" alt=\"Figure 9. Discussion on Twitter about the scammer\u2019s addresses\"> <\/a> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"d294c4\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-9b.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-9b.jpg\" alt=\"Figure 9. Discussion on Twitter about the scammer\u2019s addresses\"> <\/a> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"06d3d4\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-9c.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-9c.jpg\" alt=\"Figure 9. Discussion on Twitter about the scammer\u2019s addresses\"> <\/a><figcaption>Figure 9. Discussion on Twitter about the scammer\u2019s addresses<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34\">\n<div readability=\"13\">\n<p>Figure 10 shows the scam events triggered by these five addresses. More than 3,000 Payzero scam events occurred from August to December 2022, with over 5,000 NFTs being involved (with the total price of the NFTs being around 3,000 ETH or approximately US$3.6 million)&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"47bc60\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-10.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-10.jpg\" alt=\"Figure 10. The number of PayZero scam events from August to December 2022\"> <\/a><figcaption>Figure 10. The number of PayZero scam events from August to December 2022<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>Meanwhile, Figure 11 shows the top ten high-value NFT collections that were involved in these scams and how much was stolen.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"422cf0\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-11.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-11.jpg\" alt=\"Figure 11. High-value NFT collections that were involved in the PayZero scams\"> <\/a><figcaption>Figure 11. High-value NFT collections that were involved in the PayZero scams<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.397452229299\">\n<div readability=\"18.177070063694\">\n<p>Cybercriminals have been following Web3 trends and have been rapidly adapting to the changes in technology. Many underground forums sell services that can tailor new technologies to the customer\u2019s needs and can even automate nearly every part of the abuse process. Since massive amounts of money are involved, the tools for the theft of cryptographic keys and seed phrases are widely traded in the underground. Furthermore, specific malware variants are being <a href=\"https:\/\/blog.sekoia.io\/aurora-a-rising-stealer-flying-under-the-radar\/\">developed to harvest crypto assets<\/a>.<\/p>\n<p>The underground service offerings, which have been rapidly evolving, offer anything from phishing kits and analysis tools for stolen data designed to search for cryptocurrency assets, to the automated verification of available digital assets.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"d998a7\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-12b.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-12b.jpg\" alt=\"Figure 12. Development service for seed phrase phishing sites\"> <\/a><figcaption>Figure 12. Development service for seed phrase phishing sites<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"3b62d5\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-13b.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-13b.jpg\" alt=\"Figure 13. OpenSea phishing site on sale for US$600\"> <\/a><figcaption>Figure 13. OpenSea phishing site on sale for US$600<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<p>The seed phrases themselves are a tradeable product in underground forums, with many services being structured around the collection or analysis of seed phrases. For example, we found code that is capable of extracting seed phrases from different text sources being sold for US$800.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"19a4c4\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-14b.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-14b.jpg\" alt=\"Figure 14. Code for the extraction of seed phrases from text being sold in an underground forum\"> <\/a><figcaption>Figure 14. Code for the extraction of seed phrases from text being sold in an underground forum<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>There are also services that provide users the ability to search for seed phrases via the traditional abuse of stolen credentials. This information is then harvested from various apps (for example, from iCloud Notes).&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"e570f7\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-15.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-15.jpg\" alt=\"Figure 15. The extraction of seed phrases and private keys from iCloud Notes\"> <\/a><figcaption>Figure 15. The extraction of seed phrases and private keys from iCloud Notes<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\n<p>There is even a full-blown service, called Deepchecker, that is tailored to automate the verification of Web3 credentials. This service allows users to check and monitor the wallet balance using the provided seed phrases. It verifies over 1,000 different sources related to cryptocurrency assets.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"e6dde9\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-16.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/payzero-web3-16.jpg\" alt=\"Figure 16. The Deepchecker service to verify the balance and the value of the cryptocurrency assets\"> <\/a><figcaption>Figure 16. The Deepchecker service to verify the balance and the value of the cryptocurrency assets<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41.912117177097\">\n<div readability=\"30.215712383489\">\n<p>Users of Web3 technologies must take personal responsibility regarding the security of their assets when they interact with it. It\u2019s very easy to sign off transactions on Web3 \u2014with the downside being that a single sign off without careful validation may lead to catastrophic consequences and significant financial loss.<\/p>\n<p>Scammers often target potential victims by offering off-chain transactions via a third party website, where they can trick users into signing contracts that allow these scammers to take over the digital assets of the victims. Since the SetApprovalForAll permission issue has been technically addressed by the MetaMask wallet, scammers have been employing new methods of tricking users into giving up ownership of their assets, such as the PayZero scheme discussed in this article.<\/p>\n<p>Fortunately, there have been <a href=\"https:\/\/www.coindesk.com\/tech\/2020\/11\/10\/multisignature-wallets-can-keep-your-coins-safer-if-you-use-them-right\/\">developments to better protect wallets<\/a>, for example, multisignature wallets (which require two or more signatures to sign the transactions) can potentially minimize the impact of&nbsp; leaked seed phrases. However, it is still important for users to understand that the key risk with Web3 is that in non-custodial wallet ownership, the asset owners are fully responsible for the security of their assets during its full lifecycle unlike in custodial assets where the users&nbsp; do not &nbsp;simply own their assets and are exposed to more traditional risks such as hacking attacks, scams, and even the collapse of the custodial organizations themselves, among others.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/a\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam \u201cPayzero\u201d. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50158,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9521,9511,9509,9535],"class_list":["post-50157","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-crime","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-research","tag-trend-micro-research-web"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-18T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/payzero-web3-641.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3\",\"datePublished\":\"2023-01-18T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/\"},\"wordCount\":1834,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Crime\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Research\",\"Trend Micro Research : Web\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/\",\"name\":\"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.jpg\",\"datePublished\":\"2023-01-18T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.jpg\",\"width\":1430,\"height\":1480},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/","og_locale":"en_US","og_type":"article","og_title":"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-01-18T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/payzero-web3-641.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3","datePublished":"2023-01-18T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/"},"wordCount":1834,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Crime","Trend Micro Research : Cyber Threats","Trend Micro Research : Research","Trend Micro Research : Web"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/","url":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/","name":"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.jpg","datePublished":"2023-01-18T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/payzero-scams-and-the-evolution-of-asset-theft-in-web3.jpg","width":1430,"height":1480},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/payzero-scams-and-the-evolution-of-asset-theft-in-web3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"\u201cPayzero\u201d Scams and The Evolution of Asset Theft in Web3"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50157"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50157\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50158"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}