Recently reading people here warning about and/or falling victim to Steem scammers reminds of the time I came very close to losing 10,000 Tron to an ingenious thief. And when I say close, I literally mean a near miss by a couple of seconds.
It also brings back to memory the entire spectrum of negative emotions that came along with the experience of falling into his/her trap. Shame, anger, stress, apprehension, to name a few and not necessarily in a chronological order or at the order of magnitude I felt them.
It started with what looked like an inoffensive bot. Pink was its main colour and it had advantageous features to its main Tron bot competitors, namely GoSeeditBot and RoboMiner, so what could go wrong?
Take a look for yourself and see how this once operating NTFM bot seems like a legit project.
What I didn't know back then but I learned through this incident is that all of the Tron bots owners on Telegram have access to every one of their newly created account's private key. The same probably goes for all of these other bots there, whether it can hold ERC20 tokens or else, so I recommend people be careful when using them and to not stack a significant amount of holding on any Telegram tipping bots whatsoever.
Things seemed to be running smoothly before everything went downhill. A small group of people were casually trading in the group and the bot was paying the Tron it was supposed to. But looking back after the fact I should have seen some indicators such as the bot being profitable to its users but not so much to its creator in the short term. I must have told myself unconciously that profit was being sacrificed for adoption. That, and the fact that there was only two people behind the project, one developper and a marketer shall I say, who I read later, kept getting the news about the project's progress at the same time as anybody else. And maybe they were one and the same person, that I guess I'll never really know. One ran away with a lot of money the other called itself a victim.
My main mistake came from being greedy. Instead of keeping my 10,000 TRX (which at the time was worth approximately $300) in a wallet created from a more reliable source (TronLink, TronWalletPlay, or GuildWallet for example) I decided to transfer it to the NTFM bot wallet. The idea was that not only I would continue earning my Super Representative voting rewards with the 10k but now I would also start getting some additional dividends. Today, I realize I was naive and that I should at least have had second thoughts on this opportunity that has ended up being too good to be true.
Fortunately, my careful nature with handling my digital funds probably saved me. Because, if I were to compare my actions with those of the people who, some lost way more than what was put at stake for me, I did pretty well.
As soon as my Tron arrived with the NTFM bot account I froze it. The way Tron freezing works is that it stays unreachable for 72 hours. After that period, it stays frozen by default, but unless you unfreeze then re-freeze, or freeze more on top again (and specifically for bandwith not energy, or vice versa; in other words for the very same purpose for which you froze it for the previous time) for another three days time, the coins can be unfrozen and be dispose of at one's will at any time.
What's curious is that the scammer made its only and final move no longer than a day after I sent the whole of my Tron to the bot account. At the very beginning, I was given a small amount of Tron by the bot so that I could witness that it was paying and be lured to send my very own TRX. So after a month, forgetting about it and coming back to see it functionning properly, that's when I decided moving everything I had there.
Since my Tron was frozen at the unveiling of his real intentions, my funds were somewhat safe unlike others who had made the mistake of not regularly freezing the Tron which had been in the bot's custody for 3 days or more.
That's when the final race started. Since I had learned we both had the private key, I had two options: to try to get first at unfreezing and quickly withdrawing or re-freeze every 72 hours and beat him/her at a game of patience, but that he/she could do too.
I finally decided I had to try my luck at the first opportunity. No way I would endure the anxiety associated with this no man's land situation. I had worked hard to gather this amount, adding to that I was in a bad place financially at the time, so I preferred knowing rather sooner than later if I should grieve it all. I asked a couple of my friends what I should do but probably understanding it would ultimately come down to living with my own choice they kept their advise simple and to the effect I still had a chance of success.
So I set an alarm one hour before the fateful hour. I spend that hour looking at the clock every ten minutes, developping a strategy, and practicing my routine. When the time came to do my series of mouse clicks I was ready and achieved to do as I had planned, sending my TRX to a safe wallet.
The three days before the final act felt interminable. I studied my adversary by tracking the funds going out from other compromised wallets (people were posting their public addresses on Twitter), restrained myself from going on a public witch hunt, and chose to stay in the shadow so that to not alert I was going to attempt a hit and run getting away with my own funds.
The most positive thing about this story is I learned that sometimes when staying put will serve me best, I can contain myself from unecessary reactionary actions. Even if struggling with an almost irresistable desire of taking control of an out of hand situation instinctively pulls me in that direction. His/her chances of winning were as much as mine, it would be like a coin toss, but I conscientiously knew being more motivated (because it was my money not his/hers) was playing in my favour. I could have try to lead the charge going after the theft, alerting the Tron Fondation, grouping with strangers to share my unfortunate faith, but in the end I did the best thing I could do to save myself. No more no less than actively wait.
Posted using Partiko Android