[Challenge Submission] <Cross Device Wallet Sync Trap >

[0xweb3stranger]

Challenge Title:
Cross-Device Wallet Sync Trap

Difficulty Level:

[ ] Beginner

[x] Intermediate

[ ] Advanced

Description / Scenario:
The victim is asked to sync their crypto wallet (e.g. MetaMask, Trust Wallet) between mobile and desktop using a QR code or deep-link. The attacker provides a fake wallet sync interface, tricking the victim into signing a malicious approval or revealing sensitive access.

Learning Objective:
Players will learn to recognize and avoid fake wallet sync prompts and understand the risk of scanning QR codes or clicking sync links outside the official wallet interface.

Phishing Technique Used:

Deep-link deception using fake wallet connection prompts

QR phishing that mimics legitimate device sync behavior

Signature or approval bait disguised as a syncing request

JavaScript-level spoofed modal interface that simulates official wallet behavior

🪙 Reward Wallet Address (USDT - ERC20 Polygon/Arbitrum)

< 0xc9e7e459d2bef4e6493a76543c7ed0de06dc6bac >

---

✅ By submitting this challenge, I agree to open-source it under the project's license and allow the Unphishable team to modify or improve it for consistency.

[SunWeb3Sec]

This scenario looks good. We will follow up if this challenge is qualified.

[0xweb3stranger]

This scenario looks good. We will follow up if this challenge is qualified.

Ok sir

[SunWeb3Sec]

@0xweb3stranger you can start to develop this challenge. Thanks a lot!