Create a malicious smart contract e.g., to divert coins / tokens

"Scammers create malicious smart contracts to divert coins or tokens of victims, who interact with a wallet “observed” by the smart contract (e.g. honeypot wallets). Tokens sent to the wallet linked to the smart contract will be immediately sent out to another wallet. Example – Honeypot: A private key for a MyEtherWallet was posted (on purpose) in a chatroom. Although the wallet did contain $5000 worth of MNE, the wallet didn’t have a single shred of ETH to pay for the ‘gas’ necessary to process transactions on the Ethereum network. Therefore, in order to successfully extract the MNE tokens, the thieves needed to send 'gas' in the form of ETH tokens. What they didn’t know was that the mastermind behind the scheme had coded a smart contract that automatically sent the incoming ETH to another address (see https://www.financemagnates.com/cryptocurrency/news/hack hackers honeypot crypto scam targets coin thieves/)."

Sub techniques (2)

ID	Name
R06	Popular messenger group identification
R07	Scam victim identification

Mitigations

ID	Mitigation	Description
M02	Check smart contract	Investors with an affinity for technology should check the lines of code of the smart contract on their own before investing.
M05	Check links	Users/investors should double check the links they press (e.g., have they changed since the last use?).
M06	Check (NFT) collections before buying them	Investors should check the genuineness of a collection or token before buying, even if they were linked by a proven source.
M11	Never share private keys or seed phrases	Cryptocurrency investors should never share their private keys or seed phrases with anyone. Legitimate persons will never ask for that information. They should also avoid using screen sharing to solve technical problems since some apps include QR codes of private keys or seed phrases which could show up during the session.
M12	Avoid / turn off direct messages / Ingore strangers	Investors, who use messenger apps, should use restricting settings. Users should never trust anyone they do not know and who is contacting them in a private message. Legitimate admins of real projects will never send a direct message first.