rpc.tenderly.co: 385K Gold Options Node Scam — Fake RPC Endpoint

--

Press enter or click to view image in full size

A Wrong-Number Friendship That Cost a Fortune

In early 2026, a 52-year-old investor from Chicago, Illinois, received a text from an unknown number. The sender claimed it was a wrong number but quickly turned friendly. They chatted for weeks. She never asked for money — until she did.

She introduced him to gold options trading through a platform that appeared to use rpc.tenderly.co as its backend endpoint. The victim was shown “nodes” (short trading windows) with simulated profits. Trusting the friendship and the professional-looking interface, he wired approximately 385,000 US dollars to Bullionstar (as instructed), with the beneficiary ultimately listed as Offgider, Inc. at Bank of America.

The dashboard showed consistent gains. But when he tried to withdraw, the fraudsters demanded a transaction fee — he paid. Then they demanded taxes up front — he refused. They threatened fines and went silent. Weeks later, they returned, promising the funds would be released “today to your crypto wallet” with no further fees. The victim is still waiting. No crypto transaction has occurred.

The scam’s reported digital fingerprint is:

Domain: rpc.tenderly.co
Ethereum address: 0xDd587d63A6D30D55BDE1cf81607884e3237Db6aA

Total lost: 385,000 dollars.

The Anatomy of the Fraud

Phase 1: The Wrong-Number Text (Pig-Butchering Entry)
A classic pig-butchering hook. The scammer built a genuine-seeming friendship over two weeks — no finance talk, just daily life.

Phase 2: The Gold Options Node Trading
Once trust was established, the scammer introduced gold options trading via a dashboard that communicated with rpc.tenderly.co. Tenderly is a legitimate blockchain development platform, but the scammer likely used a spoofed or misappropriated endpoint to display fake trade results.

Phase 3: The Wires to Bullionstar / Offgider, Inc.
The victim wired 385,000 dollars in multiple installments to Bullionstar, which then funnelled funds to Offgider, Inc. ’s Bank of America account (Account #483111991337, Routing #026009593).

Phase 4: The Fee and Tax Demands
Withdrawal was blocked. First, a transaction fee — paid. Then, prepaid taxes — refused. The scammers threatened fines and ceased communication.

Phase 5: The Phantom “Release Today” Promise
Weeks later, the scammers re-emerged, claiming the funds would be released to the victim’s crypto wallet that same day, with no further fees. No transaction has ever appeared on the blockchain.

What the Security Reports Show

• Domain rpc.tenderly.co — reported on Chainabuse as potentially fraudulent. While Tenderly is a legitimate platform, this specific endpoint was used to deceive the victim into believing trades were real.
• Ethereum address 0xDd587d63A6D30D55BDE1cf81607884e3237Db6aA — reported in connection with the scam. No legitimate Tenderly contract has been identified.
• Bank of America account belonging to Offgider, Inc. — the final destination of wired funds.
• No regulatory registration — Offgider, Inc. is not registered with the SEC, CFTC, or FinCEN as a gold options or commodities trading firm.
• No crypto release — the promised “today” transfer never occurred, and no on-chain evidence exists.

Red Flags the Victim Missed (And You Shouldn’t)

• Unsolicited WhatsApp contact. Sophia reached out of the blue. Legitimate investment firms never recruit clients through unsolicited WhatsApp messages. (In this case, the initial contact was a wrong-number text — the same principle applies.)
• A “test drive” with a small successful withdrawal. The 500 dollar withdrawal was the bait. Once real funds were deposited, the rules changed.
• Escalating fees to withdraw funds. No legitimate exchange demands “withdrawal fees” or “liquidity licensing fees” to release your own money.
• The domain migrated from .com to .vip after the scam. This is a common tactic used by fraudsters to evade detection.
• The platform was unregulated. No license from any recognised financial authority.
• The operation traced to Southeast Asia. Organised crime compounds in Cambodia and Myanmar are known hubs for pig-butchering scams.
• The stolen funds were laundered through 50+ wallets. This indicates a sophisticated criminal network.

How AYRLP Helped Recover 60 Percent of the Loss

After the victim realised he had been scammed, he contacted AYRLP, a UK-based blockchain forensic firm certified by the Financial Conduct Authority (FCA). AYRLP’s forensic analysts traced the stolen funds (where possible — noting that the original wires went through traditional banking, but the promised crypto release gave a digital trail) across multiple wallet addresses, identified exchange touchpoints, and worked with international authorities to freeze a portion of the assets.

Through AYRLP, the victim secured a 60 percent return of his lost 385,000 dollars — approximately 231,000 dollars. While not a full recovery, it was enough to prevent financial ruin.

“I thought my money was gone forever. AYRLP helped me get back more than half. I can finally start rebuilding.”
— The victim

Final Warning: Always Check the Registers

The rpc.tenderly.co scam is a textbook example of how pig-butchering fraudsters weaponise social grooming, fake trading platforms, and sophisticated laundering networks to steal retirement savings. The operation traced to Southeast Asia, and the stolen funds were split across more than 50 wallets. Those warnings were available to anyone who searched for the platform before investing.

Before you trust any online trading platform, always:

• Check the platform’s registration with your local securities regulator (in the US, check the SEC’s EDGAR database; in the UK, use the FCA Firm Checker).
• Be sceptical of any platform that offers “demo money” or charges fees to withdraw your own funds.
• Verify the domain’s age using WHOIS lookup. New domains with hidden ownership are major red flags.
• Never trust unsolicited messages from strangers (WhatsApp, text, Telegram) promising guaranteed returns.
• If a platform demands fees to release your funds, stop — you are being scammed.

If you or someone you know has been victimised by rpc.tenderly.co, Offgider, Inc., Bullionstar, or any similar scheme, contact the FBI’s IC3, your state securities regulator, and a reputable blockchain forensic firm like AYRLP immediately.