Another day another Rug Pull scam that involves exploiting smart contract vulnerability.
Scammers are exploiting misconfigurations in smart contracts to create fake cryptocurrency tokens to steal funds from innocent users. According to researchers at Check Point, this newly identified token fraud includes concealing backdoor routines and hiding around 99% of fee functions. This scam comes despite the ongoing crypto market volatility as rates of a majority of the popular coins, including Bitcoin, have plunged considerably.
What are Smart Contracts?
Smart contracts are programs stored on the blockchain platform and executed automatically when the predetermined terms and conditions of the contract are met. Through smart contracts, it is possible to conduct trusted agreements and transactions between different parties without the involvement of a central authority.
Details of the Scam
According to a report from Check Point Research published Monday, scammers are exploiting misconfigured smart contracts to launch new crypto tokens before Rug Pull occurs.
For your information, Rug Pull occurs when a crypto or digital asset’s developer manipulates a token’s perceived worth. After the developer has the rug pulled, traders won’t be allowed to sell the coin, and it will crash by over 99.99%.
In other words, it will be rendered worthless, and the developers will earn millions of dollars. The most common indicator of a token scam is 99% buy fees and methods that prohibit investors from reselling.
Check Point researchers revealed that attackers could harness smart contract code flaws and vulnerabilities to augment further the risk of a project losing investor money.
Attack Tactics
Scammers are using different tactics to carry out a rug pull. This includes using scam services to create smart contracts. New token names and symbols are then issued before making them public. This may also include manipulating functions to generate hidden triggers to launch a rug pull. The token and its perceived value are then popularized through social media networks prior to launching an exit scam. However, timelocks aren’t imposed at this stage.
Timelocks are mostly used to delay administrative actions and are generally considered a strong indicator that a project is legitimate.”
Dikla Barda Roman Zaikin & Oded Vanunu – Check Point
The researchers also examined a smart contract and discovered that Approve and Aprove, both functions were included. While Approve is a legitimate function to carry out contract transactions, the Aprove function is specifically included to allow developers to impose 99% fees after the project has taken off.
It is worth noting that a legitimate token like Verify Token, for example, would not charge fees, and if it does, it would be a hardcoded value, which the developer cannot adjust.
The team also examined the source code of a basketball-themed smart contract where a hidden transfer function was included that allowed developers to prevent reselling by average traders. Through hidden functions like these, developers can create more coins or oversee and control who can sell tokens.
It’s hard to ignore the appeal of crypto. It’s a shiny new thing that promises to change the world, and if prices continue on their upward trajectory, people have an opportunity to win a significant amount of money. However, cryptocurrency is a volatile market. Scammers will always find new ways to steal your money using cryptocurrency.”
Check Point
More crypto scam news on Hackread.com:
Scammers Netted $7.7 Billion worth of Cryptocurrency in 2021
HackRead & Verify announce partnership to combat crypto scams
North Korean hackers stole $1.7 billion from cryptocurrency exchanges
Norton anti-virus installs cryptominer on devices but there is a way out
Multichain hack: Hacker returns $1 million, keeps $150k as a bug bounty