In a new report, the researchers of Check Point Research (CPR) analyze how the hacker carry out scams on cryptovalute, by setting up the wrong smart contracts to create fake tokens. And they give some advice on how to avoid scams “Rug Pull“, When the bad guys flee with the money shortly after the launch of the virtual coins.
Hackers’ Rug Pull Scams on Smart Cryptocurrency Contracts
The research presented by CPR, Threath Intelligence division of Check Point Software Technologies, comes from the experiences accumulated in recent months. In fact, last October, researchers identified a wallet theft of criptovalute su OpenSea, the largest NFT market. While in November, hackers used the phishing on search engines to steal half a million dollars in a few days.
How cryptocurrency hacker scams work
There are some features that according to researchers all virtual coins created just to scam you. In particular:
- Some contain one purchase fee of 99%, spend 100 euros for a 1 euro crypto
- Others have the 99% fee on sale: when the reviewers lose all their value
- There are coins that prevent the sale, only those who created them can do it
- Some tokens allow you to create more coins of the owner’s wallet and sell them
To create this type of coins, hackers create smart contracts with willful errors, storing these absurd rules in the blockchain and taking advantage of those who don’t read the transaction rules in detail. Usually the evolution of the scam is this:
- They use scam service to create the contract, they copy and paste the one of other currencies but modifying essential parts of it. They also often use the token name and symbol to deceive you
- They manipulate money transfer functions, for example by changing the fees
- They create hype sui social, especially Twitter and Telegram, to attract and advertise the token sale
- They carry out the Rug Pull, after having collected what they want, they abandon the project and delete the social channels
- They avoid timelocks, so you can withdraw currencies without having to wait longer administrative times.
How to avoid them
Check Point Research’s expert advice is simple, but it can make a difference. The first is that of severalficare i wallet. You should have at least two. One to hold purchased assets and the other to trade and exchange crypto. This way you will have a ‘investment fund’ and ‘deposit’: if hackers were to access the first, they would not affect your crypto savings. It is a tactic we are familiar with for banking security, and it also helps to invest only manageable amounts, without getting “carried away”.
Also you should ignore the ads su Google and too obvious sponsorships on social networks. In any case, always do one first test transaction with small amounts, in this way you will be able to notice hidden fees and if the wallet is fake before investing too much money. Finally, always try to use one two-factor authentication key to log in toi wallet.
Oded Vanunu, Head of Products Vulnerabilities Research at Check Point Software, explains: “Check Point Research is investing significant resources in studying the relationship between cryptocurrencies and security. Last year, we discovered cryptocurrency theft on OpenSea and also alerted cryptowallet users to a massive search engine phishing campaign that earned hackers over half a million dollars in days. In our latest report, we show what smart contract fraud looks like by exposing fake tokens in two ways: hiding 100% fee functions and then hiding backdoor ones. However, users will continue to fall into these traps, and will lose their money. Our goal is to warn the crypto community that scammers are creating fake tokens. To avoid this scam, I recommend that users diversify their wallets, ignore web ads and do test transactions. “