don’t be fooled by scams in 2022

A MetaMask token scam

Scammers have managed to scam almost 400 people for a sum of around $ 1.8 million.

The authors took advantage of the rumors around a future official token of the MetaMask wallet by announcing a token called MASK and by offering interested parties to put their money on a wETH / MASK pair on the Uniswap exchange. The pair can still be seen here.

Some users said they were able to resell their tokens for a while, something likely made possible by scammers to avoid arousing suspicion from buyers.

Then the sale became impossible once the total cash value of the pool reached $ 1 million, thus depriving the buyers of their property.

According to a Twitter thread of user coby.eth, the scammers would have succeeded in exploiting a flaw in the frontend part of the code on the DexTools site, thus showing the MASK token as verified and safe to users of the platform:

Verification pop-up captures and verified token capture– Source: Twitter

According to etherscan, a tool to track transactions taking place on the Ethereum blockchain (ETH), the person (s) who set up the fraud would have managed to transfer 475 ETH (equivalent to $ 1,594,575 at the time of writing ) and would also have nearly 10 million $ MASK tokens.

Both transactions were made from the liquidity pool hosted on the Uniswap platform and then transferred to a digital wallet.

The money was then transferred to Tornado Cash, a platform for “mixing” coins in order to make transactions completely anonymous. Thus, the person who received the benefits cannot be found.

At present, Dextools has yet to release a response regarding the security breaches within their code, which was the main driver behind the success of this scam.

? To read on the same subject: 3.6 billion dollars in Bitcoin (BTC) soar from Africrypt – The biggest exit scam in history?

The first scam of 2022

Unfortunately this is not an isolated case since a project under the name of “EtherWrapped” was born on December 31, presenting itself as an airdrop intended for users of the Ethereum blockchain.

The initial announcement has been made from a Twitter account named @etherwrapped but has since been deleted.

Users were thus invited to go to the scam site and there connect their MetaMask wallet in order to have a reward in the form of tokens baptized “YEAR” in proportion to their investments on the blockchain.

Capture the rewards offered by the YEAR token airdrop – Source: Twitter

The smart contract of the YEAR token first appeared to be unverified with the Ethereum Virtual Machine (EVM), then the creator of the token made his code public in order to have it verified so that everyone can check whether a code malicious was not there, which is the usual procedure.

According to’Twitter user meows.eth, it is a code at first glance harmless which would have made the theft possible.

The person behind the scam would have used this line of code in order toprevent the owners of the token from selling it, thus, we were able to observe an upward curve without any resale and based only on purchases.

Then, after 30 minutes, the thug would have withdrawn all the liquidity of the pool, that is 30 ETH (equivalent to $ 100,410 right now), thus lowering the YEAR token to a value of $ 0.

Note that despite the fact that the buyers have linked their MetaMask wallet to the scam site, no theft has yet to be reported directly on the buyers’ wallet. The thief would therefore have had “only” as a profit the 30 ETH from the liquidity pool, obtained thanks to the buyers of the fraudulent token.

A “Meta” scam circulates on Facebook

Some scams dare everything: for example, we can currently see an advertisement for a “Meta” token, in reference to the change of Facebook’s name.

Only, the advertising is put forward … on the Facebook site itself.

It may seem extraordinary and it is indeed the problem, it is easy to fall for the trap as it can be difficult to believe that a scam can be diffused on the platform that it spoofs!

Examples of scam advertisements – Source: Facebook

In this case, you can use the Scam Detector tool. Here, this site obtains the score of 0.6 / 100 in terms of reliability, which is the minimum. It’s a simple trick that can save you a lot of trouble.

The Rug pull method

The scams described above use the so-called “Rug pull” method (carpet pulling), a procedure unfortunately too present in the world of cryptocurrencies.

To put it simply, the scammer will bet on the FOMO (Fear Of Missing Out) effect.

He will launch a token taking care to look after his image, in particular by spending money on advertisements or even by convincing people with notoriety that his project is safe and that it will work every time.

Some also advertise on popular social networks like Instagram, Facebook or Twitter, often sending private messages to users promising them enticing airdrops or giveaways.

Thus, once the project is launched, the value of the token will soar at a dazzling rate, thus creating the famous fear of missing the opportunity to have your tokens at a reduced price in order to be able to resell them at a higher price.

Once the amount desired by the scammers, all they have to do is run with the cash register.

Rug sweater example – Source: ByBit

There are a few basic steps to take before investing in a new project:

The first is to check the white paper of the project. Although it is not a guarantee of 100% safety, it gives an idea of ​​the reliability of the project, see if it is consistent and if its drafting seems serious. Between a 5-page white paper and a 50-page white paper, it is obvious that the second will probably be more secure.

Then you can watch who is behind the project : Have its members already participated in other known projects? Do they have experience in the blockchain or technology industry? Is the project supported by well-known personalities or companies in the sector?

A more technical check is to check how are the funds of a project shared. For example, for the Ethereum blockchain, you can use etherscan and check whether a few or a lot of people hold the tokens: if very few people own all of the tokens, beware.

Another common scam method is the “Honey Pot”, which works on a slightly more complex method but which you can avoid by taking the same precautions.

In order to trap his victim, the scammer will issue a smart contract with a security flaw aimed at making him believe that he will be able to exploit it in order to earn money.

For example, she may believe that a smart contract will earn her money on a regular basis and go completely unnoticed. Except that to recover his loot, the victim will have to advance money.

Money that of course, she will never see again, since the false fault was coded in a completely voluntary way. It is a version of the “4-1-9 fraud” better known to the general public but adapted to cryptocurrency.

You can also use the honeypot detection tool for Ethereum or for the Binance Smart Chain.

Know that for the year 2021, it is more than 7.7 billion dollars that were stolen via unscrupulous methods like these in the world of cryptocurrencies, that is to say 81% more than for the year 2020 .

Volume of cryptocurrencies obtained by scammers – Source: Chainalysis

We can only recommend you to be extremely vigilant with new projects especially if they promise you the moon. Always be very careful

? To go further: Squid Game Token scam: recap of a drama in three acts