Regístrese ahora para una mejor cotización personalizada!

Noticias calientes

Hackers hijack smart contracts in cryptocurrency token 'rug pull' exit scams

Ene, 24, 2022 Hi-network.com

Researchers say that hackers are abusing misconfigurations in smart contracts to launch token rug pulls. 

More Crypto

  • How do I buy Bitcoin? Here's how it works
  • The best crypto credit cards
  • Top crypto exchanges: The ones you need to know
  • Must-have cryptocurrency hardware wallets: Keep your cryptocurrency safe

Despite the current volatility in the cryptocurrency market, with prices for many popular coins, including Bitcoin (BTC) plunging, interest in the crypto, token, and NFT spaces remains stable. 

2021 was a record-breaking year for cryptocurrency-related theft and fraud. Cybercriminals netted an estimated$14 billion in cryptocurrency, and fraudulent schemes involving digital assets continue to evolve.

On Monday, Check Point Research (CPR) said that scammers are now turning their attention to smart contracts, with misconfigurations utilized to launch new crypto tokens -- before an inevitable "rug pull" takes place. 

Rug pulls occur when crypto or virtual asset project developers manipulate a token's perceived worth and then abandon the project -- taking investor funds with them. 

A recent example is the SQUID token, which saw the token reach$2,850 in value at its peak. Once the developers' rug pulled and prevented traders from selling, the coin crashed by over 99.99%, rendering it basically worthless while netting the developers millions of dollars. 

Some indicators of a potential token scam include 99% buy fees and mechanisms that prevent investors from reselling. According to the researchers, flaws in smart contract code and vulnerabilities can also be harnessed by external attackers to increase the risk of a project losing investor money.

Fraudsters employ a range of tactics to conduct a rug pull, including the use of scam services to create smart contracts, which are then issued a new token name and symbol before becoming public. The manipulation of functions to create hidden triggers to launch a rug pull may also be included. 

Social media networks are then used to hype up a token -- and its perceived value -- before an exit scam occurs. In addition, timelocks are not usually imposed. 

"Timelocks are mostly used to delay administrative actions and are generally considered a strong indicator that a project is legitimate," the researchers noted. 

Buy and sell fees are a common technique for rug pulls. In a smart contract examined by CPR, the firm discovered both "approve" and "aprove" functions. The former was a legitimate, standard function for contract transactions, whereas "aprove" was hidden and designed to allow the developers to impose 99% fees after a project took off. 

"A legitimate token will not charge fees or will charge hardcoded values that can't be adjusted by the developer," CPR says. 

Another example of potential scam mechanisms is a hidden function that allows developers to create more coins or control who can sell tokens. In the source code of a basketball-themed smart contract, the team found a transfer function that prevented reselling by average traders -- a similar element used by SQUID. 

A function found in a separate contract that allowed an attacker exploited coin minting after the contract's private key was accidentally leaked online. A threat actor was able to use the key to fraudulently mint millions of virtual coins before withdrawing them. In the same contract, an error in emergency withdrawal functions was also exploited. 

Attackers may also burn tokens to ramp up the price of existing pools. A failure to limit external burns in the Zenon Network was exploited in 2021, leading to a pool drain and the theft of over$814,000 from the project. 

"It's hard to ignore the appeal of crypto," CPR says. "It's a shiny new thing that promises to change the world, and if prices continue on their upward trajectory, people have an opportunity to win a significant amount of money. However, cryptocurrency is a volatile market. Scammers will always find new ways to steal your money using cryptocurrency."

Previous and related coverage

  • Amazon fake crypto token investment scam steals Bitcoin from victims.
  • Cryptocurrency scams pose largest threat to investors.
  • 2020's worst cryptocurrency breaches, thefts, and exit scams.

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Etiquetas calientes: tecnología seguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.
Our company's operations and information are independent of the manufacturers' positions, nor a part of any listed trademarks company.