The cryptocurrency industry, often celebrated for its revolutionary technology and potential for financial freedom, has unfortunately become a fertile ground for scams and fraudulent activities. A recent investigation by Blockfence, a leading blockchain security firm, has uncovered a new breed of crypto scam that has managed to deceive even the most astute “rug pull detectors” in the industry. This article delves into the intricacies of this scam, revealing its unique mechanisms and alarming success rate.
The Ingenious Scam Method
The scam begins with fraudsters creating tokens that mimic upcoming crypto projects. This tactic preys on the fear of missing out (FOMO) that is rampant among crypto investors, luring them into a trap. Pablo Sabbatella, the head of security research at Blockfence, explains that these scammers cleverly manipulate the maximum token supply through a series of minting and burning, accompanied by a deceptive code bait-and-switch strategy.
The process is initiated by transferring approximately 10-20 Ethereum (ETH) to an externally owned account. This fund is then used to generate counterfeit tokens, injecting fake liquidity into the scam project. By doing so, they fabricate a sense of legitimate trading volume in liquidity pools on Ethereum-based decentralized exchanges like Uniswap.
Advanced Deception Techniques
To further entrench their deception, the scammers introduced a lock() function on the LP tokens, giving investors a false sense of security against rug pulling. The scam reaches its peak when the price of the counterfeit token is artificially inflated through wash trading, followed by the execution of the setUserBalance function. This function updates the victim’s token balance to “1” and technically burns the token, rendering it unsellable while still visible in the victim’s wallet.
Sabbatella notes that the scammer would eventually remove the liquidity from the liquidity pool (LP), causing the token’s value to nosedive. Interestingly, to avoid drawing undue attention, the scammers return a portion of the stolen funds, typically between 5-20 ETH, to each scam.
Another concerning aspect of this scam is the renouncement of ownership of the token contract by the contract owner and creator, a move designed to bypass certain detection tools. Consequently, victims purchasing these tokens are misled, as even sophisticated rug pull detectors fail to mark these tokens as unsafe.
The Alarming Scale of the Scam
Blockfence has identified approximately 1,300 separate incidents of similar rug pulls on the Ethereum network. In one notable instance, a scammer utilized these techniques to create a “Blockfence token,” successfully absconding with 23.6 ETH, valued at approximately $53,000.
Exploitation of Meme Coin Popularity
Adding to their deceptive arsenal, these scammers have also impersonated tokens like Wisealth, RabbitRun, DreamFi, and various meme coins. They have created tokens with similar names such as AIPEPE, Purple Pepe, Pepe Chain, Pepe Race, and Baby Pepe to capitalize on the meme coin craze.
A Silver Lining in Crypto Security
Despite the sophisticated nature of these scams, there is a silver lining. 2023 witnessed a slight decline in hacking incidents targeting the crypto industry. According to a report from De.FI, a well-known web3 security firm with a comprehensive REKT database, hackers stole $2 billion in digital assets over the year. While this figure is alarming, it marks the first decrease in crypto hacking incidents since 2021.
Conclusion
The emergence of this new scam technique is a stark reminder of the continuous evolution of threats in the cryptocurrency space. It underscores the need for heightened vigilance and advanced security measures among investors and platforms alike. As the industry grows, so does the sophistication of those looking to exploit it, making it imperative for all stakeholders to stay informed and cautious in their crypto endeavors.