Fun

Scammers use memecoin ‘trending’ list to lure victims — Researcher

News Feed - 2024-09-30 11:09:29

Christopher Roark10 hours agoScammers use memecoin ‘trending’ list to lure victims — ResearcherRoffet.eth found that some coins contained obscure, difficult-to-read code that allowed the developer to transfer user’s tokens to themselves.1410 Total views6 Total sharesListen to article 0:00AnalysisOwn this piece of crypto historyCollect this article as NFTCOINTELEGRAPH IN YOUR SOCIAL FEEDFollow ourSubscribe onScammers are using a “trending” list on memecoin analytics site GMGN to lure in unsuspecting victims and steal their crypto, according to a Sept. 25 X post from security researcher Roffett.eth.


The attackers create coins that allow the developer to transfer any user’s tokens to themselves. They then pass the token back and forth between multiple accounts, artificially inflating its volume and placing it on the GMGN “trending list.”


Once the coin makes it onto the trending list, unsuspecting users buy it up, thinking it is a popular coin. But within minutes, their coins are swiped from their wallets, never to be seen again. The developer then redeposits the coin into its liquidity pool and resells it to another victim.


Roffet listed Robotaxi, DFC, and Billy’s Dog (NICK) as three examples of malicious coins found on the list.


GMGN is an analytics web app that caters to memecoin traders on Base, Solana, Tron, Blast, and Ethereum. Its interface contains several different tabs, including “new pair,” “trending,” and “discover,” each of which lists coins based on different criteria.


Roffett claims to have discovered the scam technique when friends purchased coins on the list and found that they had mysteriously disappeared. One friend believed that his wallet had been hacked, but when he created a new wallet and purchased the coins again, they were again drained from his wallet.


Magazine: ​​Bankroll Network DeFi hacked, $50M phisher moves crypto on CoW: Crypto-Sec


Intrigued by the mystery, Roffett investigated the attacks using a block explorer and found that they appeared to be run-of-the-mill phishing attacks. The attacker called a “permit” function and appeared to have provided the user’s signature, which shouldn’t have been possible unless the user was tricked by a phishing site. However, the friend denied that he had interacted with suspicious websites before either of the two attacks.


One of the stolen coins was NICK. So Roffet investigated NICK’s contract code and found that it was “somewhat strange.” Instead of containing the usual stock code found in most token contracts, it had “some very odd and obfuscated methods.”


As evidence of these odd methods, Roffet posted an image of NICK’s “performance” and “novel” functions, which have unclear text with no obvious purpose.NICK performance and novel functions. Source: Roffett.eth


Eventually, Roffett discovered that the contract had malicious code inside of one of its libraries. This code allowed the “recoverer” (developer) to call the “permit” function without providing the tokenholder’s signature. Roffett stated:“If the caller"s address equals the recoverer, then by constructing a specific signature manually, one can obtain the permit permission of any token holder and then transfer the tokens.”


However, the recoverer’s address was also obscured. It was listed as a 256-bit, positive, non-zero number. Just below this number was a function that the contract used to derive the address from this number. Roffett used this function to determine that the malicious “recoverer” was a contract whose address ended in f261. 


Blockchain data shows that this “recoverer” contract has performed over 100 transactions transferring NICK tokens from the token’s holders to other accounts.Malicious account draining NICK from a user. Source: Basescan.


Having discovered how this scam worked, Roffett investigated the “trending” list and found at least two other tokens that contained similar code: Robotaxi and DFC.


Related:What is a honeypot crypto scam and how to spot it?


Roffett concluded that scammers have probably been using this technique for some time. He warned users to stay away from this list, as using it may result in them losing funds. He stated:“Malicious developers first use multiple addresses to simulate trading and holding, pushing the token onto the trending list. This attracts small retail investors to buy, and eventually, the ERC20 tokens are stolen, completing the scam. The existence of these trending lists is extremely harmful to novice retail investors. I hope everyone becomes aware of this and doesn"t fall for it.”


Scam tokens or “honeypots” continue to pose risks to crypto users. In April, a scam token developer drained $1.62 million from victims by selling them a BONKKILLER token that did not allow users to sell it. In 2022, blockchain risk management firm Solidus released a report warning that over 350 scam coins had been created over the course of the year.# Blockchain# Hackers# Tokens# Scams# Hacks# DeFi# MemecoinAdd reaction

News Feed

Helen Partz38 minutes agoCBDCs will gradually displace private banks, says Russian lawmakerSome Russian banks have been increasingly concerned about the potential implications of the digital ruble after the first pilots
Savannah Fortis5 hours agoGermany launches dog-themed NFTs to fetch cyber talent: Nifty Newsletter, June 21–28The German foreign service created a dog-themed NFT collection in the form of a treasure hunt to recruit and
JP Morgan Sees Millennials’ Bitcoin Preference Over Gold as Foundation for Its Long Term Success
JP Morgan Sees Millennials" Bitcoin Preference Over Gold as Foundation for Its Long Term Success JP Morgan says bitcoin’s 2020 surge is set to continue as
EU committees approve ban on anonymous crypto transactions via hosted wallets
Amaka Nwaokocha10 hours agoEU committees approve ban on anonymous crypto transactions via hosted walletsThe recent Anti-Money Laundering legislation imposes certain limits for cash transactions and anonymous cryptocurren
Opensea Drops Fees to Zero and Announces New Creator Earnings Model in Response to Shifting NFT Landscape
Opensea Drops Fees to Zero and Announces New Creator Earnings Model in Response to Shifting NFT Landscape The largest marketplace for non-fungible tokens (NFTs), Opensea, has annou
Bitcoin Options Giant Deribit Loses $28 Million in Hot Wallet Hack
Bitcoin Options Giant Deribit Loses $28 Million in Hot Wallet Hack The world’s largest bitcoin options exchange, Deribit, was hacked for close to $28 million, according to a
South Korean Lawmaker Says He Will Start Accepting Crypto Donations in the New Year
South Korean Lawmaker Says He Will Start Accepting Crypto Donations in the New Year Lee Kwang-jae, a South Korean lawmaker, recently stated that he will be accepting cryptocurrency
Drone Attack Boils Oil Price to Scorch Stock Market Monday
A devastating drone attack sets fire at an Aramco factory, the world"s biggest oil refinery, in Abqaiq, Saudi Arabia, September 14, 2019. | Source:Saudi Arabia is reeling this weeke
Turner Wright4 hours agoSam Bankman-Fried thought ‘taking FTX deposits through Alameda was legal’: ReportThe former FTX CEO took the stand for the first time in his criminal trial, but without members of the jury pre
Marcel Pechman10 hours agoBitcoin options: How will Friday’s $4.7B expiry impact BTC price?Bitcoin ETF requests, miners’ sell pressure, and regulatory hurdles create uncertainty for the $31,000 BTC price resistance.1
PolkaLokr Listing on AscendEX
PolkaLokr Listing on AscendEX press release PRESS RELEASE. AscendEX,formerly BitMax, an industry-leading digital asset trading platform built by Wall Street quant
Crypto Cruise Ship ‘Satoshi’ to Make Panama Bay Home
Crypto Cruise Ship "Satoshi" to Make Panama Bay HomeThe Crypto Cruise Ship called Satoshi is gearing up to set sail from the Mediterranean to Panama, where it will drop anchor and c