Fun

Scammers use memecoin ‘trending’ list to lure victims — Researcher

News Feed - 2024-09-30 11:09:29

Christopher Roark10 hours agoScammers use memecoin ‘trending’ list to lure victims — ResearcherRoffet.eth found that some coins contained obscure, difficult-to-read code that allowed the developer to transfer user’s tokens to themselves.1410 Total views6 Total sharesListen to article 0:00AnalysisOwn this piece of crypto historyCollect this article as NFTCOINTELEGRAPH IN YOUR SOCIAL FEEDFollow ourSubscribe onScammers are using a “trending” list on memecoin analytics site GMGN to lure in unsuspecting victims and steal their crypto, according to a Sept. 25 X post from security researcher Roffett.eth.


The attackers create coins that allow the developer to transfer any user’s tokens to themselves. They then pass the token back and forth between multiple accounts, artificially inflating its volume and placing it on the GMGN “trending list.”


Once the coin makes it onto the trending list, unsuspecting users buy it up, thinking it is a popular coin. But within minutes, their coins are swiped from their wallets, never to be seen again. The developer then redeposits the coin into its liquidity pool and resells it to another victim.


Roffet listed Robotaxi, DFC, and Billy’s Dog (NICK) as three examples of malicious coins found on the list.


GMGN is an analytics web app that caters to memecoin traders on Base, Solana, Tron, Blast, and Ethereum. Its interface contains several different tabs, including “new pair,” “trending,” and “discover,” each of which lists coins based on different criteria.


Roffett claims to have discovered the scam technique when friends purchased coins on the list and found that they had mysteriously disappeared. One friend believed that his wallet had been hacked, but when he created a new wallet and purchased the coins again, they were again drained from his wallet.


Magazine: ​​Bankroll Network DeFi hacked, $50M phisher moves crypto on CoW: Crypto-Sec


Intrigued by the mystery, Roffett investigated the attacks using a block explorer and found that they appeared to be run-of-the-mill phishing attacks. The attacker called a “permit” function and appeared to have provided the user’s signature, which shouldn’t have been possible unless the user was tricked by a phishing site. However, the friend denied that he had interacted with suspicious websites before either of the two attacks.


One of the stolen coins was NICK. So Roffet investigated NICK’s contract code and found that it was “somewhat strange.” Instead of containing the usual stock code found in most token contracts, it had “some very odd and obfuscated methods.”


As evidence of these odd methods, Roffet posted an image of NICK’s “performance” and “novel” functions, which have unclear text with no obvious purpose.NICK performance and novel functions. Source: Roffett.eth


Eventually, Roffett discovered that the contract had malicious code inside of one of its libraries. This code allowed the “recoverer” (developer) to call the “permit” function without providing the tokenholder’s signature. Roffett stated:“If the caller"s address equals the recoverer, then by constructing a specific signature manually, one can obtain the permit permission of any token holder and then transfer the tokens.”


However, the recoverer’s address was also obscured. It was listed as a 256-bit, positive, non-zero number. Just below this number was a function that the contract used to derive the address from this number. Roffett used this function to determine that the malicious “recoverer” was a contract whose address ended in f261. 


Blockchain data shows that this “recoverer” contract has performed over 100 transactions transferring NICK tokens from the token’s holders to other accounts.Malicious account draining NICK from a user. Source: Basescan.


Having discovered how this scam worked, Roffett investigated the “trending” list and found at least two other tokens that contained similar code: Robotaxi and DFC.


Related:What is a honeypot crypto scam and how to spot it?


Roffett concluded that scammers have probably been using this technique for some time. He warned users to stay away from this list, as using it may result in them losing funds. He stated:“Malicious developers first use multiple addresses to simulate trading and holding, pushing the token onto the trending list. This attracts small retail investors to buy, and eventually, the ERC20 tokens are stolen, completing the scam. The existence of these trending lists is extremely harmful to novice retail investors. I hope everyone becomes aware of this and doesn"t fall for it.”


Scam tokens or “honeypots” continue to pose risks to crypto users. In April, a scam token developer drained $1.62 million from victims by selling them a BONKKILLER token that did not allow users to sell it. In 2022, blockchain risk management firm Solidus released a report warning that over 350 scam coins had been created over the course of the year.# Blockchain# Hackers# Tokens# Scams# Hacks# DeFi# MemecoinAdd reaction

News Feed

China Censors Crypto-Themed Short Videos Shared Online
China Censors Crypto-Themed Short Videos Shared Online An industry organization controlled by the Chinese government has updated a list of topics users of video-sharing apps should
Solana Faces Make-Or-Break Moment As $1.77 Billion Unlock Looms
Este artículo también está disponible en español. In a technical chart shared today, crypto analyst Koroush Khaneghah, Founder of Zero Complexity Trading, underscores Sol
Russia, Ukraine Shut Down Several Cryptocurrency Farms
Russia, Ukraine Shut Down Several Cryptocurrency Farms Authorities in Russia and Ukraine have closed down a number of illegal crypto mining facilities allegedly powered by stolen e
Chainalysis Study Shows ‘Criminal Whales’ Hold $25B in Digital Assets, Entities Represent 3.7% of All Crypto Whales
Chainalysis Study Shows "Criminal Whales" Hold $25B in Digital Assets, Entities Represent 3.7% of All Crypto Whales According to research published by Chainalysis, criminal entitie
Uniswap CEO warns US President to reverse course on crypto policies
Turner Wright5 hours agoUniswap CEO warns US President to reverse course on crypto policiesHayden Adams suggested that crypto policies from the SEC and Senator Elizabeth Warren could hurt President Joe Biden’s chances
Bitcoin Wallet Review: BC Vault Throws Down the Gauntlet to Trezor
The Bitcoin hardware wallet space is increasingly active, with new entrants coming up all the time. If you search “hardware wallet” on Amazon, you get dozens of options. The two most well-known companies, of
XRP Multi-Timeframe Breakdown: Here’s What Comes Next
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Tristan Greene6 hours agoGoogle Cloud is now a validator on the Polygon networkAccording to Polygon, “the same infrastructure used to power YouTube and Gmail” will help secure its network.8277 Total views39 Total sha
If Dogecoin Mirrors Last Cycle, The Surge To $4 Begins At Week’s End
Este artículo también está disponible en español. After a staggering rally exceeding 200% in the first two weeks of November, Dogecoin (DOGE) has entered a consolidation
Tristan Greene7 hours agoUS official confirms military concerns over China’s access to cloud technologyThe confirmation comes as tensions between the United States and China continue to rise.1030 Total views5 Total sha
Tech firms pen letter to EU requesting more time to comply with AI Act
Savannah Fortis11 hours agoTech firms pen letter to EU requesting more time to comply with AI ActTech companies release a joint letter requesting more time from the EU to comply with AI Act requirements, citing challenge
NYSE gauges interest in 24/7 stock trading like crypto: Report
Brayden Lindrea8 hours agoNYSE gauges interest in 24/7 stock trading like crypto: ReportWhile cryptocurrencies can trade and settle all day and night, stock trading has traditionally followed office hours.2345 Total view