How Scammers Exploited FOMO and Deceptive Codes to 42K Victims — Blockfence
A group of cryptocurrency fraudsters have managed to con more than 42,000 victims out of more than $32 million since April 2023, tricking some of the industry's “carpet pool detectors” and even a blockchain security firm announced.
Like other cryptocurrency-pool scams, the fraudsters use FOMO (fear of missing out) to mislead investors by creating tokens of a soon-to-be-launched crypto project.
However, in a report published on January 18, Pablo Sabatella, head of security research at Blockfence, explained that the fraudsters used a unique method of extracting and burning the largest supply of tokens, as well as tricking victims and using a switch method. Tricky rug-pull indicators.
Overview: This scammer has created thousands of tokens, using interesting techniques: – fake token high supply – burning users' tokens – endless capture for admins – “verified” contracts – hidden contracts – denying ownership of the contract
— Blockfence (@blockfence_io) January 12, 2024
How it works:
According to Sabatella, the scammers start the process by sending between 10-20 Ether (ETH) to a foreign-owned account and then use the funds to create a fake token.
Like many remote pool scams, fake liquidity has entered the scam project, creating the illusion of legitimate amounts in Liquid Pools (LPs) on Ethereum-based decentralized exchanges such as Uniswap.
However, the fraudster implements a lock() function on LP tokens to create the illusion that investors won't be pulled, Sabatella explained.
Once the fake token value is artificially loaded with a flush transaction, the fraudster calls the setUserBalance function. This updates the victim's token balance to “1” and makes it impossible to sell the token as the fraudster has technically burned it.
Despite this, the token can still appear in the victim's wallet, further deceiving them.
“Ultimately, the scammer removes LP liquidity, dropping the token value to something close to zero,” Sabatella explained.
Related: Orbit Chain Confirms Hacking, Warns of Fraudulent Payment Offers
Interestingly, the scammers return 5-20 ETH from each scam “to avoid attracting too much attention”.
In addition, the fraudster's technique involves the owner and creator of the contract denying ownership of the contract, which can bypass some detection tools.
“By doing this, the victims who bought the token were wrong, because even some carpetbaggers missed it and marked this token as ‘secure'.”
Sabatella said the firm has seen 1,300 different rug pulls with Ethereum following the same pattern.
12-19-2023 08:12: After many people bought Blockfence tokens, our cheater (0x45aF15) exchanged 2.20 quadrillion tokens for 23.58 ETH ($53,066.65) with Uniswap V2 Blockfence-ETH, emptying the pool. Carpet pulling everyone. pic.twitter.com/OilPq0UAHx
— Blockfence (@blockfence_io) January 12, 2024
A security executive at Blockfence said a scammer used these sophisticated techniques to create a “Blockfence token” to attract investors. In that case, the fraudster walked away with 23.6 ETH worth $53,000, Sabatella said.
He also pointed out that Wisealth, RabbitRun and DreamFi are other brands impersonated by scammers.
“Taking advantage of the memecoin trend, the fraudsters created similar names such as AIPEPE, Purple Pepe, Pepe Chain, Pepe Race and Baby Pepe,” Sabatella added.
In the year According to blockchain security platform Immunefi, $103 million will be lost to clearly identifiable fraud by 2023.
Magazine: Defy's Billion Dollar Secret: Insiders Responsible for Hacking