Blockchain security firm Blockfence recently uncovered an intricate scam method that has defrauded over 42,000 victims of more than $32 million since April 2023.
What Happened: Blockfence head of security research Pablo Sabbatella detailed in a Jan. 18 report how scammers successfully evaded detection from many industry-standard "rug pull detectors."
The culprits essentially manipulated token supply figures by messing with the minting and burning functions of smart contracts, Sabbatella explained.
Minting and burning relates to the creation and destruction of cryptocurrency tokens.
The scammers' strategy involves creating fake tokens that mimic those of upcoming cryptocurrency projects, exploiting investors' fear of missing out (FOMO) upon the launch of promising projects.
Sabbatella elaborated that the scammers start by transferring 10–20 Ether ETH/USD to an externally owned account, which is then used to generate these fraudulent tokens. These are used to create seemingly legitimate trading activity in liquidity pools on Ethereum-based decentralized exchanges like Uniswap UNI/USD by injecting fake liquidity.
A key deception technique involves the use of a lock() function on the liquidity pool (LP) tokens, giving investors a false sense of security against rug pulls. The lock() function usually serves to lock a token's liquidity pool, ensuring the developer cannot suddenly remove all liquidity and send the token price to zero.
The scammers then execute a function that reduces the victim's token balance to "1." This makes it effectively unsellable, as the scammer has technically burned the victim's tokens. The token, however, remains visible in the victim’s wallet, adding to the illusion.
"The scammer then removes the liquidity from the LP, dropping the token value to nearly zero," Sabbatella explained.
To avoid drawing excessive attention, the scammers would return a portion of the stolen ETH, typically between 5–20 ETH, from each fraudulent operation.
Additionally, the scammers' technique includes the token contract's creator renouncing ownership, a move that helps bypass some detection tools.
"By doing this, the victims buying the token are misled, as some rug pull detectors even miss and mark this token as 'safe,'" Sabbatella stated.
Read Also: Bitcoin ETFs Are A Bust One Week In: Why This Analyst Says 'R-E-L-A-X'
Why It Matters: Blockfence has identified 1,300 instances of similar rug pulls on Ethereum.
Notably, one scammer created a "Blockfence token" using these sophisticated techniques, ultimately stealing 23.6 ETH, valued at approximately $53,000.
Sabbatella also noted that scammers impersonated other tokens like Wisealth, RabbitRun, and DreamFi.
Exploiting the popularity of memecoins, scammers have also created deceptively named tokens like AIPEPE, Purple Pepe, Pepe Chain, Pepe Race, and Baby Pepe.
Instances where a token's liquidity is suddenly removed by the developer, so-called rug pulls, are common in the cryptocurrency space. A 2022 study claimed 98% of tokens between 2018 and 2021 were rug pulls.
Shutterstock
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
