Brief - The Hustle

How scammers manipulate smart contracts to steal crypto

Written by Juliet Bennett Rylah | Jan 28, 2022 8:49:16 AM

In 2021, scammers made off with $14B in ill-gotten crypto. So, a lot.

According to Check Point Research, the research arm of cybersecurity company Check Point, many scammers manipulate tokens’ smart contracts — contracts that exist and run automatically as code on the blockchain.

Here’s an example of a scam

In a typical transaction, you might be charged a fee when you buy or sell tokens.

Oded Vanunu, Check Point’s Head of Products Vulnerabilities Research, told The Hustle that usually fees should be no more than 12% of the total transaction amount.

But a scammer might hide a 99% buy or sell fee in the token’s smart contract that wipes all your money. Or, they could hide a function that blocks you from selling your coins at all.

Scam tokens are often hyped on social media channels…

… like Twitter, Discord, or Telegram by anonymous accounts to inflate the coin’s value.

Once the coin is popping, the scammers pull out all their money, delete the accounts, and disappear. That’s known as a “rug pull” scam.

Remember SQUID, the “Squid Game”-inspired token? It boomed to $2.8k+ per coin, then plummeted after the developers claimed they were hacked, sold their coins, deleted their socials, and bounced with an estimated $3.3m.

Speaking of hackers…

If a legit smart contract has a vulnerability, hackers could exploit it.

For example, a hacker exploited a mistake in The Zenon Network to destroy 26.4k+ coins, causing the price of wZNN to dramatically increase. The hacker then drained the pool for $814.5k+.

So, how do you avoid scams?

Vanunu said the current state of crypto is too complex and has too many moving parts for the average user to completely understand it — though we may soon see technologies geared to help.

For now?

“My main recommendation is to go after the tokens with a large amount of holders — [at least] a few thousand,” Vanunu said.