A new type of scam has developed and emerged in the last month. Scammers are becoming more and more sophisticated and penetrate each wallet to plant a seed to deceive every wallet owner and potentially trick users into sending money away. How has such a new scam has implemented, and how can we avoid such a new scam?
Here is a 1 min summary of the article if you want to skip the reading.
Unknown Token
If you play around with your wallet in different networks, you will realize many unknown tokens with xxxx.io in the Polygon network. You cannot resist but realize more than 800k tokens are sitting in your wallet and waiting for you to exchange them for fiat currencies. Some wallets even calculate the worth of more than $200K! You are so surprised yet so lucky that you finally made it and want to cash out.
Swap The Unknown
After doing some research about the token, a cool-looking website seems legit. A button asks you to connect your wallet to claim airdrop tokens. You then, without any consideration, connect the wallet, and they ask permission to enter your wallet. Of course, you want to have your $200K cash out immediately; you then agree to connect and start swapping tokens. There is a network fee of 2 ETH or $9K cost. You, of course, think they $9K to exchange $200K, hey! No brainer. Once you transfer the fee and agree to swap, something happens! Your wallet may empty the fund, and a network error occurred that your swap cannot be completed, but the fund you spent was gone. You then realized you got a scam!
A Combo of Airdrop + Dust Attack + Phishing Scam
This type of scam is pretty sophisticated. It is a combination of different scam types to trick users. Here is how you likely got unknown tokens from and how scammers want you to follow their steps to send funds to them.
Step 1: Free Airdrops
Scammers are well-known users eager and FOMO. So they created the airdrops site to collect wallet addresses or scan all available wallet addresses online and send tokens into wallets.
Why: the more people with fake tokens, the more likely one will fall with the tricks. Scammers use an active way to push tokens into wallets or passive to collect wallets and send tokens.
Step 2: Given a Large Number of Fake Tokens
You will realize you have at least 800k or more tokens in your wallet. Large amounts make people look into the possible way to activate such tokens. However, those amounts are just fractions of what scammers made.
Why: it is part of a dust attack. You realize those scam tokens are layer 2 tokens on Matic or Polygon network because layer 1 or blockchain has dust attack prevention. Tiny fractions of amount transactions cannot be validated through layer 1 but it is easily get passed through layer 2
as there is no lower limit of the transaction amount in layer 2. Scammers can mint as many tokens and send as small amounts to users.
Step 3: Active Tokens
Those scam tokens are smart contracts. The bad thing about smart contracts is they can be harder to detect as routine transactions and broadcast on the blockchain like regular token transactions. The good thing is that a smart contract needs a destination to send to and commands for execution. Scammers want users to go through layer 2 swap to complete the transaction.
Why: layer 2 smart contracts can be challenging to distinguish between entice token transactions or swaps. Also, swap can create an unsuspected way to require swap fees and embed secret codes to control your wallet and send funds to programmed addresses.
Step 4: Requires Swap Fees
You will bring to an unknown and a new swap platform that requires you to spend a little bit of money to activate your funds.
Why: the swap platform will have embedded codes to transfer swap fees as payment to scammers’ wallet addresses and possible active send command to take your wallet funds away.
Step 5: Broadcast Error
Likely, your swap will broadcast as an error in the polygon network and your funds will be stuck because the smart contract cannot be executed entirely in the network due to insufficient gas fees.
Why: those swap fees will directly be programmed to send into scammers' wallets, and no transactions will be completed on the blockchain without sufficient funds. You got scammed!
What To Do
Since those fake tokens were smart contracts, they were required to be active. The best way is DO NOTHING to those tokens. Ignore them completely. Don’t send or swap or trade. Some wallets like Metamask can delete the token list. Coinbase wallet will not detect tokens value but only show the amount. If the wallet mistakenly showed the wrong amount. Tried to reach out to their services and ask for help. However, because the tokens were so new and they were smart contracts. It is unlikely the wallet service can do anything about it at this point.
How To Avoid Scam Tokens
Check Blockchain Token Contract
Go to Etherscan or alike to check the token contract. There is a lot of information that can spot a scam token.
Step 1: Check Holders and Transfers
Check how many transactions are within the network, the closer the transfers to holders, the likely people are not active in the network due to the token unavailable in many exchanges.
Step 2: Check Transfers Tap
Check transaction hash and particular in age. See if any transactions are in and out but no single out direction. Also, try to see the last page and check age. It seems there is only outflow to each account with the same quantity of 800K for each transaction which raises a huge flag.
Step 3: Check Holders Tap
Check how many people hold tokens. The scam token is very concentrated in single or few users. It will immediately raise a red flag.
Step 4: Check Contract Tap
The legit project will reveal contract code while scams will not. No information on the contract will raise questions on the credibility and authenticity of the token.
Step 5: Check Analytics Tap
If there is only send transaction but not receive transaction, it is likely a scam.
Step 6: Check Comments Tap
Other users may share information about this token and let people know if that is a scam token.
In Conclusion
Crypto scams have become more sophisticated than ever. Always double-check anything suspicious and unknown to you. Ask around and seek help because click and send funds. Once you send, there is no way the transaction can be reversed.