Posted by: Guerrilla Insights Category: Blog Comments: 0

Hackers are using smart contract flaws to create harmful cryptocurrency tokens and steal money from unwary users.

Researchers from Check Point have released a report that reveals how token fraud in the wild includes hiding 99 percent fee functionalities and hiding backdoor routines.

To put it another way, smart contracts are computer programs stored on the blockchain that automatically run when certain circumstances are satisfied. They make it possible for anonymous parties to carry out trustworthy transactions and agreements without the involvement of a central authority.


GitHub’s automatic backups

It was discovered that bad actors might control “who is allowed to sell” by reviewing the Solidity source code used to construct smart contracts, according to an Israeli cybersecurity firm.


As an additional case study, in July of 2021, a legit crypto contract called Levyathan was compromised after its developers unwittingly posted the wallet’s private key to their GitHub repository.

Scammers use the term rug pull to describe a scam wherein the project is abandoned after a large number of funds are invested in what appears to be a reputable crypto project.


Last but not least, the Zenon Network’s maintainers put in place insufficient access controls, allowing an attacker to use the unprotected burn function in the smart contract to increase its value by $814,570 in November 2021.


Preventing Breach of Data

According to the research, cyberattack campaigns have been reported to use phishing methods based on baits involving upcoming (yet phony) crypto tokens in order to fool victims into paying for it with their own cryptocurrency.


It also offered a referral network for relatives and loved ones, which Akamai researcher Or Katz said was designed to keep the fraud alive and well. For this, the threat actors built a new, trustworthy channel via which current victims linked possible new victims to the danger actors.


An unresolved weakness in NFT marketplace OpenSea is being leveraged by unscrupulous individuals to buy valuable non-fungible tokens at a far lower price than their current market value and then sell them for a profit, according to blockchain security companies Elliptic and PeckShield.


As a result, crypto consumers will continue to fall into these traps and lose their money, says Check Point’s Oded Vanunu, head of products vulnerability research. Oded also stated that Scam coins can be avoided by diversifying wallets, ignoring advertisements and testing transactions.