Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users.
The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News.
Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement. They allow trusted transactions and agreements to be carried out between anonymous parties without the need for a central authority.
By examining the Solidity source code used for implementing smart contracts, the Israeli cybersecurity company found instances of hidden and hardcoded fees that can’t be changed, while allowing malicious actors to exert control over “who is allowed to sell.”
In another instance, a legitimate contract called Levyathan was hacked after its developers inadvertently uploaded the wallet’s private key to their GitHub repository, enabling the exploiter to mint an infinite number of tokens and steal funds from the contract in July 2021.
A rug pull is a type of scam that happens when the creators cash out out the investors’ money and abandon the project after a huge amount is allocated to what appears to be a legitimate crypto project.
Lastly, poor access controls put in place by the maintainers of the Zenon Network allowed an attacker to abuse the unprotected burn function within the smart contract to ramp up the price of the coin and drain funds to the tune of $814,570 in November 2021. Read more:https://bit.ly/33INOPh