Pages:
Author

Topic: Contract Addresses: The need to be more cautious (Read 272 times)

hero member
Activity: 2184
Merit: 513
Moonbet.io | Web3 Casino
This thing actually has been occuring since long time ago, even since uniswap was first popular then there are many fake contract address even one that's trying to impersonate the real address and right now things have gotten out of hand honestly. dex should just list the contract of tokens themselves, the users shouldn't input the contract address manually if they don't want their user get scammed.
hero member
Activity: 2268
Merit: 588
You own the pen
When it comes to Binance Smart Chain, you will often receive fake tokens that don't have any usage or anything just to be there in your wallet perhaps hoping one day you will gonna lose your focus and mistook it as a real token from your wallets. Back then, it was just a few of them but right now, there are lots and as soon as you posted your BSC address on the internet for airdrops, expect lots of fake tokens on the way to get in your wallet and the best thing to do is to ignore them and maybe create another wallet that you don't share the public address with the people.
full member
Activity: 868
Merit: 202
This is the first case I have encountered and I am quite amazed by what these scammers are doing. They can create an address that is almost similar to the original address and that of course will fool people who carelessly look at the token address in their wallet and mistake it for the real one. So now it's important for us to be able to match the original address on CMC with the one in our wallet by means of CTRL+C and CTRL+V, if no match is found it is certain that it is a fake one
staff
Activity: 2436
Merit: 2347
Now, in the wave of AI hype, there are many different clones and all sorts of projects that parasitize on well-known projects. Even if the ticker is the same, even if the name of the project is the same, you should always pay attention to the network in which the smart contract is deployed. The most popular networks for scamming well-known projects, in my opinion, is BNB. Every day there appear thousands of dubious tokens, which have zero value.
legendary
Activity: 2268
Merit: 1655
To the Moon
...Scammers are improving they can now use a contract address that is very much similar to the real one, so awareness is very important you should check and double the details.
One moment of carelessness and you lose your coins.

I don't understand what is the danger to my wallet? The fact that a fake coin is on the balance of my wallet does not lead to a loss of balance. To lose the deposit, you must at least allow the withdrawal of coins from your wallet, and this cannot be done without your consent.
legendary
Activity: 1932
Merit: 1273
I will explain as follows, pay attention to the image below



Every transaction you agree to on the pancakeswap platform sells the token in question, then you see the transaction fee is very large and spends your money in the wallet you should ignore it, it will automatically buy the CHI GAStoken in the picture above and send it to the owner of the token, indirectly you share your money to them.


Cases like this are difficult to overcome ~

That is incorrect. The transaction does not sell any tokens, neither it also buying any tokens. Instead, it mints the CHI token from the users' token approval transaction.

Simply thing to overcome this gas "stealer" scam is to not approve unknown or shady tokens/smart contracts, and verifying any particular contract is the intended one. Kindly see the reffered link I have mentioned above for further information. You can also inspect any of the fake tokens transactions, it has nothing to do with PancakeSwap smart contract transactions/calls.


When users approve this token, their wallets will increase the gas limit based on the balance. Meanwhile, the token contract uses the user's gas to mint $CHI tokens. Once the contract accumulates a large number of $CHI tokens, the malicious token contract manager can obtain the gas compensation returned when the contract is destroyed by burning the CHI tokens.
hero member
Activity: 3038
Merit: 634
It may not be an address but it's a contract address so I think that it's still inside of this type of attack which is the address poisoning.

The contract does indeed use a vanity address as the smart contract address. But I don't understand what is their purpose to execute the scheme with the smart contract address, one plausible scenario is they expect the user to wrongly enter the intended smart contract token address, although I'm not sure how effective it is.
That's more likely the reason why they do that.

I guess everything that's related to attack means to fool the users and think that they're on the right contract address and this gives the benefit to the developer of it that has only one intention.

And that's to trick people, that's why those people that are into so much stuff in the altcoins market are the ones prone to this attack.

I have to dig deeper to see the scammer's reason, turns out they are not merely expecting a wrongly entered addres.

What they are doing is "stealing" a consumed gas fee from those who approve the contract. The approval transaction contains, gas limit increment and mints CHI tokens from the user's wallet. Thus the CHI token itself is sent to the scam contract address where after it accumulates large enough, the scammer can claim the users' consumed gas fee for a reimbursement.

This is wild, and I barely heard about this. For further reference, take a look at:

https://twitter.com/SlowMist_Team/status/1640614440294035456
https://www.reddit.com/r/ethereum/comments/128dift/scam_token_called_gpt/
Thank you.

I haven't thought that these scammers will even be interested in robbing fees since the majority of them are into the actuality of stealing the entire funds of their victims.

I understand now the tactic of it and those that are into pump and dump tokens are likely to be victimized by this scheme. Because they can do this when many of them are attracted to new tokens.
legendary
Activity: 2464
Merit: 1039
Bitcoin Trader
It's been a long time that this case has been on the BNB BSC network a lot of spam fake tokens sent to wallets randomly or actively transacting, they throw money for random sending fees to many active wallets, if you see receiving a lot of strange tokens in your wallet, never sell them on pancakeswap even though it has expensive and high value, "no free money" if you never take part in an airdrop event or anything but you get free tokens forget about it and ignore it. I will explain as follows, pay attention to the image below



Every transaction you agree to on the pancakeswap platform sells the token in question, then you see the transaction fee is very large and spends your money in the wallet you should ignore it, it will automatically buy the CHI GAStoken in the picture above and send it to the owner of the token, indirectly you share your money to them.


Cases like this are difficult to overcome because low fees will always be filled with spammers in contrast to blockchain which has expensive transaction networks so you will not find this on that network for example on the ETH network a few years ago many fake tokens then after transaction fees were expensive and went up then no more cases of counterfeit tokens, currently it only works on the BSC BNB network, so for anyone who sees a lot of strange tokens in your bnb bsc wallet, I can confirm it is a fake token.
legendary
Activity: 2492
Merit: 1145
Enterapp Pre-Sale Live - bit.ly/3UrMCWI
It may not be an address but it's a contract address so I think that it's still inside of this type of attack which is the address poisoning.

The contract does indeed use a vanity address as the smart contract address. But I don't understand what is their purpose to execute the scheme with the smart contract address, one plausible scenario is they expect the user to wrongly enter the intended smart contract token address, although I'm not sure how effective it is.
That's more likely the reason why they do that.

I guess everything that's related to attack means to fool the users and think that they're on the right contract address and this gives the benefit to the developer of it that has only one intention.

And that's to trick people, that's why those people that are into so much stuff in the altcoins market are the ones prone to this attack.

I have to dig deeper to see the scammer's reason, turns out they are not merely expecting a wrongly entered addres.

What they are doing is "stealing" a consumed gas fee from those who approve the contract. The approval transaction contains, gas limit increment and mints CHI tokens from the user's wallet. Thus the CHI token itself is sent to the scam contract address where after it accumulates large enough, the scammer can claim the users' consumed gas fee for a reimbursement.

This is wild, and I barely heard about this. For further reference, take a look at:

https://twitter.com/SlowMist_Team/status/1640614440294035456
https://www.reddit.com/r/ethereum/comments/128dift/scam_token_called_gpt/
Ohh wow, This is the first time of me seeing this kind of method that scammer use. Scammers are really doing clever moves just to scam people. I wonder if how many people think this kind of trick and someone did it as a scammer. As technology progresses, We can see that new scamming methods are born along with the improvement of technology. Most of them are just clever moves that even experienced ones won't noticed until they do a investigation against the method used. Be careful fellas! Especially on these new coins.
legendary
Activity: 1932
Merit: 1273
It may not be an address but it's a contract address so I think that it's still inside of this type of attack which is the address poisoning.

The contract does indeed use a vanity address as the smart contract address. But I don't understand what is their purpose to execute the scheme with the smart contract address, one plausible scenario is they expect the user to wrongly enter the intended smart contract token address, although I'm not sure how effective it is.
That's more likely the reason why they do that.

I guess everything that's related to attack means to fool the users and think that they're on the right contract address and this gives the benefit to the developer of it that has only one intention.

And that's to trick people, that's why those people that are into so much stuff in the altcoins market are the ones prone to this attack.

I have to dig deeper to see the scammer's reason, turns out they are not merely expecting a wrongly entered addres.

What they are doing is "stealing" a consumed gas fee from those who approve the contract. The approval transaction contains, gas limit increment and mints CHI tokens from the user's wallet. Thus the CHI token itself is sent to the scam contract address where after it accumulates large enough, the scammer can claim the users' consumed gas fee for a reimbursement.

This is wild, and I barely heard about this. For further reference, take a look at:

https://twitter.com/SlowMist_Team/status/1640614440294035456
https://www.reddit.com/r/ethereum/comments/128dift/scam_token_called_gpt/
hero member
Activity: 2296
Merit: 506
Cryptocasino.com
Is both contract address listed on Coinmarketcap? I wonder if CMC did a cross checking on this one before making it available in the public, this is also why I always ask the developer for the real address details to avoid problems. Be careful, there’s also a lot of fake tokens on many wallet which scammers are sending it to fool the owner of that wallet because if you do transactions with those fake tokens, your wallet will surely be in trouble.
of course the other address which is scam not gonna listed in CMC since listing in CMC also require verification, they've always been carefully selected one by one.
but the other smart contract are taking advantage of the resemblance and scams people using something like uniswap.
legendary
Activity: 3122
Merit: 1102
Leading Crypto Sports Betting & Casino Platform
Is both contract address listed on Coinmarketcap? I wonder if CMC did a cross checking on this one before making it available in the public, this is also why I always ask the developer for the real address details to avoid problems. Be careful, there’s also a lot of fake tokens on many wallet which scammers are sending it to fool the owner of that wallet because if you do transactions with those fake tokens, your wallet will surely be in trouble.

this scenario has been the practice of scammers ever since. pancakeswap, and other DEXs, they are prone to listing fake tokens. and that is true, it is your responsibility to check the legit contract addy, otherwise, you will get rekt.
this is why the devs are providing their contract address upon listing on exchanges. if you won't verify, then that's your fault.
sr. member
Activity: 2422
Merit: 357
Is both contract address listed on Coinmarketcap? I wonder if CMC did a cross checking on this one before making it available in the public, this is also why I always ask the developer for the real address details to avoid problems. Be careful, there’s also a lot of fake tokens on many wallet which scammers are sending it to fool the owner of that wallet because if you do transactions with those fake tokens, your wallet will surely be in trouble.
fvb
member
Activity: 1470
Merit: 13
Yes, the resemblance is indeed very similar. But personally, I always check such moments on sites specially created for this. I also try not to be lazy and put contracts for comparison one under the other and thus you can immediately see the difference. Even if it differs by one number or letter
legendary
Activity: 3276
Merit: 3537
Nec Recisa Recedit
The contract address is really similar and could easily mislead ... literally anyone!
Well a free-token in a wallet it's always some "suspicious" at least to me Tongue

This is really an interesting report and thanks for sharing it. Yes is not a new one tactic for scam, but is not common.

I suggest OP to post a report in Scam Accusation board, other people could become aware of it https://bitcointalk.org/index.php?board=83.0
hero member
Activity: 2170
Merit: 575
This is an old tactic, is not really a new one. People do this because there is actually money to be made from this, if you check some of the bigger ones of this attack, there are people who got away with millions of dollars from this. Which is why its such an important thing, it really does make it a lot more worse for many people. Hence, the best thing in this case would be making sure that we end up with a proper security of our own. Your mind is your own best security, obviously tools and software and better protected websites are all great, but when it comes down to security, your mind is the best one. How? Because if you end up protecting yourself from these silly attacks and fakes, then you would be able to do a lot better. Most people just rely on tools for that, and that is why they end up losing a lot of money as well. I don't, I know all the latest scams and hacks, so I try to stay away from them all.
hero member
Activity: 3038
Merit: 634
It may not be an address but it's a contract address so I think that it's still inside of this type of attack which is the address poisoning.

The contract does indeed use a vanity address as the smart contract address. But I don't understand what is their purpose to execute the scheme with the smart contract address, one plausible scenario is they expect the user to wrongly enter the intended smart contract token address, although I'm not sure how effective it is.
That's more likely the reason why they do that.

I guess everything that's related to attack means to fool the users and think that they're on the right contract address and this gives the benefit to the developer of it that has only one intention.

And that's to trick people, that's why those people that are into so much stuff in the altcoins market are the ones prone to this attack.
jr. member
Activity: 164
Merit: 2

Also, you have to check the transaction history of the token. Because anyone can create a fake token and list it in Coinmartketcap or Coingecko.

there may be filtering and regulations when listing the coin in those sites. So how did they launch fake coins and scamming people on that trusted reputed sites?
 
full member
Activity: 944
Merit: 101
PredX - AI-Powered Prediction Market
This sounds quite new to me as this is also my first time hearing about contracts being quite similar, I don't understand how they are about them. However, it is not too much of a concern for me, as I have a habit of always checking everything before proceeding to accept a transaction, but it should also be warned to many people because if it is just a glance, many people will also it's the same address.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
I didn't know that that was the strategy now. The scammers are adapting and making sure that they catch some unknowledgeable people that can fall into the trap that they have set.

I'm curious as to how they did it to be that similar. Isn't it something hard to do?
Pages:
Jump to: