Contract Addresses: The need to be more cautious - page 2.

@sriyan

member

Activity: 469

Merit: 13

Quote from: evichi on April 21, 2023, 05:01:58 PM

I saw a token in my wallet which I suspected could be a fake one. On visiting Coinmarketcap to check if the contract address on Coinmarketcap is the same as the one in my wallet, I noticed there was a difference. But that was not the problem, what bothered me most was the striking resemblance of the two contract addresses. There is some noticeable frightening resemblance:

Token Name: CryptoGPT
Blockchain: Binance Smart Chain

Original Contract Address (from Coinmarketcap: https://coinmarketcap.com/currencies/cryptogpt/): 0x153c0c947177e631e3dfc594ba28750d3a921fb5 https://bscscan.com/address/0x153c0c947177e631e3dfc594ba28750d3a921fb5

Fake Contract Address (Fake token sent to my wallet): 0x513C285CD76884acC377a63DC63A4e83D7D21fb5 https://bscscan.com/address/0x513c285cd76884acc377a63dc63a4e83d7d21fb5

On comparing the two: you notice the last five digits of the two addresses are the same. There is also some similarity on the four digits after the 0x at the beginning of the addresses. Also there is a ‘77’ somewhere between the addresses. The striking resemblance marvelled me and I decided to share this experience to alert both newbies and experienced. Interacting with a malicious token may lead to loss of tokens in your wallet. Please share your comments. Perhaps some of you already have such experience?

Also, you have to check the transaction history of the token. Because anyone can create a fake token and list it in Coinmartketcap or Coingecko.

Similificator

sr. member

Activity: 882

Merit: 403

It is quite alarming to see how hard working these scammers are in finding new ways just to scam others when they can just put these efforts in other things and be more productive earning in the right way. If you think about it, isn't it such a waste of knowledge and talent?

Anyway, I never knew that you can now generate addresses that are similar to other addresses. I used to think that addresses being generated per wallet are completely random. And depending on how the contract was coded/created, this may be just a prank and also a study to record data on how effective it would be to use as phishing and stealing crypto online. Anyway, seems like the crypto people now has to be more careful and give extra effort when sending funds from one wallet to another.

adaseb

legendary

Activity: 3808

Merit: 1723

This seems similar to an address poisoning however why would you do a phish smart contract exactly ? What would you get out of it? From what I understand you can’t withdraw from a smart contract so what is the point exactly?

With regular addresses they are hoping you only look at the first few and last few characters and copy and paste the wrong address and send to them. However no idea why they would use a smart contract address.

hd49728

legendary

Activity: 2044

Merit: 1018

Not your keys, not your coins!

Quote from: evichi on April 21, 2023, 05:01:58 PM

Original Contract Address (from Coinmarketcap: https://coinmarketcap.com/currencies/cryptogpt/): 0x153c0c947177e631e3dfc594ba28750d3a921fb5 https://bscscan.com/address/0x153c0c947177e631e3dfc594ba28750d3a921fb5

Fake Contract Address (Fake token sent to my wallet): 0x513C285CD76884acC377a63DC63A4e83D7D21fb5 https://bscscan.com/address/0x513c285cd76884acc377a63dc63a4e83d7d21fb5

On comparing the two: you notice the last five digits of the two addresses are the same. There is also some similarity on the four digits after the 0x at the beginning of the addresses. Also there is a ‘77’ somewhere between the addresses. The striking resemblance marvelled me and I decided to share this experience to alert both newbies and experienced. Interacting with a malicious token may lead to loss of tokens in your wallet. Please share your comments. Perhaps some of you already have such experience?

It is your money and if you are lazy and can not spend few seconds to fully check a smart contract address, you are deserved to lose your money.

In addition, you can check those contract address with coinmarketcap, coingecko, dex screener, dextools, dex guru.
to see their trading volume and liquidity pool.

Faked token will have very low trading volume and low liquidity pool. That is easy to realize if you know those checking steps.

https://www.dextools.io/app/en
https://dex.guru/token
https://dexscreener.com/

vv181

legendary

Activity: 1932

Merit: 1273

Quote from: sunsilk on April 21, 2023, 11:58:28 PM

It may not be an address but it's a contract address so I think that it's still inside of this type of attack which is the address poisoning.

The contract does indeed use a vanity address as the smart contract address. But I don't understand what is their purpose to execute the scheme with the smart contract address, one plausible scenario is they expect the user to wrongly enter the intended smart contract token address, although I'm not sure how effective it is.

Quote from: WalkerIVIV on April 21, 2023, 05:48:57 PM

i've just heard about it just now, fake coins with their uncanny resemblance with the original contract address, i'd say nowadays, if i want to add token i'd just go to coinmarketcap and add it from there, since they provides button for it, more convenient and definitely hardly gonna be scammed by these fake coins.

I'd expect there might be also a clone/similar token name on CMC that might deceive the user. Verifying the smart contract address besides only from one source, CMC, should be also a priority.

sunsilk

hero member

Activity: 3038

Merit: 634

It may not be an address but it's a contract address so I think that it's still inside of this type of attack which is the address poisoning.

Thread: What are Address Poisoning Scams?

That thread is giving the description of it and everything related to it. Just as the example you've said that the first and last texts/letters are the same but in the middle, it's totally different.

bitkanu

hero member

Activity: 2184

Merit: 513

Moonbet.io | Web3 Casino

this is why rechecking the address is always essential, it's just ridiculous how these scammers have quite literally created so many fake token smart contract address that actually we've lost count, considering the fact that now the address almost identical, I think its time for the swap platform taking care of their platform by adding further massive verification of the verified token into their swap platform, maybe even pulling data from cmc and coingecko.

noorman0

hero member

Activity: 1778

Merit: 709

[Nope]No hype delivers more than hope

Haven't looked into how this is done, it looks like scammers are slowly finding more sophisticated ways to generate nearly identical addresses.
However, one should be more careful dealing with altcoin projects because scammers are increasing their ability to trap users.

WalkerIVIV

hero member

Activity: 2436

Merit: 503

Cryptocasino.com

i've just heard about it just now, fake coins with their uncanny resemblance with the original contract address, i'd say nowadays, if i want to add token i'd just go to coinmarketcap and add it from there, since they provides button for it, more convenient and definitely hardly gonna be scammed by these fake coins.

Oceat

sr. member

Activity: 2506

Merit: 368

This is new to me though I haven't been trading altcoins but seeing this was helpful to all of us. And also we should be very cautious and careful to check every numbers and letters of the address before doing anything or just triple check everything if you aren't satisfied but just don't be too quick to send.

Thanks for this newbies should be aware of this in the first place since scammers are doing everything they can to make advantage or steal our coins. It may not be just in the altcoins but it's mostly likely existing to BTC address too.

coin-investor

hero member

Activity: 2996

Merit: 598

Leading Crypto Sports Betting & Casino Platform

I am fully aware of that and I also received a lot of fake coins trying to resemble a real one, so to keep yourself safe from this check the official site to get the contract address or from the market aggregator if you're going to trade in a Decentralized Exchange.

These are spam tokens created as a trap if you're careless about how you transact.
Scammers are improving they can now use a contract address that is very much similar to the real one, so awareness is very important you should check and double the details.
One moment of carelessness and you lose your coins.

evichi

jr. member

Activity: 1330

Merit: 7

I saw a token in my wallet which I suspected could be a fake one. On visiting Coinmarketcap to check if the contract address on Coinmarketcap is the same as the one in my wallet, I noticed there was a difference. But that was not the problem, what bothered me most was the striking resemblance of the two contract addresses. There is some noticeable frightening resemblance:

Token Name: CryptoGPT
Blockchain: Binance Smart Chain

Original Contract Address (from Coinmarketcap: https://coinmarketcap.com/currencies/cryptogpt/): 0x153c0c947177e631e3dfc594ba28750d3a921fb5 https://bscscan.com/address/0x153c0c947177e631e3dfc594ba28750d3a921fb5

Fake Contract Address (Fake token sent to my wallet): 0x513C285CD76884acC377a63DC63A4e83D7D21fb5 https://bscscan.com/address/0x513c285cd76884acc377a63dc63a4e83d7d21fb5

On comparing the two: you notice the last five digits of the two addresses are the same. There is also some similarity on the four digits after the 0x at the beginning of the addresses. Also there is a ‘77’ somewhere between the addresses. The striking resemblance marvelled me and I decided to share this experience to alert both newbies and experienced. Interacting with a malicious token may lead to loss of tokens in your wallet. Please share your comments. Perhaps some of you already have such experience?

Topic: Contract Addresses: The need to be more cautious - page 2. (Read 262 times)