Understanding Spoof Tokens and How to Avoid Being Coaxed


0
Read time: Five minutes

Asset safety and security make a big difference in how much money users get from their investments. So here’s a security blog to keep you up-to-date and aware of Web3.

Cryptocurrencies are known for their high volatility. It shows how much the price of an asset influences investment decisions. There are pitfalls for hackers to manipulate prices and trick users into making a profit.

Any die-hard crypto investor has faced situations where crypto token prices have been manipulated to create illusions of pessimism and optimism. This will encourage users to buy them and later find them falling in love. impersonation.

so what is impersonationHow to identify them and be careful not to lose money in the air? This blog covers it all.?

“Spoofing” – in a nutshell

The widely anticipated token with so much hype waiting for users to buy has finally launched with the same symbol and official logo. And with great excitement, users want to buy them.

But how will users be convinced of the token’s authenticity and proceed to purchase in bulk?

User discovers in Block Explorer that the address associated with the token transfer is an influencer/celebrity.

Here, the hacker manipulates the token’s From address to make it look like it’s linked to a well-known influencer’s address. Seeing this, users trade those tokens lovingly, believing that they are the original ones.

Behind the scenes – how did the hackers do this?

You can easily change the transfer data of the smart contract. Therefore, an attacker can take advantage of this by changing the From address to something else despite being the initiator of the transaction.

To make spoofed token transfers more clear, let’s look at token transfers on Etherscan.

Now you can see that Vitalik’s address 0xab5801a7d398351b8be11c439e05c5b3259aec9b received the zkSync token.

Tokens can be transferred to Vitalik’s address by anyone, but this is not a big deal.

But now you can see that Vitalik is sending the token. This therefore makes users think that these tokens sent by Vitalik are real jackpots.

But it’s not. Find out what lies ahead!

Vitalik did not initiate the transfer, but the owner of the contract that initiated the transaction made it look like it was sent by Vitalik. This is where Block Explorer is spoofed to show manipulated transactions, as Block Explorer can only read events.

This can be found by examining the details of the transaction. This clearly shows that the initiator address (0x46e7cefdfa7513d19261d1afa7ec04c13e7acefc) manipulated and proceeded with the transaction as done by Vitalik.

If you look closely, you can see that Vitalik’s address is entered in the input data. This can also be hard-coded in the contract.

Additionally, decompiling, you can find non-standard transfer functions that take inputs From address Start a transfer event. This is where the contract owner entered her Vitalik address to make it look like she was making a transfer.

Token transfer accident

Here’s how a user could mistake the From address for the transaction initiator’s address.of impersonation The trick works by leveraging ERC-20 token design standards and Block Explorer’s transparent data display to successfully attack users.

The ERC-20 standard transfer and transferFrom functions make it easy to add any address as a token sender and have the From address changed from the contract initiator address.

Block explorers such as Etherscan show the From address instead of the tx initiator address, so users bag valueless tokens.

Are there any recent events of spoofed token spam?

The recent announcement of a Ukrainian “airdrop” to reward cryptocurrency donations by users was posted on their Twitter handle.

sauce: Ukraine / Україна on Twitter: “Airdrop confirmed. Snapshot will be taken tomorrow March 3 at 6pm Kyiv time (UTC/GMT +2 hours). Follow rewards! at @FedorovMykhailo Follow the subsequent news about Ukraine’s crypto donation campaign”/Twitter

Soon after, Ethereum block explorer Etherscan revealed an official Ukrainian wallet holding 7 billion “Peaceful World” tokens for a secret cryptocurrency airdrop.

There was also activity sending tokens from official Ukrainian wallets to crypto wallet addresses donated to Ukrainian funds.

However, after the first post from the authorities, there were no official airdrop event details (such as token types and number of tokens to be issued).

Blockchain analysts then confirmed that the World at Peace (WORLD) tokens could be spoofs, and Etherscan tagged them as “misleading” and marked them as spam.

This instance shows how Ukrainian wallet addresses are being used to initiate fake airdrops– Token instance impersonation.

How to avoid buying spoofed tokens?

The best thing to do is dig into the details of the transaction and see if the From address and the token transfer initiator address are the same.

While not all token transfers initiated from various addresses are necessarily spoofs, EtherScan’s “Token Ignore List” feature, which lists suspicious tokens in this category, allows users to stay vigilant and You can pay attention to the tokens you exchange.

QuillAudit for Web3 Security

quill audit is a leading security company that protects established and growing ventures by providing smart contract audits and due diligence services to stay vigilant against web3 hacks.

Get a free consultation with an expert in less than 10 minutes.

https://t.me/quillaudits_official

269 view


Like it? Share with your friends!

0
Conor the Tech Veteran
He previously spent 6 years publishing research on tech stocks, and believes in using a combination of fundamental, technical, and quantitative analysis. Prior to a career in tech stocks journalism he was a technology and semiconductor analyst with a research team.

0 Comments

Your email address will not be published. Required fields are marked *