Cybersecurity researchers are misusing the smart contracts features of certain blockchain platforms in order to steal money from users. In a report, security researchers from Checkpoint Research warned that cybercriminals are mis-configuring smart contracts on various platforms to float fraudulent crypto tokens that are designed to steal money. Smart contracts are basically algorithms defined on a blockchain, which govern the functioning of a crypto token.
Such scams, which are commonly called "rug pulls", are designed to trick users to spend money on a crypto project that will subsequently be abandoned. These projects include non-fungible tokens (NFTs), and other tokens, where users will spend money on the tokens, only for the scammers to withdraw that money and abandon the project altogether.
The researchers explained that some of these tokens can attach a 99% buy or sell fee, which is money that goes directly into the scammer’s account. On others, buyers realise only after buying the token that there is no way to sell it further, meaning that their money is effectively lost.
Further, the report also said that such scams could be created by using completely new smart contract systems, but may also be using existing scams where the token names have been modified.
Tokens like these are usually “hyped through social media”, on platforms such as Twitter, Discord, Telegram and more, which ends up inflating their values. The scammers do so without revealing their own identities and taking advantage of the fact that crypto transactions usually have a degree of anonymity attached to them. Once people have spent money on these tokens, the scammers delete their social media channels and withdraw the money from the attached crypto wallets.
Crypto rug pulls have become quite common over the past year too, and experts have often pointed out that trading on established platforms doesn’t protect users from them either. For instance, earlier this month, the developers of an NFT project called Frosties disappeared off the Internet after scamming $1.3 million from users. A study from blockchain tracking firm Chainalysis in December 2021 had also noted that the estimated value of rug pulls scams amounted to a whopping $2.8 billion.