A group of fraudsters has managed to deceive over 42,000 victims, accumulating a staggering $32 million in a series of crypto scams that began in April 2023.
What makes this scam unique is the use of a method that even fooled some of the industry’s renowned “rug pull detectors,” as revealed by blockchain security firm Blockfence.
Typically, these scammers create tokens that impersonate upcoming crypto projects, capitalizing on the fear of missing out (FOMO) to entice unsuspecting investors.
Pablo Sabbatella, Blockfence’s head of security research, noted that they then manipulate the maximum token supply through minting and burning, alongside a code bait-and-switch tactic to effectively deceive victims while eluding rug pull detectors.
Sabbatella explained that the scammers initiated the process by transferring approximately 10-20 Ethereum (ETH) to an externally owned account, which they then used to generate counterfeit tokens.
Injecting fake liquidity into the scam project, they created the illusion of legitimate volume in liquidity pools on Ethereum-based decentralized exchanges like Uniswap.
Scammers Implemented Lock Function to Further Deceive Investors
To further deceive investors, the scammers implemented a lock() function on the LP tokens, giving the impression that rug pulling would be prevented.
Once the price of the fake token was artificially inflated through wash trading, the scammer executed the setUserBalance function.
This action updated the victim’s token balance to “1” and technically burned the token, making it impossible to sell.
However, the token remained visible in the victim’s wallet, adding to the deception.
Sabbatella elaborated, stating that the scammer would eventually remove the liquidity from the LP, causing the token’s value to plummet close to zero.
Curiously, the scammers returned 5-20 ETH from each scam to avoid drawing excessive attention.
Another aspect of the scammers’ technique involved the contract owner and creator renouncing ownership of the token contract, which could bypass certain detector tools.
Sabbatella noted that victims purchasing the token were misled, as even some rug pull detectors failed to identify and label the token as unsafe.
According to Blockfence’s findings, they have observed around 1,300 separate incidents of rug pulls on Ethereum following the same pattern.
Sabbatella highlighted a specific incident where a scammer created a “Blockfence token” using these sophisticated techniques, resulting in the scammer absconding with 23.6 ETH valued at $53,000.
Crypto Scams Exploit Meme Coin Mania to Launch Fake Tokens
The scammers also impersonated other tokens such as Wisealth, RabbitRun, DreamFi, capitalizing on the popularity of meme coins.
Tokens with similar names like AIPEPE, Purple Pepe, Pepe Chain, Pepe Race, and Baby Pepe were created to exploit the memecoin trend.
Despite losing around $2 billion to crypto thefts, 2023 saw a slight decline in hacking incidents targeting the cryptocurrency industry.
According to a recent report from De.FI, a prominent web3 security firm known for its REKT database, hackers managed to pilfer $2 billion in digital assets throughout the year.
While that amount is still alarming, it marks the first decrease in crypto hacking incidents since 2021.