Beware of Dogecoin Scams! Stolen before doubling, cybersecurity experts warn of security issues on Dogecoin websites
Twitter account @roffet_eth stated on Twitter: "Many ERC-20 tokens with honeypot traps are flooding the trending lists on websites like GMGN, despite being labeled as safe." Honeypot trap is a term used in computer science and is typically used in blockchain to lure victims with seemingly valuable tokens, then exploit flaws in smart contracts to steal control of the account. The incident caught the attention of SlowMist founder, Yu Xian, who collaborated with cybersecurity team GoPlus Security to complete the feature detection of such honeypot schemes.
Table of Contents
Following Trends Leads to Falling into a Trap, Purchasing Shiba Inu Token Encounters Honey Pot, Account Permissions Stolen
Twitter user @roffet_eth mentioned a honey pot trap where a friend purchased Shiba Inu tokens on the Base chain, only to find that the tokens were immediately transferred out of the account after the purchase. Initially thought to be a phishing permit, changing to a different wallet still resulted in the same outcome, with more than one token facing this issue.
The three suspicious Shiba Inu tokens identified below were even trending on the GMGN leaderboard at the time of his post.
Upon comparing the contract codes of these tokens, it was discovered that they were not ordinary ERC-20 tokens and contained some confusing issues.
From the stolen transaction records, it was found that the signature of the permit contained the wallet address that purchased the Shiba Inu tokens, indicating that it was not signed by the user. Upon further investigation, it was revealed that the smart contract contained malicious code that could forge the token holder's permit permissions. The hacker used assembly code to insert malicious URLs in this case.
Although such honey pot traps are not new, what makes this case unique is that these tokens appeared on trend lists like GMGN, commonly used for Shiba Inu tokens. Many Shiba Inu players select tokens from these lists, but the majority lack cybersecurity knowledge. Scams keep evolving, making it challenging for players to protect themselves.
Yu Xian Confirms Security Traps Exist, Issues Found on Other Websites
Founder Yu Xian of SlowMist confirmed the occurrence of such security traps and mentioned similar hidden traps on other Shiba Inu token websites like DEXTools and Dex Screener. While the security tools these websites use do not yet support detecting these vulnerabilities, using AI tools can still uncover them. Additionally, he mentioned that the security website GoPlus Security has updated its functionality to detect these types of vulnerabilities.
If encountering similar traps that GoPlus has not detected, users can contact the GoPlus official team or SlowMist for feedback.
Related
- US Homeland Security Deploys AI: Startup ZeroEyes Prevents Terrorist Attacks and School Shootings
- Cross-chain bridge protocol LI.FI hacked for $12 million, Parity: Same vulnerability exploited two years ago
- Inventory of Hacking Incidents in the First Half of 2024: Losses Amounted to $1.38 Billion, Doubled from the Same Period Last Year