 | I'm going to try to introduce you to a type of scam that I think is resurfacing at the moment. I've seen it passed around quite a few times on social networks and even on Reddit. I am not an expert on the subject but I hope to enlighten some people and especially to prevent some novices from being scammed. Finally, I'm going to show you ONE way this scam works, although you can imagine that there are many creative alternatives. This crypto scam promises to make you several hundred dollars a day with a Solidity bot that uses the front running principle. First of all, what are we talking about?I will answer this question quite simply with an explanation found on the Certik website (sources below):
But then how can such a "complicated" concept for a novice become so appealing?It all starts with YouTube videos and a lot of comments under them. The videos are often short and very instructive, the victim is even reassured by "checking" the smart contract and the addresses present in it: After a first quick look, we return our variables with the correctly associated wETH token (https://etherscan.io/token/0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2). The repositories to Uniswap are also original addresses. As for the formulas for the front-running part, it is very complex but it seems coherent. The actor then directs viewers to go to Remix, which is a genuine tool used for testing and deploying smart contracts. Viewers are told to connect their Metamask wallet to Remix. So, as in the video, you will create a "bot.sol" file, then copy and paste the code into that file. In the end, you find absolutely nothing suspicious and decide to continue the experiment. So you compile your code as in the tutorial and there. Wonderful, everything seems to work fine. Finally, the last step, deploy the contract on the Ethereum blockchain. You click on the Deploy button. The window allowing to check the MetaMask transaction appears and you validate, everything seems correct, the fees are consistent, the action allows to create the smart contract, once again everything seems to be going well. Once again, you are rather cautious and as you do things right, you start by sending 0.01 ETH on the contract. A quick glance shows you that your Ether fragments are there and you decide to put a little more to test this bot in real conditions. Overview of transactions after depositing ETH on the contract Everything is going well, the blockchain confirms your deposits and that they went well. Now, there is only one thing left to do: launch the solidity bot. The big moment has arrived, and despite some doubts, you give in to temptation and click on the Start button which is holding out its arms to you. A new MetaMask transaction is displayed to give your approval, which you check once again, so that you have a clear conscience and don't miss anything. After a look at the blockchain contract, the bot seems to be on its way, but one thing catches your sharp eye. Curiously, the balance of the contract is now at 0. A few hours pass and finally the contract balance is still at 0. Since this doesn't work, it's time to get your ETH back. One click on the withdrawal button and a new MetaMask transaction appears. Again, you take all the necessary precautions before signing the transaction. A few moments later, the transaction is finally validated. Unfortunately, you don't get your money back and you have been scammed and will never see your ETH again. But what happened?First of all, it is very likely that the video you have just seen has been slightly modified. Secondly, you have probably used a version of Remix that is compromised. Indeed, here are various addresses with alternative versions of Remix whose aim is to scam you:
To save you searching, the official Remix address is: https://remix.ethereum.org/ Even if the interfaces look similar and everything works perfectly, it is perfectly possible to hijack the source code you submitted. For example, by simply changing the removal address that should be yours to that of a hacker. This type of manipulation is done with a simple line of code in JavaScript. Finally, the code uses complex functions that use the mempool with bytes as well as numbers that are incomprehensible to a novice (or to most people actually). These complex functions will simply generate the address of the hacker or a new function that will step into the process to make a withdrawal : Generating an address using functions As you can see, using source code that you do not master can cause great damage. You should not trust the names of variables, functions and even comments. It is easy to misuse code by making it look like it does one thing when in fact it does another. ConclusionNever run any code that you donβt fully understand or trust. It only takes one line of code to convert a seemingly innocent contract into a malicious one. The golden rule of scamming applies here: if it seems too good to be true, it probably is. Be wary of any trading strategies or techniques that promise outsized returns, and don't execute any code unless you know exactly what you're doing. Your wallet will thank you. Sources (or for more information):https://aucoindubloc.com/arnaque-crypto-bot-front-run-solidity/ https://www.certik.com/resources/blog/4vyzhUfARnkBQZkkx2eGeb-front-running-scams https://coinsbench.com/beware-of-this-resurfaced-nasty-crypto-scam-6a8d69b61adf https://medium.com/illumination/dont-be-fooled-by-this-crypto-scam-ac12606f2c40 Edit : It was this article that just appeared on Medium that made me want to do this post. This is obviously a scam, so beware: [link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments