submitted by /u/darwinlovestrees
I have been humbled. I used to think I would never fall for a scam in crypto. Most scams are super easy to spot and avoid: "Don't give anyone your seed phrase or private keys, don't respond to "hot crypto chicks" in your DMs", etc. Most of you know -- or should know -- all of these basics already.
Well, there's another type of scam that's maybe not so obvious to intermediate crypto users, and I have fallen victim to it, losing the majority of my ETH in the process. Allow me to share my story in the hopes that this doesn't happen to any of you.
Edit: Many of you are giving me the gears in the comments, and probably rightly so. I made a dumb mistake. Just hoping to share my dumb mistake so others can avoid it. ????♀️
YouTube is rife with videos like this: https://www.youtube.com/watch?v=WVLyGVJfuXQ (WARNING: THIS VIDEO IS A SCAM. DO NOT FOLLOW THE PROCEDURES SHOWN IN THIS VIDEO). I wouldn't be surprised if that link is broken for you by the time you read this, as these types of videos are uploaded and taken down on a near-daily basis. Just in case it is, here's a screenshot:
Almost all of the comments are positive and the uploader even responds to queries for assistance:
These videos are everywhere, and they're all basically the exact same. The one I linked isn't the one I fell for (that one has been removed), but it's nearly identical. Like, the guy in this new one even says all of the exact same lines word-for-word as the original, but it's clearly a different guy... As if reading off a script that they both had. Weird.
Anyway, here's what the scammer says you can do:
On Ethereum (and on other smart blockchains; BNB is another popular one), you can upload your own custom smart contracts to run on the blockchain, and one such contract is supposedly what's called a front-running bot. Front-running itself is a real thing, and some people actually do it legitimately, but I suspect those people keep their methods close to the chest, rather than give it away for free. Front-running essentially uses a decentralized exchange (Uniswap in this case, oftentimes Pancakeswap on BNB) to sniff out pending transactions and offer a very slightly higher gas fee in order to "snipe" that transaction, then quickly turn around and reverse the transaction back to the original "victim" (another random user of Uniswap), making a profit in the process. The bot can then run passively for as long as you want and stack profits for you while you sleep. It's not illegal in crypto, but other forms of front-running are illegal in real-world fiat finance.
(Don't get your hopes up. Unless you're a proficient coder with a lot of time on your hands, you probably won't actually be able to pull this off. In fact, one of the biggest red flags that I learned too late, is that a front-running bot can't really be run off of just a smart contract on the blockchain alone. It needs an actual software component, running continually on your computer.)
Back to the scam artist. They give you step-by-step instructions on how to connect your metamask wallet to the Ethereum Remix IDE, which is a legitimate web3 website lots of people use to create smart contracts on the blockchain. It's actually a great resource for developers and is quite user-friendly. However, another red flag that I did not catch, is that the scammer does not direct you to the ONLY OFFICIAL Ethereum Remix IDE website (remix.ethereum.org), but instead directs you to some cloned version of the website with a URL like remixethereumcompiler.io. (WARNING: SCAM WEBSITE. DO NOT CONNECT YOUR WALLET TO THIS SITE. Feel free to check out how close they look, though.) I believe the reason for that is because you'll notice the front page of remix.ethereum.org has a warning in red text cautioning users against this very type of scam... *sigh*
The scammer will give you a long piece of code written in Solidity to copy-paste into Remix in order to create your smart contract, usually via pastebin. (WARNING: SCAM CODE. DO NOT COPY-PASTE. FOR INFORMATION PURPOSES ONLY.) This should've been my third red flag. NEVER EVER EVER just blindly trust a smart contract or any other piece of code that you do not understand. Case in point: me, who can barely understand my own native language, let alone a coding language like Solidity.
It's super easy to copy-paste the code, change some settings and deploy the contract in Remix using your connected metamask wallet, paying a little in gas fees... And all of these steps inspire confidence. But then we get to the money shot -- funding the contract. In order to "run the bot", it needs a balance of ETH to front-run transactions on Uniswap. The scammer recommends a balance of at least 0.5 - 1 ETH.
Now here's where these scams start to differ. Some of them, apparently, have smart contracts that are just a convoluted mechanism for transferring the ETH not to your new contract as intended, but to the scammer's wallet. This is a bit simplistic, and not what happened to me. I funded my contract address, and it seemed to work great. I checked the balance of my contract on Etherscan and it showed up properly immediately. This, of course, continued to inspire confidence.
I then "started" the "bot", and everything seemed hunky-dory. I even actually received 0.01 ETH from some random wallet after about 2 hours! (Well, the contract address did.) So I continued on. But then I started to read up on front-running and see if this was actually legit. (Shoot first, ask questions later? Not a great way to live your life.) And that's when I ran into a problem. I started sweating after reading about these scams and wanted to withdraw my money. The contract supposedly has a withdraw function which you can use anytime, it only costs a little gas. So I tried it, and I got an error message. And again, and again, and again. Error, error, error. No matter how high I set my gas fees.
I still have not been able to withdraw the ETH I sent to my contract address. It's just sitting there. It hasn't disappeared yet, but it is also effectively lost to me forever. As some of you know already, once you deploy a contract to the blockchain, it can't be changed. This is by design. So I can't just tweak the code (even if I knew how to write code) to make it withdrawable. And there is no other way for me to transfer that balance to any other wallet address. It is, for all intents and purposes, gone forever.
And what's worse, I can see it. I have my contract address bookmarked on Etherscan, and I can just see the balance sitting there. But I can't touch it. Goodbye, ETH. Maybe one day the scammer will flip a global killswitch somewhere and all of his victim's smart contracts will empty themselves out to his own wallet simultaneously. I'll just sadly watch from the sidelines if and when that happens.
Here is some more information on this scam which helped me understand it a little better.
I hope this helps even one person avoid getting suckered into this scam as I did. Be careful out there! Crypto is still in many ways a wild west.
If you'd like to see the address of my smart contract for your own curiosity, I might share in a DM but I won't post it here. And on the off chance that anyone experienced with smart contracts knows any way to get my ETH back, you can have half of it! (RIP my DMs, probably. But just know I'm much better at sniffing out scams now. I learned the hard way.)
You can get bonuses upto $200 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 Maiar - DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.