As reported by @ cat5749, a scam surfaced on December 31, 2021 to reward tokens of $ YEAR to ETH transactions based on the contents of their Metamask wallet.
Investors in a new cryptocurrency called $ YEAR have been the subject of a honeypot scam, as tweeted by @ cat5749. Essentially, a token maker was using a website called EtherWrapped which connected to a Metamask wallet. The individual or group of individuals awarded token rewards of $ YEAR to users based on their ETH transactions during the previous year.
Everything about Ethereum is managed through smart contracts that run on the Ethereum virtual machine. Smart contracts can be viewed freely using Etherscan. To create a new token, an entity needs to create a new smart contract in a decentralized application language called Solidity and deploy it to the Ethereum virtual machine. Initially, when the contract is downloaded, it is an “unverified” contract.
In the case of this scam, the smart contract was verified when members of the Ethereum community requested verification. By verification, the contract became public. This means that the smart contract code was open for review.
Hidden in plain sight
A more recent exploit is for malicious entities to create seemingly benign smart contracts, with traps hidden in plain sight. These are impervious to code inspections, as there is often no obvious sign that the owner of the smart contract wishes to engage in malicious activity. In the case of the $ YEAR token and the smart contract, a Twitter user named @ cat5749 et al. examined this smart contract for the apparent pitfalls in the code. They didn’t find anything suspicious. They fell on a function called “_burnMechanism” which would fail if contact was attempted with the contract owner. This did not raise any obvious red flags, but would prove instrumental in diagnosing how the attack happened.
Revoke ownership to crash a new part
The owner revoked ownership of the contract and made its new owner the decentralized exchange, UniSwap V2. This meant that only purchases could be made from UniSwap V2, but nothing could be sold to UniSwap V2. The owner of the smart contract would then become the sole seller, leading to an increase in the price of the $ YEAR token. As users saw the price increase, FOMO made them want to buy.
When a new token is created, the creator must develop a way for users to buy and sell the token. This sometimes means that the creator will place a valuable token such as ETH and their new token in an exchange pool. Purchasers of the new token will need to provide the valuable token to obtain the new token. What can happen is that the creator can withdraw their original value token as well as the new token. Due to the way automated market makers work, this will remove the value token more than the worthless token.
The creator then withdrew cash from UniSwap V2, including over 30 ETH, and crashed the new token, leaving investors very unhappy.
What do you think of this topic? Write to us and tell us!
All information on our website is posted in good faith and for general information purposes only. Any action that the reader takes with the information found on our website is strictly at his own risk.