Trusted

Airdrop Mania Sees Latest Airdrop Rug Pull on Buyers Through Smart Contract Exploit

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • Investors in a new token became victims of a rug-pull.
  • The exploit used a seemingly innocuous piece of smart contract code to prevent sale of the new token.
  • The creator of the token then took out liquidity, driving the price of the new coin down to zero.
  • promo

As reported by @cat5749, a scam surfaced on Dec. 31, 2021 to reward $YEAR tokens to ETH transactions based on the contents of their Metamask wallet.

Investors in a new cryptocurrency called $YEAR were the subject of a honeypot scam, as tweeted by @cat5749. Essentially a token creator used a website called EtherWrapped that connected to a Metamask wallet. The individual or group of individuals allotted $YEAR token rewards to users based on their ETH transactions throughout the previous year.

Everything on Ethereum is handled via smart contracts which run on the Ethereum Virtual Machine. Smart contracts can be freely viewed using Etherscan. To create a new token, an entity must create a new smart contract in a decentralized application language called Solidity and deploy it to the Ethereum Virtual Machine. Initially, when the contract is uploaded, it is an “unverified” contract.

In the case of this scam, the smart contract was verified when members of the Ethereum community clamored for verification. By verification, the contract became public. This means that the smart contract code was open to scrutiny.

Hidden in plain sight

A newer exploit is for malicious entities to create seemingly benign smart contracts, with traps hidden in plain sight. These are impervious to code inspections, as there are often no obvious signs that the smart contract owner wishes to engage in malicious activity. In the case of the $YEAR token and smart contract, a Twitter user named @cat5749 and others examined that smart contract for apparent traps in the code. They couldn’t find anything that looked suspicious. They came across a function called “_burnMechanism” which would fail if contact was attempted with the contract owner. This didn’t raise any obvious red flags, but would prove instrumental in diagnosing how the attack happened.

Revoking ownership to crash new coin

The owner revoked ownership of the contract, and made its new owner the decentralized exchange, UniSwap V2. This meant that only purchases could be made from UniSwap V2, but nothing could be sold to UniSwap V2. The smart contract owner would then become the only seller, causing the price of the $YEAR token to increase. As users saw the price increasing, FOMO made them want to buy.

When a new token is created, the creator must develop a way for users to buy and sell the token. This sometimes means that the creator will place a valuable token such as ETH and their new token in a trading pool. Buyers of the new token will need to supply the valuable token to get the new token. What can happen is that the creator can pull out his original valuable token plus the new token. Due to the way automated market makers work, this will remove more of the valuable token than the worthless token.

The creator then pulled out liquidity from UniSwap V2, including over 30 ETH, and caused the new token to crash, leaving some very disgruntled investors.

What do you think about this subject? Write to us and tell us!

Top crypto projects in the US | November 2024
Coinrule Coinrule Explore
Coinbase Coinbase Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinrule Coinrule Explore
Coinbase Coinbase Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C...
READ FULL BIO
Sponsored
Sponsored