DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Cover image for Top Web3 Scams and How They Work
Scofield Idehen for Hackmamba

Posted on • Updated on • Originally published at hackmamba.io

Top Web3 Scams and How They Work

This post was originally posted on Hackmamba

Web3 is said to be the future of the web. Everyone is talking about a decentralized web and how it is revolutionizing the world. While many call this a breath of fresh air, hackers and scammers jump on it to dupe people of hard-earned funds.

This article will break down some of the most popular scams, help you figure out how they work, and how to protect yourself from them.

To follow this article, you must know the following.

  • Little knowledge of cryptocurrency

  • Basic knowledge of solidity

  • Remix IDE

Pancakeswap is a decentralized crypto exchange that works on the Binance Smart Chain BSC for swapping BEP-20 tokens. It also allows you to swap, stake, lend and yield farm on its dApp platform.

To learn more about Pancakeswap, read the documentation.

The scam

An unsuspecting social user is informed primarily on YouTube or social media that he can purchase and sell liquidity gaps on Pancakeswap.

Liquidity gaps mean that an asset can be quickly and easily bought or sold without affecting its price.

The scammer tells the user he does not need to be an expert or know much about smart contracts, and the scammer sends a link to get the contract to deploy.

See the sample scam code block here.

When you review the code block, notice that the router contract link is different from what the contract tells us.

The contract


constructor(
            string memory _tokenName,
            string memory _tokenSymbol,
            uint256 _loanAmount
        ) public {
            tokenName = _tokenName;
            tokenSymbol = _tokenSymbol;
            flashLoanAmount = _loanAmount;
            router = new RouterV2();
        }

Enter fullscreen mode Exit fullscreen mode

Notice line 9 says

router = new routerV2();
Enter fullscreen mode Exit fullscreen mode

Remember, this is a constructor function that must run before any other function in the contract.

Before the contract executes, the router function is called.

Image description

https://gateway.pinata.cloud/ipfs/QmNejWi3tLQ4B6CbFr15LZU69rttBKitjQeR1pKgBSrcyn

Copy the URL from the router to your browser, and you will see another contract, but this time the contract is different from the first contract.

Remember it imports the router

V2 function
Enter fullscreen mode Exit fullscreen mode

into the first contract which runs this contract.

 contract RouterV2 {
        function pancakeRouterV2Address() public pure returns (address) {
            return 0x05fF2B0DB69458A0750badebc4f9e13aDd608C7F;
        }

        function compareStrings(string memory a, string memory b)
            public pure
            returns (bool)
        {
            return (keccak256(abi.encodePacked((a))) ==
                keccak256(abi.encodePacked((b))));
        }

        function pancakeSwapAddress() public pure returns (address) {
            return 0x65163Fd9FEac0a9B52862bC1a0e32Cd6656597f2;

        }
Enter fullscreen mode Exit fullscreen mode

Notice the difference between the two contract, check the address on block explorer and this comes up.

Image description

This account receives ETH from unsuspecting users who run the code and send their funds hoping to get a swap or loan.

Here is one of such scam video on Youtube.

FLIP-COIN Scam

Flip coin is a scam that came out from the old fraud of flipping cash. Unsuspecting victims send some amount of coin, and the victim is informed to wait as the coin is doubled.

The victim waits for the doubled coin and soon realizes they just lost their funds.

Scammers used the flip coin scam in the Twitter hack scandal in 2020. Jeff Bezos, Elon Musk, Apple, Uber, Barack Obama, and Joe Biden accounts were some of the prominent accounts hackers used.

Image description

Image description

Crypto is decentralized, and it is nearly impossible to track anyone on the blockchain network. No one can reverse it. Do due diligence before making any cryptocurrency transaction, as it is non-refundable after a transaction is complete.

Over 2 million dollars was lost and never recovered till today.

Pump and Dump Scam

Crypto is not regulated; many people take advantage of crypto and many still consider it a wild west endeavor. Most Governments are still not fully invested or interested in a decentralized funding system like web3.

Influencers and inside traders buy a digital currency that is just getting into the Blockchain at a low price. They hype the coin through social media, creating a rise and demand for the coin for some time. While the unsuspecting public buys the new coin, the insider begins to dump the coin at a high price, and a spike occurs, causing the coin to 'tank' or loses value.

The insider makes a massive profit from offloading their coin when it is at its peak, making more money, while the unsuspecting buyers lose their funds when the price crashes.

How to protect Yourself

  • Learn to read documentation: Learning more about a coin before buying it is very important to avoid buying coins without value.

  • When there is a constant push to buy a specific coin by some influencers, do not be too hasty, as many of them are pumping coins and would leave when the price is high enough.

  • Stick to coins that remain constant, do not buy without proper research and review.

  • Do not be greedy.

Phishing Scam

A phishing scam is where the scammer steals sensitive information from an unsuspecting user under false pretense.

It is a common scam, but you'll learn how to avoid it and how it works by reviewing and deconstructing it.

The majority of these scams begin from social media or random mail. It is majorly social media for crypto with the scammer giving airdrops or offering a fantastic ROI. You click on the link and, most times, are redirected to a site where the unsuspecting victim fills in their details.

You innocently fill or connect your wallet, and the scammer uses the information obtained from you to access and steal your funds.

How to protect yourself

  • Never connect your wallet to a third party without proper vetting.

  • Never give your private keys - (a variable in cryptography that is used with an algorithm to encrypt and decrypt data) to anyone, as this would mean providing access to your funds.

  • Keep your recovery phrase secret, as anyone who has your phrase, can quickly get access to your account.

  • Do a proper scan of the address you are dealing with on the following websites - Bitcoinabuse, ScamAlert

Conclusion

The article explains top scams and how they workβ€”it breaks down what to expect and the best practice to follow when in such a situation.

Resources

Hacks in web3
Twitter account hijacking
Scam Protection Techniques

Top comments (0)

Timeless DEV post...

How to write a kickass README

Arguably the single most important piece of documentation for any open source project is the README. A good README not only informs people what the project does and who it is for but also how they use and contribute to it.

If you write a README without sufficient explanation of what your project does or how people can use it then it pretty much defeats the purpose of being open source as other developers are less likely to engage with or contribute towards it.