Friday, March 31, 2023
  • Login
  • Register
btclive365.com
  • Home
  • Cryptocurrency News Today
  • Bitcoin (BTC)
  • Altcoins
  • Blockchain
  • Crypto Mining
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency
No Result
View All Result
  • Home
  • Cryptocurrency News Today
  • Bitcoin (BTC)
  • Altcoins
  • Blockchain
  • Crypto Mining
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency
No Result
View All Result
btclive365.com
No Result
View All Result
Home Defi

Understanding Spoof Tokens and How to Avoid Being Coaxed

btclive365 by btclive365
November 9, 2022
in Defi
0
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter


Read Time: 5 minutes

The safety and security of assets heavily make a difference in how much money the users make from their investments. And so here’s a security blog to stay aware and informed in Web3.

Cryptocurrencies are known for their volatility. That tells how much the asset’s price is influential in making investment decisions. There’s a catch for hackers to play with the prices and trick users for their gains. 

Anyone who is a die-hard crypto investor would have faced a situation wherein crypto token prices are manipulated to create an illusion of pessimism or optimism. This would prompt users to buy them and later find they have fallen for spoofing. 

So, what is spoofing? How to identify them and stay mindful to avoid seeing your money disappear in thin air? We shall have it all covered up in this blog. 

‘Spoofing’ – In A Nutshell

A widely anticipated token with so much hype that the user is awaiting to buy is finally launched, bearing the same symbol and official logo. And with great excitement, the user wants to buy them.

But how is the user convinced of the authenticity of the tokens and proceeds to make a bulk purchase of them? 

The user finds on the block explorer that the addresses associated with the token transfers are influencers/acclaimed personalities. 

Here’s where the hacker manipulated the From address of the token, making it look like it is linked to a well-known influencer’s address. Seeing this, the users fondly engage in trading those tokens believing them to be the original ones. 

Behind the scenes – How The Hacker Did This?

The transfer data in smart contracts can be easily modified. Therefore, by utilizing this, the attacker would change the From address to any other, though he/she is the one who initiates the transaction.

Let’s look at the token transfer in Etherscan for better clarity of spoof token transfers. 

In this you can see Vitalik’s address 0xab5801a7d398351b8be11c439e05c5b3259aec9b has received zkSync tokens. 

The tokens might be transferred from anyone to Vitalik’s address, which is no big deal. 

But, in this, you can see that Vitalik sends out the tokens. So, this would lure users into thinking these tokens sent by Vitalik would be a real jackpot. 

But that’s not true! Let’s find out what lies ahead!

Vitalik did not initiate the transfer, but the owner of the contract who initiated the transaction made it appear to have been sent by Vitalik. This is where the block explorer is spoofed to display the manipulated transaction, as the block explorer can only read events. 

This can be found by looking into the transaction details, which clearly shows the initiator address (0x46e7cefdfa7513d19261d1afa7ec04c13e7acefc) proceeded with the transaction manipulating it to have been done by Vitalik.  

On taking a closer look, you can find the input data is fed with Vitalik’s address. This can also be hard coded in the contract.

Further, on decompiling, we can find a non-standard transfer function which takes the input for From address and initiates the transfer event. And this is where the contract owner has entered Vitalik’s address to make it look like he is doing the transfer.

The Mishaps in Token Transfer

Here’s how the user mistakes the From address to be the address of the transaction initiator. The spoofing trick works to launch successful attacks on the user by leveraging the ERC-20 token’s design standard and Block explorer’s transparent data display. 

The ERC-20 standard’s transfer and transferFrom functions facilitate adding any arbitrary address as the sender of tokens and that the From address is changed from the contract’s initiator address. 

Block explorers like Etherscan display the From address rather than the tx initiator address, which results in the user bagging the valueless tokens. 

Any Recent Event Of Spoof Token Spam?

The recent announcement of Ukraine’s “airdrop” for rewarding cryptocurrency donations by the user was posted on the Twitter handles.

Source: Ukraine / Україна on Twitter: “Airdrop confirmed. Snapshot will be taken tomorrow, on March 3rd, at 6pm Kyiv time (UTC/GMT +2 hours). Reward to follow! Follow subsequent news re Ukraine’s crypto donation campaign at @FedorovMykhailo” / Twitter

Soon after, Ethereum’s block explorer Etherscan displayed Ukraine’s official wallet holding 7 billion “Peaceful World” tokens for the secret crypto airdrop. 

There were also activities from Ukraine’s official wallet sending tokens to the crypto wallet address that donated to Ukraine’s funds. 

But there were no details of the official airdrop event following the initial post from the authorities(as in token type or the number of tokens to be launched, etc.)

Later, blockchain analysts confirmed that the peaceful world (WORLD) tokens might be a spoof, and Etherscan tagged them as “misleading” and marked them as spam. 

This instance shows how Ukraine’s wallet address is being used to launch a fake airdrop– an instance of token spoofing. 

How To Avoid Buying Spoof Tokens?

The best way is to dig into the transaction details and look into whether the From address and the initiator address of the token transfer is the same.

Although not all the token transfers initiated from different addresses can be necessarily a spoof, using the ‘Token ignore list’ feature in EtherScan that lists the suspicious token in this category, users can stay alert and be watchful of the tokens they interact with. 

QuillAudits In Web3 Security 

QuillAudits is a leading security firm offering protection to established and growing ventures by providing smart contract audit and due diligence services to stay vigilant against web3 hacks. 

Get in touch with our experts for a free consultation in just under 10mins: 

https://t.me/quillaudits_official

242 Views





Source link

Previous Post

Fantom Gained 20.78% in Last Month and is Predicted to Drop to $0.244584 By Nov 12, 2022

Next Post

Spend XRP at These 15 Shops that Accept XRP Payments

btclive365

btclive365

Next Post

Spend XRP at These 15 Shops that Accept XRP Payments

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected test

  • 23.8k Followers
  • 99 Subscribers
  • Trending
  • Comments
  • Latest

How to sell Bitcoin – Bitcoin Magazine

November 9, 2022

Add a Tangible Asset to Your Portfolio: Buy Gold

January 7, 2023

Building Bitcoin Standard In Portugal – Bitcoin Magazine

November 9, 2022

USD/ZAR Rallies as SA President Ramaphosa Faces Potential Impeachment

December 1, 2022

Bitcoin price hits 2-week lows as FTX ‘bank run’ drains BTC reserves

1

Building Homesteader Lifestyle With Bitcoin – Bitcoin Magazine

1

Arbitrum dealings activity rockets 550% since August: Delphi Digital

0

Bitcoin․com Doubles Down on Self-Custody With Launch of Verse DEX – Press release Bitcoin News

0

Gold Glowing into Q2 as Fed Peaks

March 31, 2023

US annual Core PCE inflation declines to 4.6% in February vs. 4.7% expected

March 31, 2023

Bitcoin white paper makes its F1 racing debut on Kraken-sponsored car

March 31, 2023

Crypto Twitter Outrageous As Binance Halts Institutional Withdrawals In France

March 31, 2023

Recent News

Gold Glowing into Q2 as Fed Peaks

March 31, 2023

US annual Core PCE inflation declines to 4.6% in February vs. 4.7% expected

March 31, 2023

Bitcoin white paper makes its F1 racing debut on Kraken-sponsored car

March 31, 2023

Crypto Twitter Outrageous As Binance Halts Institutional Withdrawals In France

March 31, 2023

We deliver up-to-date, breaking crypto news about the latest Bitcoin, Ethereum, Blockchain, NFTs, and Altcoin trends and happenings

Follow Us

Browse by Category

  • Altcoins
  • Bitcoin (BTC)
  • Blockchain
  • Crypto Mining
  • Cryptocurrency News Today
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency

Recent News

Gold Glowing into Q2 as Fed Peaks

March 31, 2023

US annual Core PCE inflation declines to 4.6% in February vs. 4.7% expected

March 31, 2023
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2022 btclive365 All Right Rivered .

No Result
View All Result
  • Home
  • Cryptocurrency News Today
  • Bitcoin (BTC)
  • Altcoins
  • Blockchain
  • Crypto Mining
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency

© 2022 btclive365 All Right Rivered .

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In