Airdrops Deployed to Scam Unsuspecting Users

Scammers carried out a honeypot scam using $YEAR token airdrops in a relatively easy to execute scam.

Chung Yee
January 5, 2022
BSC News

Honeypot Scam

Buyer of the token $YEAR learned a painful lesson after what they mistook as a money making opportunity turns out to be a rugpull. $YEAR token that was airdropped to users based on their Ethereum transactions throughout the previous year turns out to be part of a honeypot scam.

The scam was carried out in less than six hours through a website called EtherWrapped that connects to a MetaMask wallet. Eligible Ethereum users will receive $YEAR tokens from the project by 0230 UTC. This airdrop was promoted through a now deleted Twitter account of the fake project.  

Source: The fake EtherWrapped project ‘rewards’ eligible Ethereum users for their on-chain activities with $YEAR tokens

This scam caught its unsuspecting victims because of the hype surrounding airdrops. It came after two legitimate airdrops, OpenDAO ($SOS) and GasDAO ($GAS) were successfully launched. 

How the Scam Works

Source: A honeypot scam works with the scammer placing a bait to lure unsuspecting victims

In a nutshell, a honeypot scam works in the following order: -

1. The attacker deploys a seemingly vulnerable contract and places a bait in the form of funds.

2. The victim attempts to exploit the flaw by placing the required amount of funds but is unable to exploit the contract.

3. The attacker withdraws the bait and the funds deposited by the victim that tried to exploit the contract.

In the case of the $YEAR token, the creator of the contract called the ‘revokeOwnership’ function and made the decentralized exchange Uniswap V2 its new owner. This effectively locked everyone out and the contract evolved into a ‘honeypot’ where it is only possible to make purchases but no sales. This resulted in the token’s price skyrocketing creating more panic buys. 

Source: This site will simulate a buy and sell transaction to determine if a token is a honeypot

Approximately more than 30 $ETHs were drained out in several transactions. In this case, the attacker hides their exploits in plain sight by masquerading as what looks like a novice coding mistake.  

Caution First

In this space, scams will only get more elaborate over time. Therefore, post mortems of malicious operations must be publicly disseminated. It is no longer the case that the early bird gets the worm. A few precautions can be exercised to avoid falling victim such as: -

1. Every project must disclose their team members.

2. The team members must have good credentials. 

3. Smart contract audits are no longer a luxury, it is necessary. 

4. Unknown projects without proper disclosure of its backers must be avoided at all costs.

5. Responsible projects respond to inquiries and criticism 

The crypto market is littered with opportunities. It is alright to miss out on an opportunity rather than to be scammed. Risk management is key. 

Don’t forget to download the BSC News mobile application on iOS and Android to keep up with all the latest news for Binance Smart Chain and crypto! Check out the DeFi Direct Linktree for all the access links! 

Chung Yee

Chung Yee has a legal background and has been involved in research works for the legal and compliance industry. Writing is his passion, centered on topics such as the blockchain and finance. His largest crypto holdings are Solana, Ethereum, and BNB Token.

Text Link

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.