Attacks and exploits in DeFi. How not to become a victim of a scam in cryptocurrency?
Decentralized finance (DeFi) caused a stir in the crypto space in 2020 and became the most popular application of leading blockchains such as Ethereum. Unlike traditional finance, which relies entirely on intermediaries such as banks to process transactions, the open and decentralized nature of DeFi offered users a way to carry out financial activities such as trading, lending, etc., without intermediaries — using smart contracts.
While DeFi are becoming more popular and liquid, their openness has also led to frequent security breaches, such as hacks and exploits, which cause participants to lose funds every time. In 2020–21, approximately $500 million worth of assets were stolen from DeFi platforms, and the pace and amount of thefts are growing.
Decentralized finance has created new approaches to trading cryptocurrencies and their use, but also provoked new types of fraud.
Here are the types of scams you may not be aware of.
- Rug pull. Attackers create an asset (often disguising it as popular tokens), for which they launch a trading pair and a pool on a decentralized exchange. Other users add their own funds. As a result, the organizers of the scheme abruptly withdraw them, leaving other users with devalued tokens.
Another option: scammers create a decentralized trading protocol and add an exploit to its code. They begin to attract users and their funds to the protocol with high rates of profitability, but in the end they take advantage of the vulnerability of the code and steal all the users’ funds.
- Honeypot. Scammers create a token, issue it on a decentralized exchange and begin to aggressively advertise. At the same time, the smart contract of the token contains a ban on its sale by anyone other than the organizers of the scheme. They start buying an asset, and when its price reaches a significant mark, scammers sell as many tokens as possible, as long as they are worth something.
- Fake tokensale. Another type of scam depicts fundraising activity.
Attackers create a website dedicated to a supposedly new startup and fill it with content so that it creates a plausible impression. In particular, they come up with a description of the “blockchain project” and team members, open pages in social networks.
Next, the camera announces the initial sale of the project tokens, from the participants of which real funds are collected. Shortly after that, the scammers stop being active and take over everything.
In order not to fall for the tricks of scammers, follow simple but effective rules:
- Do not invest in projects that promise, first of all, high profitability, and not a quality product. A conscientious entrepreneur never guarantees profit.
- Before investing in a new project, carefully study its team, read publications about the startup in the media, reviews from recognized experts.
- Do not give your money and cryptocurrencies to little-known traders or companies.
- Check online the history of the project or service to which you plan to send your funds. If there is no mention of it in authoritative sources, it is better not to take risks.
- When trading on decentralized exchanges, beware of “clones” of famous coins. Pay attention to the ticker names and the amount of liquidity in the pool.
- If you decide to use a new decentralized protocol, make sure that independent professionals have conducted a detailed audit of its code.