After the plunge, the DeFi sector has recovered, and many DeFi currencies including AAVE and YFI have shown an upward trend. Take AAVE as an example, it rose by more than 120% in 7 days.
“Allocation of DeFi currency” has become the voice of investors after they stepped down. However, at this moment, a user Wang Ping (pseudonym) reported to reporters that he wanted to invest in DeFi coins, but he bought “counterfeit coins that can only be bought and cannot be sold”. Following Wang Ping’s story, we found that counterfeit currencies in the DeFi field are flooding. Take BitKeep as an example. Nearly 40% of its top 10 currencies are counterfeit. The fraudulent methods of counterfeit currency are also full of tricks, including simple and rude imposters, as well as the “only buy but not sell” rogue mechanism, and the code design that can flexibly control the “sell authority”. It can be said that these counterfeit coins are like blood-sucking worms parasitic in the DeFi field…
“Programmer was cheated by counterfeit money”
Wang Ping, a programmer, was cheated by counterfeit money.
It happened a week ago when Wang Ping bought KP3R, a new project by YFI founder Andre Cronje on the recommendation of a friend. Buying at 170 dollars and selling at 300 dollars, I made 10 Ethereum. Having tasted the sweetness, Wang Ping plans to try again.
On November 3, while browsing the DeFi gains list on BitKeep, Wang Ping found several DeFi currencies that performed well. With the mentality of giving it a try, he chose TRTC and other currencies to invest.
“After I bought it, I found that everyone did not sell it. There were only TRTC buying orders in the market, not selling orders.”
At that time, Wang Ping naively thought that the reason for the lack of selling was that the currency price continued to rise, and everyone was reluctant to ship. Because from the data point of view, this is indeed the case-the rate at which TRTC doubles and rises is visible to the naked eye.
Wang Ping, who thought he was pressing Zhongbao again, boasted about going to Haikou with his girlfriend, and waited until the double eleven day to ship, and used the earned money to buy two iPhone 12. However, things were not as good as Wang Ping had imagined. “When I was about to sell coins, I found that I couldn’t sell them at all, and I kept reporting errors.”
At first, Wang Ping thought that the gas was not enough, so he kept increasing the gas fee, but still couldn’t sell it. Wang Ping felt something was wrong. Without a clue, Wang Ping approached his contract engineer friend Li Gang for help. After opening the TRTC contract address, Li Gang and Wang Ping found that there is such a line of code in the TRTC open source code: require(_from==owner||_to==owner||_from==UNI);
This code stipulates that the TRTC sell order initiator can only come from the Owner, and this Owner is naturally the developer of the TRTC project.
By retrieving TRTC data on the Ethereum browser, Wang Ping found that all sell orders were issued by a player whose contract address was 0xac10Af40abc7C67129b8C256A8C71B896a37d799. The real initiator of the TRTC scam is the player whose address ends in 799.
“Brother Li, is there any turnaround in this matter?”
Li Gang smiled and said nothing.
Wang Ping, who felt that he had been tricked, couldn’t swallow this breath. On November 4, he changed hands and called the 136 TRTCs that he had bought but could not be sold to the tail number 799.
“I wrote the code, but I was cheated by another code writer. Money is a trivial matter, but the feeling of being inferior to humans is really uncomfortable.”
In order to find out, Wang Ping found out that the player whose contract address ends in 799 was a thief in the DeFi field. According to incomplete statistics, in the past month, players with the end number 799 issued a total of 48 counterfeit coins, an average of 1.6 per day, which can be called “fake currency model workers”.
“BitKeep’s top ten gainers, 40% are counterfeit coins”
Since he was deceived because he believed in BitKeep’s gains list, after that, Wang Ping’s first thing at work every day is to observe BitKeep’s gains list.
“I have been observing for several days. The more I observe, the more scary I am.” According to Wang Ping’s description, more than 40% of the top 10 DeFi currencies on the BitKeep increase list are counterfeit.
Taking the list at 15:00 on November 11 as an example, the reporter found that the second-ranked WELL, the third-ranked KKS, and the fourth-ranked KPR4 are all counterfeit coins.
For this reason, BitWell officially issued a statement stating that WELL has not yet entered circulation on the chain. The WELL contract address, price, total issuance, and online time appearing on Uniswap are all false information. Although there is no code that locks the user’s selling channel in the WELL contract code, there is still a risk that the developer will suddenly withdraw liquidity. More coincidentally, KPR4 (this name is the popularity of KP3R) is still from the hand of the above-mentioned tail number 799.
In the contract code, we also found similar codes.
KKS, ranked third, although not from the end number 799, we also found the same code in its contract code.
“Don’t look at this code with a lot of things added, but in fact it is still changing the soup instead of the medicine.” Li Gang said.
The author set up a condition for confirming the transfer in the code, which is require(ensure(_from,_to,_value)) in the second red box in the text.
In this code, from and to are directly related to the conditions in the first red box, that is, only the developers themselves or Uniswap can trade.
And the following from==tradeAddressIIcanSale[_from] means that developers can open trading rights to some specific addresses.
“But it’s not that simple.”
Because all tradeAddress ultimately points to the Owner.
In addition, the function condition (address _from, uint _value) in the code stipulates that if a user wants to sell tokens, the amount sold at one time must be between the minimum and maximum values set by the developer.
It can be said that compared to those counterfeit currency projects that directly block the selling authority, KKS is a new version after the upgrade, which can flexibly grasp the “sell authority”.
According to Li Gang’s analysis, firstly, because there are more counterfeit coins on the market that “can only be bought but not sold”, BitKeep will test the project for sale, and the design of KKS just happened to escape BitKeep’s review. Secondly, users have been deceived a lot, and they are also vigilant about the project. Initially, the opening of the selling authority can let some users put down their guard. When the currency price rises, by adjusting the threshold, it can play a role in sealing the selling channel in disguise. effect.
“These coins can’t even be called counterfeit coins, they should be called fraudulent coins.” Li Gang said.
Indeed, by playing investors between applause in the code, even programmers with a technical basis can be deceived, let alone ordinary investors who do not understand the code. Take TRTC as an example. Just before Wang Ping gave out 136 tokens to developers, some people even bought 33555 TRTC for US$22,000.
“A profitable counterfeit currency business”
Since the popularity of DeFi mining due to liquidity, counterfeit coins, or fraudulent coins, have followed suit, like a blood-sucking worm parasitic in the DeFi field.
For example, YFIII that followed YFI and YFII.
At that time, the project team stated that users only need to fill in the Ethereum address or invite new users to get YFIII, or they can also crowdfund YFIII at a ratio of 1ETH=90YFII. In fact, airdrops are just a trick to scams. The main purpose of scammers is to attract users to use Ethereum to participate in crowdfunding. Because this kind of scam appears for the first time, many users want to get early chips and get high profits, and they naturally fall into the trap.
Therefore, in just one day after YFIII went online, the crooks collected 270,000 worth of ETH.
Coincidentally, on July 7 this year, the decentralized derivatives project Opium warned users on Twitter that there was a fraudulent token called Opium on Uniswap, which was traded in the name of OPM, but in fact the real Opium project itself There is no native token.
That is, on the same day, there were also counterfeit coins posing as DeFi protocol dYdX.
At present, as long as you check a DeFi currency on BitKeep, there is a high probability that a currency has several identical or similar names, among which there are many fake coins.
The reason why counterfeit currency is prevalent in the DeFi field is that unlike the past ICO fundraising and issuance, the issuance of coins in Uniswap does not require listing fees, or even certification and auditing. Only two fund pools need to be established. “Everyone can issue coins. “.
In addition, most of the project codes on Uniswap are open source, making it extremely easy to issue counterfeit coins.
Just prepare a Google browser, install a little fox Metamask wallet, prepare a little Ethereum, and then copy a piece of open source code. The entire preparation is complete.
Next, you only need to upload the contract Folk on the online contract publishing website http://remix.ethereum.org/, set the token name, Ethereum decimal point accuracy, add tokens, connect to the wallet, select the fund pool, and add liquidity Sex. Issuance is complete.
The entire process of issuing coins takes only a few minutes.
After the currency is issued, the organized counterfeit currency team will raise the price of the currency while making the market, while conducting community calls to attract speculative retail investors.
The more buddhist counterfeit parties do not even carry out publicity. They only increase the price of the counterfeit currency to obtain the inclusion of platforms such as BitKeep, and then use the traffic portal of BitKeep to complete the promotion without spending any human and financial resources.
Almost zero costs, high returns without risk, and a profitable “business model” make the issuing of counterfeit currency more and more rampant.
There is one more interesting thing about issuing counterfeit coins: Uniswap airdropped platform coins to users in September, but the irony is that in this epic airdrop, it is not loyal users and liquidity providers that get the most benefits, but counterfeit coins. Developers.
Because some professional counterfeit currency accounts have accumulated a lot of Ethereum addresses that interacted with Uniswap by issuing counterfeit currency, they have earned a lot of money from UNI airdrops.
As a result, some players sigh that the world is silently rewarding those who issue fake coins.
Recently, with the recovery of DeFi, DeFi coins have become the focus of investors’ attention. In the future, with the further development of DeFi, the number of users and funds will increase. Of course, more secret and smart counterfeit coins will also appear. It is a challenge for both the platform and the users.
At present, for platforms and traffic portals like BitKeep, the review of new projects should be further strengthened, and counterfeit and fraudulent coins should be kept out as much as possible.
For the majority of users, in the turbulent and scam-prone cryptocurrency field, what we can do is perhaps curb greed and increase vigilance.
After all, the counterfeit currency held cannot be sold, and even if there is an increase of tens to hundreds of times, it will eventually be a “mirror”.
