DeFi Executives Unmask the Continual Token Imitation Scams

16 views 9:15 am 0 Comments June 28, 2023

Tres Finance’s co-founder, Tal Zackon, emphasizes the risk of relying on explorers for finance tracking, in light of ongoing scams involving counterfeit tokens.

Tres Finance, a prominent player in the decentralized finance (DeFi) landscape, recently raised an alert regarding a scam that exploits fraudulent tokens designed to imitate legitimate transactions. The company’s co-founder, Tal Zackon, and technical lead, Idan David, provided an insight into this duplicitous operation.

According to the Tres Finance team, fraudsters replicate authentic transactions in a bid to trick users into copying an erroneous wallet address, ultimately redirecting their transactions to the scammers. David elaborated on how scammers often target wallets possessing significant amounts of stablecoins such as Tether (USDT) and USD Coin (USDC). Having identified their targets, they fabricate similar wallet addresses and forge tokens mimicking the authentic ones.

David stated, “These perpetrators design a new token bearing the original token’s symbol, and they can manipulate transactions with tokens that Etherscan does not mark as scam assets.”

Scammers then conduct a transaction that mirrors a genuine one, starting from the wallet address prefix to the amount of tokens sent to the address. This gives an impression that their target has been consistently initiating transactions to the contrived wallet address. This scam method poses a risk to those who refer to their transaction history for wallet addresses, as they may unwittingly forward their funds to the scammers.

Zackon’s advice to businesses is to steer clear from using explorers to monitor their finances. He stressed the need for a dedicated system that can facilitate asset verification and third-party engagement checks. The same caution extends to regular users as well. As a preventive measure, Zackon suggests maintaining a spreadsheet of frequently used addresses. He also advocates for users to thoroughly cross-verify every transaction and the addresses involved.

Earlier this year, on January 12, wallet provider MetaMask flagged a related scam strategy known as address poisoning. This scheme involves scammers dispatching zero-value tokens to wallets using vanity-generated wallet addresses. These addresses share similar initial and final characters with their intended targets. This action populates their transaction history with fraudulent transactions, with the hope that the user will accidentally copy and paste the scammer’s wallet address when executing a transaction.