eCommerce News New Zealand logo
The latest digital commerce news for Kiwi businesses
Story image

Check Point Research reveals how hackers run token scams and 'Rug Pull' money - and how to avoid them

By Ryan Morris-Reade
Tue 25 Jan 2022

Check Point Research (CPR) has revealed how scammers are altering smart contracts to create fraudulent tokens. They then use methods to "rug pull" money from people with altered smart contracts, leading to money heists.

The findings come after cryptocurrency research from CPR last October, where the research company identified crypto wallet theft on OpenSea, the world's largest NFT marketplace. In November last year, CPR also found that hackers were using search engine phishing campaigns to steal half a million dollars in only a few days.

The company says hackers will continue to set traps, and it shares four safety tips on how to avoid scam coins. 

What scam coins look like

CPR says some tokens contain a 99% buy fee, which will steal all your money at the buying phase. It says some tokens don't allow the buyer to resell, so only the owner can sell. Some tokens contain a 99% sell fee, which will steal all your money at the selling phase. And some allow the owner to create more coins in their wallet and sell them.
How it's done - The misconfiguring of smart contracts  

Smart contracts are programs stored on a blockchain, they run when predetermined conditions are met. To create fraudulent tokens, hackers misconfigure these smart contracts. 

CPR outlines the steps that hackers use to take advantage of smart contracts:

  • Leverage scam services: Hackers are usually using scam services to create the contract for them, or they copy an already known scam contract and modify the token name and symbol and some of the function names as well if they are really sophisticated.
  • Manipulate functions: They will then manipulate the functions with the money transfer, prevent you from selling, increase the fee amount, and more. Most manipulations will be when money has been transferred.
  • Create hype via social media: Hackers then open social channels, such as Twitter, Discord, or Telegram, without revealing their identity or using fake identities. They will start hyping the project, so people start buying.
  • "Rug and pull" the money: After they reach the amount of money they want, they pull all the money from the contract and delete all the social media channels.
  • Skip timelocks: You usually won't see those tokens lock a large amount of money in the contract pool or even add timelocks to the contract. Timelocks are generally used to delay administrative actions and are mostly considered a strong indicator of a legitimate project.

Tips to avoid scam coins

Having a wallet is the first step to using bitcoins and, by extension, any other cryptocurrency. A key to keeping them safe is diversifying and having a minimum of two different crypto wallets. Use one to store purchases and the others to trade and exchange cryptocurrencies. In this way, they will keep their assets more protected because the wallets also store the passwords of each user. These are a fundamental part of trading cryptocurrencies and having a public key, making it possible for other users to send cryptocurrencies to your wallet. 

Check Point Research says people often search for bitcoin wallet platforms through Google, and this is when they can make one of the biggest mistakes – they click on a Google Ad. Cybercriminals frequently use these links, creating malicious websites, to steal credentials or passwords. It is safer to go to the web pages below the Google Ads. CPR says people typically err on the side of caution, and cybercriminals take advantage of this. Before sending large amounts of crypto, first, send a "test" transaction with a minimum amount to avoid these traps. This way, if the transaction is being sent to a fake wallet, it will be easier to detect the deception and much less will be lost. The company also says activating two-factor authentication is one of the most significant steps that can be taken against any cyberattack. So when an attacker tries to log in, they will receive a message to check their authenticity, preventing them from gaining access. With two-factor authentication, instead of requiring only a password for authentication, logging into an account will require the user to submit a second piece of information, making it more secure.

"Check Point Research is investing significant resources into studying the intersection of cryptocurrencies and security," says Check Point Software head of products, Vulnerabilities Research, Oded Vanunu.

"Last year, we identified the theft of crypto wallets on OpenSea, the world's largest NFT marketplace. And we also alerted crypto wallet users of a massive search engine phishing campaign that resulted in at least half a million dollars being taken in a matter of days. Our latest publication shows what fraud of actual smart contracts looks like and exposes real token fraud in the wild - hiding 100% fees and backdoor functions," he says.

"The implication is that crypto users will continue to fall into these traps and will lose their money. This publication aims to alert the crypto community that scammers are creating fraudulent tokens to steal funds. To avoid scam coins, I recommend crypto users to diversify their wallets, ignore ads and test their transactions."


Related stories
Top stories
Story image
Data Protection
How secure is accounting software data in Aotearoa?
A recent Xero study found ICT spending for NZ businesses has increased 25% compared to pre-pandemic levels, so how safe is accounting software?
Story image
Artificial Intelligence
Salesforce announces new innovations for financial services
Salesforce has launched expanded financial services that offer more targeted and trusted automation to help teams unlock insights, deliver better customer service, and drive operational efficiencies.
Story image
Azure-based technology asBuilt signals better BIM outcomes in NZ
The Microsoft Azure-based asBuilt intelligence hub is helping Kiwi businesses accelerate their building information management potential.
Story image
Digital Transformation
Retailers must invest in new tech to keep up with online shopping demand
There's a higher demand for more purchasing opportunities at our fingertips, as well as greater expectations when it comes to the online customer experience."
Story image
Data crucial to capture shoppers' wallets post-COVID
First-party data strategies key to driving personalisation, customer satisfaction, and long-lasting relationships according to a new report.
Story image
Multiple digital solutions hindering, not helping, Kiwi SMEs
Research has revealed this disconnection of systems is costing businesses time, money and resources, and posing a strategic risk.
Story image
New financial accounting hub can manage 40 million events daily
The new Axway Financial Accounting Hub can manage 40 million events daily and halve costs and integration time for ERP Finance migration projects.
Story image
Mercury launches broadband and fibre packages for NZ customers
Mercury has officially launched Mercury Broadband, giving its electricity and gas customers the ability to add fibre to their existing Mercury account.
Story image
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Manhattan Associates
New late-stage order cancellation to improve customer service
Manhattan Associates launches new service allowing orders to be cancelled up to the point of manifested/loaded status, preventing unwanted shipments and costly returns.
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
Airwallex launches global payment services in New Zealand
The launch will enable businesses in New Zealand to tap into Airwallex's global payments services, offering an alternative to traditional banks.
Story image
Cheetah Digital
Cheetah Digital creates digital success for Starbucks
Cheetah Digital has revealed new insights from its customer Starbucks, demonstrating the success of the company's relationship marketing platform.
Story image
How TruSens air purifiers can create healthier workspaces
The pandemic has heightened our awareness of our own and others’ health, and made us all much more conscious of the environments we work in.
Story image
Hundreds arrested, millions seized in global INTERPOL investigation
A two-month-long investigation by INTERPOL this year involved 76 countries and clamped down on organised crime groups behind telecommunications and social engineering scams.
Story image
Corpay announces new collaboration with Triterras
Corpay and fintech firm Triterras have announced a new collaboration between Corpay’s Cross-Border business and Triterras Inc.    
Story image
Corpay partners with supply chain platform PracBiz Exchange
Corpay's new partnership with PracBiz’s allows more than 4000 B2B suppliers on the latter's platform to use Corpay's global payments services.
Story image
Informatica expands data capabilities partnership with Snowflake
“Informatica and Snowflake’s deep partnership and joint innovations are critical for customers who are looking to drive value from their data."
Story image
Employers look to hire inexperienced coders due to skills shortage
"Even inexperienced workers without prior qualifications or experience had managed to pivot to new roles in coding as long as they are willing to upskill."
Story image
Robust digital warehouse management crucial in Asia-Pacific
Thanks to a network of “cloud” stores, grocery and food delivery providers such as Foodpanda can arrange for these commonly requested items to get packed up and sent over in almost no time.
Story image
Banks, PSPs prioritising payment modernisation to compete
A new report gives payment providers a forward-looking view of the evolution of payments and investment drivers for modernisation.
Story image
Cisco launches AppDynamics Cloud for greater performance
Cisco has launched AppDynamics Cloud, enabling the delivery of better digital experiences by correlating telemetry data from across any cloud environment at scale.
Story image
Skills shortage
Tech salaries increase as skills shortage inflates expectations
More technology professionals will receive a pay rise this coming financial year than last, with skills shortages creating a once-in-a-career market.
Story image
Artificial Intelligence
Salesforce harnesses automated solutions with new developments
Salesforce has launched Sales Cloud Unlimited, a new feature to help accelerate productivity with AI and automation.
Story image
Digital wallets
NFTs are ready to disrupt the ticketing world
The last few months have seen NFTs wielded by digital creators to take ownership over their craft and content. Now other industries are beginning to understand the real-world value that these nifty decentralised tokens can provide.
Story image
Web Development
Whitecliffe fosters careers for the future of tech
Do you want a career in Information Technology, Networking, Web Development, Software Development, or are you looking to upskill?
Story image
Enable launches free Wi-Fi in Christchurch city centre
Fibre broadband provider, Enable, and the Christchurch City Council have launched their new Christchurch Free Wi-Fi service in the central city. 
Story image
Market growth
Salesforce unveils new offerings for consumer goods companies
Salesforce has announced new products for consumer goods companies to help brands navigate increasing market complexity more easily.
Story image
Customer experience
Slingshot partners with Open for single-bill insurance
Slingshot has announced a new partnership with Open that will see house, contents, and landlords’ insurance as well as energy, mobile and broadband delivered on a single bill.
Story image
Unknown connections: How safe is public WiFi in Aotearoa?
If it's not your own household WiFi, then who has control of your data and is your connection actually safe?
Story image
Online identity theft is rising in NZ - here’s what to do about it
It may start with a few stolen details online, but it could end with thousands of dollars missing or worse, a reputation down the drain.
Story image
NOWPayments launches new service to analyse cryptocurrency fees
NOWPayments has launched a new network fee optimisation solution that analyses current network fees and picks the most profitable option out of the client's payout wallets.
Story image
Commerce Commission
ComCom puts electronics sector on notice over resale price maintenance
The Commerce Commission has concluded an investigation into allegations that television manufacturers were engaging in illegal resale price maintenance.
Story image
MYOB improves data visibility and user access with Snowflake
"Solutions such as Snowflake allow us to better understand our customers and make evidence-based decisions on what features work best for them."
Story image
Remote Working
Hands-on review: EcoFlow River Pro Portable Power station
We get hands-on with an extremely versatile device that every remote worker or outdoor enthusiast should consider.
Story image
Adobe adds innovations and capabilities to Analytics offering
Adobe's new services in Analytics deliver a single workspace for brands to unify data and insights across all media types, including metaverse and streaming media
Story image
Chatbots gaining momentum in customer service space
Chatbots are gaining momentum in the customer service space, but a human touch still unbeatable, according to a new study.
Story image
Contact Centre
Customer service agents don't want to return to contact centres
A new report has revealed that 85% of customer service agents want to work full-time at home and not return to contact centre offices.
Story image
Mastercard reveals first-ever album titled Priceless
Mastercard's music album Priceless has been unveiled at the Cannes Lions Festival of Creativity and features 10 songs by 10 artists worldwide.
Story image
Dark web
Cybercrime in Aotearoa: How does New Zealand law define it?
‘Cybercrime’ is a term we hear all the time, but what exactly is it, and how does New Zealand define it in legal terms?
Story image
The link between cybersecurity, extremist threat and misinformation online in Aotearoa
Long story short, it's often the case that misinformation, threat and extremism link closely to cybersecurity issues and cyber harm.
Story image
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
Remote Working
Globalization Partners to improve global talent hire
Globalization Partners says the global availability of its services will make it fast and simple for companies to hire and pay anyone, anywhere in the world.
Story image
Digital innovation could shape the future of NZ - Microsoft
With cloud technologies available to more people around the world than ever before, it is not only businesses who will benefit from using them.