Fake Ethereum Tokens Net $53,000 in Just 30 Minutes

decrypt.co 2020-11-24 08:00
Reading time: ~3 m

When Yearn Finance (YFI) creator Andre Cronje tweeted about his new credit lending and loans product, Deriswap, today, a bunch of opportunistic scammers jumped in to ride out its immediate popularity. One such pool made over $53,000 in under 30 minutes.

André just gave an update about deriswap 30 mins back. Someone created a fake token called $DWAP. 60 addresses in less than 15 mins with 150+ ETH.

Aaaaanddd its gone.

Take few mins to hover around etherscan before u jump, it’s not that hard.

— halfapple (@icefrog772) November 23, 2020

Cronje is seen in crypto circles as a prolific developer with a Midas touch. Hype and a “fair” launch (and an extremely low 30,000 supply cap) caused the token prices of his first project, YFI, go from under $30 in July to a peak of $42,000 in September. As a result, hopefuls would pile inordinate amounts of money into subsequent Cronje projects—like Keep3r Network and the now-defunct Eminence—to bank on quick profits, even though they weren't fully tested.

But today, Cronje only released only a product and no token. Perhaps this was to avoid the issue of his loyal userbase plowing into his latest thing and then complaining when there's an issue. But this new tactic, however, didn’t stop scammers from almost instantly issuing fake “DWAP” tokens on decentralized exchange Uniswap to immediately attract traders wanting to pile into the next Cronje moonshot.

A bit of background: Issuing on Uniswap is easy. Anyone can put up a token, create a trading pair with another token (usually Ethereum or a stablecoin like Tether), and supply liquidity to both sides to launch a pool. With a market now created, buyers and sellers are free to join in to trade.

A Blue Cartoon Shilled YFI, Made $1 Million and Vanished

Today, after Deriswap was released, the first such scam pool saw an attacker issue fake DWAP tokens, supply the Uniswap pool with 72.4 ETH, conduct a few trades, attract gullible traders, and exit the entire pool with 162.3 ETH about 20 minutes later. This process netted the scammer over 90.1 ETH, worth over $53,000 at current prices.

They even sent the illicit DWAP tokens to the ‘yearn:deployer’ contract address to make the issuance seem more legitimate, as the below image shows. This is the contract that Cronje controls and makes updates to Yearn Finance from:

A fake pool created with 70 ETH made over 90 ETH in the DWAP scam. Image: Etherscan

Meanwhile, since then, over 30 DWAP pools have been issued on Uniswap, each attracting liquidity and netting scammers with several ETH for their efforts. All this, considering Deriswap did not even exist until this morning.

It’s already 30 Deriswap fake tokens, be cautious. https://t.co/d7HnSfw8oz pic.twitter.com/gUWJNxKxxE

— Stan Gulchenko (@stangulchenko) November 23, 2020

But the scams are part of a larger trend in the DeFi space, with the lure of quick money, easy token issuances—compared to previous years where listings on centralized exchanges were prohibitively expensive for smaller projects—and unaudited smart contracts causing millions of dollars to be lost to intentional scams or hacks each week.

Clearly not the financial future that crypto proponents hoped for—at least not yet.