Counterfeit currency attacks on the currency circle: how to prevent it effectively?

Text|嚯嚯

Edit |

In the past month, EOS, HT and other currencies have experienced fraud. According to the person from the blockchain security company, almost all the currency currencies in the currency circle have fake money.

Through the smart contract, the counterfeiters can issue the same fake tokens as the token name, description, logo, etc. The exchange, DApp, and individual users are the targets of the counterfeiters.

The only flaw is the difference in the contract address of the real and counterfeit currency, but for ordinary holders, it is still a threshold that is not easy to identify. The fake token often takes away the true assets of the victim.

When fake tokens flow into the currency circle and become more and more rampant, asset security issues are undoubtedly worthy of attention.

Gao Ziyang, co-founder of Chengdu Chainan Technology, said that using a well-known browser to view chain transactions and pay attention to the status of tokens can effectively prevent counterfeit currency.

Exchange, DApp into counterfeit currency delivery object

Recently, the news of 1 billion counterfeit coins on the EOS public chain is of concern.

At 14:20 on June 21, Beosin Chengdu Chain Security issued a security warning. The user named "larry5555555" issued 1 billion "EOS counterfeit coins" and distributed them to several trumpet. It is estimated that the market value of the counterfeit digital currency book exceeds 40 billion yuan.

After discovering a large number of fake EOS, Chengdu Chain Security quickly reminded the project party to make emergency measures and early warning preparations. If necessary, it should seek security company code auditing to avoid damage to user assets.

Fortunately, as of the time of writing, no blockchain project parties or exchanges have been affected by this counterfeit currency incident.

This is the second counterfeit currency incident since June. Just the day before the EOS counterfeit currency warning appeared, HT also had a fraud incident, and some users suffered asset losses.

On June 20th, CoinHunter, a digital asset tracking platform, monitored that scammers were able to spoof the ETH into the scammer's account by claiming that the ETH could be exchanged for HT at a ratio of 1:177. And this so-called "HT" is just a fake Token issued by the scammer.

HT is a general-purpose point issued by the Ethereum based on the Ethereum public chain. The fire currency data shows that the exchange ratio of ETH and HT is about 1:78, which is much lower than the 1:177 claimed by the counterfeiters.

The exchange ratio between ETH and HT is about 1:78.

According to CoinHunter, counterfeiters have successfully obtained fraudulent amounts of up to 969 ETHs by decoying cheap users, with a market value of over 2 million yuan, of which 885 ETHs were defrauded by a single user.

It can be seen from the two counterfeit currency incidents that the purpose of fraud is to directly replace the real currency. According to the previous case, the target of the counterfeiter is not only the ordinary white holder, but even the public chain, and the DApp built on the public chain has become a place to replace the counterfeit currency.

On April 12th, the wave field DApp Tronbank suffered a counterfeit currency attack, which identified the unscrupulous token issued by the attacker as a BTT token worth 850,000 yuan, causing huge losses.

The Chengdu Chain Security team analyzed that the main reason for the counterfeit currency incident was that the Tronbank Smart Contract did not strictly verify the unique identifier of the token, so that the counterfeit currency successfully flowed into the account.

Gao Ziyang, co-founder of Chengdu Chain Technology, told Honeycomb Finance that whether the counterfeit currency can be cashed depends mainly on whether the verification logic of the exchange or the project party is strict. “If the party is not verified, it may be subject to counterfeit currency deception.”

Most mainstream currencies are fraudulent

At present, "counterfeit currency incidents" have been commonly found in the Ethereum, the wave field, the EOS and other public chains. So why are these public chains a target for counterfeiters?

“In fact, as long as there is no public chain that restricts the name of the currency, there will be a phenomenon of counterfeit currency.” A technician at a decentralized exchange told the Honeycomb Finance that “the principle of counterfeit currency attack and counterfeiting is basically the same.”

Gao Ziyang used the counterfeit USDT on the market as an example. “At present, almost all public chains with open currency functions can send heavy tokens. The main way is to issue personal tokens with the same name and icons as the target currency.”

USDT counterfeit list screenshot

He provided a chart of USDT counterfeit currency, of which 5 counterfeit coins appeared, and 4 were directly named after “USDT”. In fact, USDT is a stable currency introduced by Tether. The issue and transaction use Omni (formerly Mastercoin) agreement. "The real USDT is actually called TetherUS on the Omni agreement."

USDT on the Omni protocol

Open the EOS, Ethereum, wave field and other public chain block browsers, if you search for BNB, OKB and other well-known projects, it is not difficult to find that the same name Token is widespread.

Gao Ziyang said that the emergence of counterfeit currency is not due to the existence of loopholes in the above-mentioned public chain or token itself. "The issuance of the same-name token is a legitimate business scenario for the major public chains. Although some attackers have maliciously used this service, the token issuance mechanism itself. There is no problem. It is only in the scenario of using tokens that we need to improve our security awareness, carefully judge and avoid being deceived and suffer losses."

Taking the EOS public chain as an example, since the smart contract of the EOS public chain does not uniquely limit the name of the Token, anyone can issue a token called EOS. A decentralized exchange tells Honeycomb Finance that the only way to identify a true and false Token is to determine the issuer of the currency contract, that is, the EOS account that issued the token.

 

Be wary of low prices to seduce against personal transactions

Compared with real-world legal currency, the issuance cost of digital currency is very low, and the smart contract brings the freedom that everyone can send money. It also becomes a bad tool for those who are not motivated. Master some of the precautions necessary to become a digital currency holder.

According to an exchange practitioner, the only point of differentiation for a Token issued through a smart contract is the contract address. Other names such as token names, descriptions, interfaces, etc. are internal to the smart contract, and there is no limit.

The above-mentioned people believe that "the cost of fraud is not high, and the user's alertness is low, which is the root cause of counterfeit money. For individual users, counterfeiters usually invest in investment, arbitrage, quantitative trading, and low-cost exchange. Defrauding real money."

Exchanges and project parties can still identify the true and false currencies through technical means, so how should the small white users prevent these counterfeit coins?

A decentralized exchange tells the Honeycomb Finance that users who have just entered the currency circle often do not have the ability to distinguish between true and false coins. Therefore, it is best to conduct OTC transfers and transactions through reliable channels, not to choose to deal directly with individuals, or to have insufficient credit. Operate on a third-party platform.

For users with a certain trading experience, Gao Ziyang's suggestion is to use a well-known browser to view the chain transactions, and pay attention to the status of the token, "this will effectively prevent counterfeit currency."

If it is really impossible to distinguish between true and false, the Slow Fog Safety Team gives advice to recharge the assets in the digital wallet to the exchange to see if it can be recharged successfully, and the fake digital assets will not be credited to the exchange. Users can also check with the official tokens of the tokens. "But any person who has an exchange or a logo on the wallet of the wallet is not necessarily a real official. Therefore, be sure to find the official channel when verifying."

Interaction time

Have you ever encountered a counterfeit currency scam?

Source: Public Number: Honeycomb Finance News