Scammers are taking advantage of memecoin traders by using a memecoin trending list on the GMGN analytics platform to deceive users and steal their crypto. This was revealed in a Sept. 25 X post by security researcher Roffett.eth.
Scammers Inflate Volume to Lure Investors
These cybercriminals create fraudulent coins that allow developers to steal tokens directly from users. They artificially increase the coin’s trading volume by passing it between multiple accounts. This manipulation places the coin on GMGN’s Memecoin trending list, making it appear as if it’s a popular token.
Once a coin gets listed as trending, unsuspecting traders begin purchasing it. However, within minutes of buying, their tokens are quickly drained from their wallets. The developer then resells the coins to other victims through a liquidity pool, continuing the scam.
Roffett identified several malicious coins, including Robotaxi, DFC, and Billy’s Dog (NICK), as being part of this scheme.
GMGN Analytics Targeted by Scammers
GMGN is a popular analytics app used by memecoin traders across various blockchains like Base, Solana, Tron, Blast, and Ethereum. It features several tabs like “new pair,” “trending,” and “discover,” which list tokens based on different criteria.
Roffett stumbled upon the scam when his friends purchased coins from the memecoin trending list, only to have them disappear. One friend even thought their wallet had been hacked. After purchasing the same coins with a new wallet, the tokens were drained once again, confirming the attack.
Curious, Roffett investigated the issue using a block explorer and discovered that it was a form of phishing attack. The scammers used a “permit” function to authorize the transfer of tokens without the user’s knowledge or signature. Even though the user claimed they hadn’t interacted with any phishing websites, their tokens were stolen.
One of the problematic tokens was NICK. Roffett reviewed the NICK contract code and found it contained unusual and suspicious methods.
Hidden Malicious Code Exposed
Upon closer examination, Roffett found that NICK’s contract contained hidden malicious code. This code allowed the developer, or “recoverer,” to call the “permit” function without needing the tokenholder’s signature. Essentially, the developer could steal tokens without the user’s consent.
Even more concerning was the fact that the developer’s address was obscured, making it harder to trace the culprit. However, Roffett managed to decode the contract and traced the address of the malicious developer, which had conducted over 100 transactions, draining NICK tokens from users.
Roffett’s investigation revealed two other tokens—Robotaxi and DFC—with similar malicious code.
Scammers Continue Targeting Novice Investors
Roffett warned that scammers have likely been using this technique for a while, preying on novice investors who rely on trending lists to choose their tokens. He urged users to avoid these lists to protect their funds.
The technique involves manipulating the market to push tokens onto memecoin trending lists, attracting unsuspecting investors, and then stealing their funds. These tactics, known as honeypots, are a growing threat in the crypto space.
In April, a developer drained $1.62 million from victims through a scam token called BONKKILLER, which trapped users by preventing them from selling the token. Additionally, a report from blockchain risk management firm Solidus revealed that over 350 scam tokens were created in 2022.
Roffett’s findings highlight the risks crypto users face and the importance of caution when trading tokens, especially those appearing on trending lists.
Also See: Bitcoin Market Sentiment Surges, But All-Time High May Be Delayed