As the Web3 world evolves, so too do scam techniques. As crypto literacy continues to grow among all demographics, scammers are developing new approaches and refining old tricks to bilk victims out of their assets.
One of the newer schemes is referred to as the honeypot scam. This tactic may have a soft name, but can create severe losses.
The term “honeypot” is commonly used in cybersecurity to describe a deceptive setup designed to attract individuals.
Honeypot scams include several fraudulent schemes. One of them involves smart contracts that feign a design flaw that allows any user to extract Ether (ETH) — Ethereum’s native currency — from the contract by sending a certain amount of Ether in advance. However, when a user attempts to exploit this apparent vulnerability, a hidden trapdoor, unbeknownst to the user, thwarts the attempted Ether siphoning. The primary goal is to focus the user’s attention solely on the visible vulnerability while hiding any evidence of a secondary vulnerability within the contract.
The scam operates by luring victims using an apparently easy-to-access wallet. For example, the wallet’s recovery phrase may have been “leaked.” Victims try to access it, thinking they can transfer funds from this wallet. To make the transaction to their own wallet, victims must often deposit a native network token to cover the transaction fees. However, a script or “sweeper bot” swiftly redirects these tokens elsewhere before the victim can act.
To identify such scams, crypto holders should look for unsolicited seed phrase shares, immediate wallet transfers upon deposit, or unfamiliar direct messages on social platforms.
Honeypot schemes can be easily detected by Web3 Antivirus (W3A), a browser extension that can perform a smart contract and token analysis in real time. The tool can integrate with Chrome, Firefox, Brave and Edge, enabling crypto users to interact safely with decentralized finance (DeFi) and Web3 applications.
Web3 Antivirus constantly updates to keep pace with scammers and their freshest schemes. In one of its latest updates, version 0.10, the tool significantly improved the precision of honeypot detection. The antivirus can identify the exact type of honeypot that users encounter, keeping them away from potential losses.
Besides honeypots, version 0.10 introduced the detection of the following new scams:
- Direct transfers. W3A immediately identifies direct ETH and ERC-20 token transfers. These unrecorded, unregulated transactions come with a high risk of loss, with scammers likely to claim your tokens.
- eth_sign signatures. W3A outsmarts phishing sites by detecting and blocking malicious eth_sign requests.
- Permit attacks. Fraudsters exploit Permit and Permit2 signature vulnerabilities to gain access to victims’ ERC-20 tokens. W3A detects these attacks, providing users with timely warnings.
- Phishing contracts and swaps. W3A monitors transactions designed to empty user wallets, warning them instantly. It also tracks swap transactions.
The Web3 security tool detects sketchy moves not only of a contract the user may interact with, but of all related contracts. Thus, it can see if a contract had been involved in rugpulls, Ponzi schemes, terrorism financing, spam or theft.
Source: Web3 Antivirus
At the beginning of September, W3A also released version 0.11, the most up-to-date upgrade. It brings more clarity to transaction details, showing possible decentralized exchange (DEX) pairs and their liquidity whenever users want to buy ERC-20 tokens.
The latest version also monitors transaction tax fees, alerting users whenever the commission exceeds 15%, while anything above 50% is flagged as a honeypot scam altogether.
From now on, Web3 Antivirus is also available for the Spanish-speaking audience, and its localization specialists are working to extend the language options.
Thanks to Web3 Antivirus, the Web3 space is safer, which is essential for mass adoption. Scam techniques like honeypots, permit attacks and phishing are quickly detected by this tool, preventing crypto users from potential losses.
Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you with all important information that we could obtain in this sponsored article, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor can this article be considered as investment advice.