Exposing DeFi executives involved in token impersonation scams.

The DeFi protocol Tres Finance has alerted the community to a scam involving fake tokens that are made to look like legitimate transactions.

In an interview, Tres Finance co-founder Tal Zackon and technical lead Idan David revealed details of the scam, which involves fraudulent transactions that imitate legitimate ones. The scammers try to persuade unsuspecting users to copy the wrong wallet address and send their transactions there.

David explained that scammers often identify and target wallets containing large amounts of stablecoins like Tether (USDT) or USD Coin (USDC). Once they have found their targets, the scammers create similar-looking wallet addresses and tokens that imitate the legitimate ones. David said:

“So, they’re creating a new token that has the same symbol as the original token, and they can create fictitious transactions with tokens that are not marked as scam assets by Etherscan.”

• Know DeFi counterparties for institutional engagement, says BlackRock exec.
• CertiK joins Cointelegraph Accelerator, providing security boost to Web3 startups.
• Raft’s stablecoin rises with traders adopting liquid staking Ether products.

The scammers then create a transaction that mimics legitimate transactions from the wallet address prefix to the number of tokens sent to the address. This makes it look like their target has been the one constantly sending transactions to the wallet address they planted. People who are using their transaction history to get wallet addresses are at risk of sending their transactions to the scammers.

Zackon warned businesses not to use explorers to track their finances. “Do not use explorers to track your financial movements. You have to use a dedicated system that will help you verify the asset, and verify the third party that you’re engaged with,” he said.

Related: CertiK receives $500K bounty after Sui blockchain threat discovery

The warning was also extended to end users. Zackon recommended keeping track of a spreadsheet of the addresses that they are working with. In addition, the Tres Finance co-founder said that it would be better to “double-check each and every transaction” as well as the addresses that users are engaging with.

On Jan. 12, wallet provider Metamask issued a warning about a similar scheme called address poisoning. With this, scammers send tokens worth $0 to wallets using vanity-generated wallet addresses with similar first and last characters to their targets. This populates their transaction history with fraudulent transactions, hoping that the user will make the mistake of copying and pasting the wallet address when sending a transaction.

Magazine: Should crypto projects ever negotiate with hackers? Probably