Check Point Research shows how scammers misconfigure smart contracts to create fraudulent tokens. The report details the method scammers are currently using to “rug pull” money from people and provides examples of smart contract misconfigurations that can lead to money heists. Last October, Check Point Research identified theft of crypto wallets on OpenSea, the world’s largest NFT marketplace. And last November, it revealed that hackers were using search engine phishing campaigns to steal half a million dollars in a matter of days.

In a new report, Check Point Research (CPR) exposes how hackers are creating malicious tokens to steal money.

· Some tokens contain a 99% buy fee, which will steal all your money at the buying phase.

· Some of tokens don’t allow the buyer to resell and only the owner may sell

· Some tokens contain a 99% sell fee, which will steal all your money at the selling phase.

· Some allow the owner to create more coins in his wallet and sell them.

To create fraudulent tokens, hackers misconfigured smart contracts. Smart contracts are programs stored on a blockchain that run when predetermined conditions are met. The report outlines the steps that hackers take advantage of smart contracts:

1. Leverage scam services. Hackers are usually using scam services to create the contract for them, or they copy an already known scam contract and modify the token name and symbol, and some of the function names as well if they are really sophisticated.

2. Manipulate functions. Then they will manipulate the functions with the money transfer, they will prevent you from selling, or increase the fee amount and more. Most of the manipulations will be where money is been transferred

3. Create hype via social media. Then they will open social channels, such as Twitter/discord/telegram, without revealing.