- A new type of memecoin called REPUBLICAN is able to bypass anti-scam filters on popular trading data sites.
- A piece of malicious code allows its programmer to withdraw tokens directly from any crypto wallet.
- So far, traders have bought and sold more than $408,000 worth of memecoin, according to Dex Screener.
Crypto security researchers are sounding the alarm over a new type of memecoin that can bypass anti-scam filters on popular trading data sites that monitor scams.
“What we’re seeing here is an increasing sophistication of fraudulent tokens to avoid detection techniques,” said Michael Lewellen, head of solutions architecture at OpenZeppelin. DL News.
The token, which trades under the ticker REPUBLICAN, appears unassuming on the surface.
Yet buried inside is a nifty piece of code that allows its programmer to withdraw REPUBLICAN tokens directly from any crypto wallet holding them.
Traders trade Ether for REPUBLICAN on decentralized exchanges just to have the tokens they just purchased transferred. The code also secretly gives its creator a near infinite balance of the token.
The malicious memecoin was first spotted by user X called yourfriend_btc on Wednesday before being shared by other accounts.
🚨 SCAM ALERT:
Malicious $REPUBLIAN token contract based
Contains hidden code that bypasses token allocations. The contract can remove $REPUBLICAN from YOUR wallet without authorization.
⚠️Worst of all, it looks LEGIT on Dexscreener. ⚠️
– your friend_🅱️TC_🎹😹 (@yourfriend_btc) October 30, 2024
It’s unclear how much the scammer profited. So far, traders have been buying and selling $408,000 value of memecoin, according to Dex Screener, a popular trading data site.
Additionally, because fraud is easy to replicate and difficult to spot, it may only be a matter of time before similar fraudulent tokens claim more victims.
Join the community to receive our latest stories and updates
Obfuscate backdoors
Newly launched memecoins containing malicious code are generally not a problem for savvy crypto traders.
Security tools can automatically scan the code of new tokens to look for traps.
But audits of three of these tools on Dex Screener showed no problem with the REPUBLIC token. Dex Screener cautions that such audits may not be 100% accurate.
“The industry has recently gotten better at quickly detecting these types of exploits with real-time monitoring solutions,” Lewellen said. “Knowing this, scammers are now resorting to obfuscating backdoors. »
To avoid detection, the person who programmed the REPUBLICAN token wrote additional snippets of malicious code in assembly language, a programming language used to communicate more closely with the underlying machine code.
Assembler language code is harder to interpret, making it harder to detect if it contains malicious properties, Lewellen said.
Malicious tokens have cost traders dearly in the past.
Scam Token Named After Netflix Show ‘Squid Game’ Stolen $2.5 million from traders in 2021. The token contained code that prevented buyers from selling it, so its value could only increase.
Such so-called honeypot tokens are less of a problem today because security tools on sites like Dex Screener make them easy to spot.
According to Lewellen, monitoring solutions should be put in place before too long to identify the assembly language obfuscation technique.
Then, Lewellen warned, the fraudsters will get to work finding other, more creative ways to hide their intentions.
Tim Craig is DL News’ DeFi correspondent based in Edinburgh. Contact us with advice at tim@dlnews.com.