温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.bee.com/id/27151.html
点击访问原文链接

Safe investment starts here: DeFi staking fraud prevention guide | Bee Network

进入原网站 导航首页
Safe investment starts here: DeFi staking fraud prevention guide | Bee Network Login Berita Trending Meme Launchpad Agen AI DeSci Penjelajah Rantai Atas Untuk Newbee 100x Koin Permainan Lebah Situs Web Penting APLIKASI yang Harus Dimiliki Selebriti Kripto DePIN Pemula Penting Detektor Perangkap Alat Dasar Situs Web Tingkat Lanjut Pertukaran Alat NFT Hai, Keluar Alam Semesta Web3 permainan DApp Sarang lebah Platform Berkembang IKLAN Mencari Bahasa inggris Isi Ulang Koin Gabung Unduh Universitas Web3 permainan DApp Sarang lebah IKLAN rumah-Analisis-Investasi aman dimulai di sini: Panduan pencegahan penipuan staking DeFi Investasi aman dimulai di sini: Panduan pencegahan penipuan staking DeFiAnalisis1 tahun yang lalu (2024)发布Wyatt 40,2261 8

Hash ( SHA1 ) dari artikel ini: 14f211363c25423b3eb2472ade8865dc95a14513

Code: PandaLY Anti-Fraud Guide No.001

I believe that friends who follow us at Lianyuan Technology must have a certain understanding of DeFi. Indeed, in some cases, participating in the staking of DeFi platforms, especially the common USDT staking, can indeed bring lucrative returns. However, along with opportunities come various scams. Many criminals take advantage of investors lack of understanding of blockchain technology and project details to design a series of traps. A common method is to attract you to pledge investment on unknown DeFi platforms under the banner of higher yield than xxx platform, and these platforms often use the return rate far exceeding that of traditional DeFi platforms or exchanges as bait. When they have defrauded enough funds, they will run away with the money, leaving investors with nothing.

In order to help everyone avoid such scams, today we will combine a typical DeFi scam case that occurred recently to deeply analyze the routines and operating methods. At the same time, we will also provide you with some practical prevention tips to help you better identify potential risks and protect your assets when participating in DeFi projects.

What is DeFi staking?

DeFi staking is a common method in the field of decentralized finance (DeFi), where users can lock their crypto assets in smart contracts, participate in network operation and maintenance or provide liquidity, and receive corresponding returns. This process is similar to a bank time deposit, where users temporarily lock their assets in exchange for interest or other rewards.

DeFi staking usually takes the following forms:

Proof of Stake (PoS): In some blockchain networks based on the PoS mechanism, users can stake a certain amount of cryptocurrency to participate in block verification and network maintenance. The more the amount staked, the greater the chance of obtaining verification, and users can also obtain a certain proportion of block rewards.

Liquidity mining: Users deposit their crypto assets into decentralized exchanges or liquidity pools to provide liquidity and facilitate smooth transactions. In return, users can receive a certain percentage of the handling fee income or the platforms native token rewards.

Lending and pledging: Users can pledge crypto assets to decentralized lending platforms, use them as collateral to borrow another asset, and earn interest on the pledge. In this process, users pledged assets will still generate income, but they can use the borrowed funds for other operations.

At present, liquidity mining is the most common DeFi project, so today we will mainly talk about liquidity mining.

Liquidity Mining Scam

Recently, we encountered an enthusiastic user who reported a DeFi website called ve.finance to us. The original words of the reporting user are as follows:

I am a victim of the ve.finance scam. The contract address of VE is

https://etherscan.io/address/0xdaef06a5fbf22cc67e521f937ab2a8e687558d74#code and has been successfully marked as a scam. But I discovered that they have opened a new website:

https://ethnano.com/,the contract address is:

https://etherscan.io/address/0xb53653f74c9ba313f764e7404bfeffab3500d25c.

Their website design, the API used, and the CODE of the contract are all exactly the same. I still havent seen any scam tags. I hope this will reduce the number of victims joining the scam.

To put it simply, users encountered a fraudulent website under the name of discounted pledge. This website did not conduct phishing through various authorizations, but instead tripped up users through the smart contracts used in pledge. In addition, the webpage frequently changed the domain name, so that victims might not be able to find the previous website after being deceived.

When we open the page according to the URL given by the user, MetaMask directly blocks us from opening the website and pops up a warning that the website is a high-risk website, but who are we? We are the ruthless people who ignore the risks and continue to install. Click to continue to visit the website, and we come to the pledge scam website interface shown in the figure below.

We clicked on the first smart contract address reported by the user, 0xdaef06a5fbf22cc67e521f937ab2a8e687558d74

After analysis, we found that this nasty scammer set the super users account address in the smart contract. And set a function:

function adminSendEth(address payable destination, uint amount) public onlyAdmin {

destination.transfer(amount);

}

What does this function mean? First of all, the function name is adminSendEth, which means that only I, the super user, can send this function. Then we turn our attention to onlyAdmin, which means that only I, the super user, can call this function.

So what does this function mean? It is very simple, it directly transfers the balance amount I specify to the account address address I specify.

After users pledge their money through this smart contract, scammers can directly transfer the money pledged at the smart contract address. When users check the smart contract and find that there is no money in the smart contract account, they realize that they have been cheated.

Then we click on another contract provided by this enthusiastic user: 0xb53653f74c9ba313f764e7404bfeffab3500d25c

The difference between this contract and the previous one is that it contains a function named Exchange. The specific implementation code of the function is as follows:

function Exchange(address user) external onlyOwner {

require(!_blacklisted[user],User is already blacklisted.);

_blacklisted [user] = true;

emit Blacklisted (user);

}

The name of this function is conversion, and the content implemented in it is also very simple. As long as you are not in my blacklist, I will put you in the blacklist. If you are in the blacklist, oh~ then you just stay there~

So once you stake in this contract, this function will be called automatically and you will be thrown into a small dark room, and you won’t be able to get a penny out.

Scam Prevention

So how to prevent DeFi staking scams?

1. Review project official website

The first step is to make sure the website we are visiting is legal and safe:

SSL certificate: Remember that any legitimate website should have an SSL certificate and make sure the website starts with https. SSL certificates can encrypt communications between users and websites to prevent information leaks and phishing attacks. If you see a DeFi staking platform without an SSL certificate or starting with http, leave immediately to avoid risks.

Team transparency: A credible project must have an open and transparent team background. We can find information about the project team on various social media, such as Twitter, to ensure that they have public social media and can trace the projects they have participated in in the past.

Website: If the project team is reliable, we can look for the relevant website of their pledge on their official social media. Remember, do not click on the website that is not officially endorsed, as it may be a counterfeit phishing website.

Unreasonable promises: When a staking project promises “high returns” or “zero risk”, it is most likely a scam and we need to be vigilant.

Exchanges: Binance, EURUSD and other leading exchanges all have their own corresponding pledge investment products. We don’t have to go to some unknown small platforms. Although the returns may not be that considerable, the security is definitely guaranteed.

2. Check the Smart Contract

I believe that after reading the above cases, we will find that smart contracts are the core of staking projects, and any malicious code will cause funds to be unable to be retrieved. Therefore, it is important to carefully review:

Contract audit: Use a blockchain browser (such as Etherscan) to check whether the projects smart contract has been audited by a third party. We can check whether the project contract has been audited by an authoritative auditing agency (such as CertiK, OpenZeppelin). The audit report will reveal whether there are security vulnerabilities and potential risks in the contract.

Code details: If you have a certain level of coding skills, please be sure to review whether there are backdoors (blacklist, whitelist, etc.) in the contract code, as well as terms such as lock-up period and withdrawal restrictions to ensure the security of funds. Of course, if you don’t understand the code, you can copy the code to GPT or other AI and ask them, and they will give you the correct answer.

Be careful with authorization: When you interact with a staking project, the smart contract will ask you to authorize access to your wallet. Be careful with unlimited authorization. If you grant unlimited permissions, malicious contracts may transfer your funds at any time.

3. Community Verification

Joining the project’s community is also an important way to verify the authenticity and popularity of the project, because it is likely that the Twitter account’s followers are fake:

Social discussion: You can join official communities such as Telegram and Discord to check out the chat history and atmosphere of the community and understand the reputation of the project. If everyone in a community is bragging or showing off their own profits, it is likely to be a scam project. Members of a good community communicate very objectively.

Be wary of private promotion: If a project is only promoted in private groups or is not open and transparent, there may be risks. Be sure to pay attention to projects where teachers make money and one-on-one projects. Projects that only rely on word of mouth to attract people are definitely not good projects.

IV. Liquidity and transparency

Next is the advanced part. Generally speaking, the liquidity and transparency of the project pool are key indicators for evaluating the security of the project:

Liquidity pool lock: Liquidity pool provides the basic fund pool for projects to trade. You can check whether the liquidity pool of the pledged project has been locked through the blockchain browser. Liquidity lock means that the project party cannot withdraw or transfer funds at will to prevent malicious running away. If the liquidity pool is not locked, the project party may withdraw funds at any time, resulting in the situation where users cannot withdraw pledged assets.

Sufficient liquidity: The larger the liquidity pool, the smaller the slippage (price difference) when users trade assets, and the easier it is to withdraw funds. Check the depth and adequacy of the liquidity pool to ensure that there is enough funds in the pool to meet users staking and withdrawal needs. Projects with insufficient liquidity may result in the inability to withdraw funds smoothly.

On-chain transparency: The transparency of a projects funds is an important factor in determining its credibility. You can use blockchain browsers (such as Etherscan, BscScan, etc.) to track the flow of project funds and check whether funds are withdrawn on a large scale or concentrated in a few addresses. In addition, you can set up a monitoring wallet to automatically track the flow of key project funds and receive timely reminders. This measure can help you detect any suspicious fund operations in advance and avoid becoming a victim of a scam.

Kesimpulan

In general, although DeFi staking projects seem to be full of opportunities, the risks cannot be ignored. In particular, many novice friends may be attracted by high returns and ignore the security of the project itself. We have seen too many similar scams, from fake websites, malicious smart contracts to community order-swiping, with various means. Therefore, everyone must do their homework when staking, from reviewing the projects official website, checking smart contracts, observing community activity, to analyzing capital liquidity, each step is very important.

The blockchain world is decentralized. Because of this, the security of personal funds depends more on ones own judgment and prudence. Dont be blinded by the so-called high returns. Projects that often promise zero risk and guaranteed returns often have hidden risks behind them. Security is always more important than high returns. This is the most important thing we should remember in DeFi staking.

Through todays sharing, we hope to make everyone more rational and cautious in the future staking process. Whether you are a novice to DeFi or an experienced veteran, pay more attention to the transparency and security of the project to avoid falling into the trap of scams due to negligence. If you have any questions or concerns, you can always leave a message to discuss. We are very happy to help you better protect your assets! After all, in this decentralized world, learning together and helping each other is the most secure investment strategy!

Lianyuan Technology adalah perusahaan yang berfokus pada keamanan blockchain. Pekerjaan inti kami meliputi penelitian keamanan blockchain, analisis data on-chain, dan penyelamatan kerentanan aset dan kontrak. Kami telah berhasil memulihkan banyak aset digital yang dicuri untuk perorangan dan lembaga. Pada saat yang sama, kami berkomitmen untuk menyediakan laporan analisis keamanan proyek, keterlacakan on-chain, dan layanan konsultasi/dukungan teknis untuk organisasi industri.

Terima kasih telah membaca. Kami akan terus fokus pada dan berbagi konten keamanan blockchain.

This article is sourced from the internet: Safe investment starts here: DeFi staking fraud prevention guide

Related: Foresight Ventures: Intent Asset, the entry point for large-scale application of Web3 assets Original author: Mike@Foresight Ventures The revolution of idle assets In 2013, Alibabas Yuebao was launched, bringing asset management into a new era. Before that, it was difficult for ordinary users to find a safe and efficient way to manage their idle funds. Banks current deposit interest rates were low, and financial products were complicated and difficult to understand. The birth of Yuebao changed everything. The birth of Yuebao It was an era when Internet finance had just emerged. The Alipay team realized that users often had some idle funds in their payment accounts. If these funds could be invested, it would not only bring benefits to users, but also improve user experience. So they jointly launched a product called Yuebao with Tianhong Fund. Yuebao is easy to use. Users only…

Analisis ## Tanda© 版权声明Array 上一篇 100 Selebriti Teratas Farcaster: Membangun Umpan Berkualitas Tinggi 下一篇 Cara Terbaik Membeli Bitcoin dan Apa yang Harus Dilakukan Dengannya 相关文章 The Rise of the Machine Economy: How Web3 is Driving Robots from Tools to Autonomous Systems 6086cf14eb90bc67ca4fc62b 15,156 3 24H Hot Tokens and Key News|Trump Claims Capture of Venezuelan President Maduro; US SEC “Anti-Crypto” Commissioner Carol 6086cf14eb90bc67ca4fc62b 11,996 1 One-week token unlock: EIGEN unlocks nearly 11% of circulating tokens 6086cf14eb90bc67ca4fc62b 20,937 1 A single-day bloodbath wiped out $200 million in short positions, with ETH breaking through $4,200 to hit a 45-month hig 6086cf14eb90bc67ca4fc62b 26,678 4 Fokus pada TOKEN2049: Apa saja hal baru yang menarik dari pasar kripto yang telah lama tidak aktif? 6086cf14eb90bc67ca4fc62b 42,613 Wash trading, gaming, and disillusionment: Is the end of crypto airdrops here?Recommended Articles 6086cf14eb90bc67ca4fc62b 23,207 4 1 komentar Anda harus login untuk meninggalkan komentar! Segera masuk #BeelieverTYRDVMI Tamu “If you’ve lost money fraudulently to any company, broker, or account manager and want to retrieve it, contact www.Bsbforensic.com They helped me recover my funds!”

12bln lalu artikel Terbaru Did Jane Street “Manipulate” BTC? Decoding the AP System, Understanding the Power Struggle Behind ETF Creation and Redemption Pricing 16 jam yang lalu 539 Stop Comparing Bitcoin to Gold—It’s Now a High-Volatility Software Stock 16 jam yang lalu 648 Matrixport Research: $25 Billion Gamma Unwinding Imminent, Liquidity Yet to Return Behind the Rebound 16 jam yang lalu 597 ERC-5564: Ethereum’s Stealth Era Has Arrived, Receiving Addresses No Longer ‘Exposed’ 16 jam yang lalu 520 Hong Kong Regulatory Green Light: Asseto Enables DL Holdings to Achieve Compliance for Two RWA Business Implementations 16 jam yang lalu 563 Situs Web PopulerTempoLighterGAIBGliderPlanckRaylsBCPokerVooi Bee.com Portal Web3 terbesar di dunia Mitra KoinCarp binance KoinMarketCap KoinGecko hidup koin Armor Unduh Aplikasi Bee Network dan mulai perjalanan web3 Kertas putih Peran Pertanyaan Umum © 2021-2026. Semua Hak Cipta Dilindungi Undang-Undang. Kebijakan pribadi | Ketentuan Layanan Unduh Aplikasi Jaringan Lebah dan memulai perjalanan web3 Portal Web3 terbesar di dunia Mitra CoinCarp Binance CoinMarketCap CoinGecko Coinlive Armors Kertas putih Peran Pertanyaan Umum © 2021-2026. Semua Hak Cipta Dilindungi Undang-Undang. Kebijakan pribadi | Ketentuan Layanan Mencari MencariDi dalam SitusDi RantaiSosialBerita 热门推荐: Pemburu Airdrop Analisis data Selebriti Kripto Detektor Perangkap Bahasa Indonesia English 繁體中文 简体中文 日本語 Tiếng Việt العربية 한국어 हिन्दी اردو Русский Bahasa Indonesia

智能索引记录