温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.bee.com/ru/27151.html
点击访问原文链接

Safe investment starts here: DeFi staking fraud prevention guide | Bee Network

进入原网站 导航首页
Safe investment starts here: DeFi staking fraud prevention guide | Bee Network Login Актуальные новости Запуск мемов Агенты искусственного интеллекта DeSci TopChainExplorer Для Ньюби 100-кратное количество монет Игра "Пчелка Основные веб-сайты Must-Have APP Криптознаменитости DePIN Новички насущные Детектор-ловушка Основные инструменты Продвинутые веб-сайты Обмен Инструменты NFT Привет, Выйти Вселенная Web3 Игры DApp Пчелиный улей Растущая платформа AD Поиск Английский язык Монеты для пополнения запасов Вход в систему Скачать Web3 Uni Игры DApp Пчелиный улей AD домАнализ•Основной текст Safe investment starts here: DeFi staking fraud prevention guideАнализ1 год назад (2024)releasedУайатт 40 4481 2

Hash ( SHA1 ) of this article: 14f211363c25423b3eb2472ade8865dc95a14513

Code: PandaLY Anti-Fraud Guide No.001

I believe that friends who follow us at Lianyuan Technology must have a certain understanding of DeFi. Indeed, in some cases, participating in the staking of DeFi platforms, especially the common USDT staking, can indeed bring lucrative returns. However, along with opportunities come various scams. Many criminals take advantage of investors lack of understanding of blockchain technology and project details to design a series of traps. A common method is to attract you to pledge investment on unknown DeFi platforms under the banner of higher yield than xxx platform, and these platforms often use the return rate far exceeding that of traditional DeFi platforms or exchanges as bait. When they have defrauded enough funds, they will run away with the money, leaving investors with nothing.

In order to help everyone avoid such scams, today we will combine a typical DeFi scam case that occurred recently to deeply analyze the routines and operating methods. At the same time, we will also provide you with some practical prevention tips to help you better identify potential risks and protect your assets when participating in DeFi projects.

What is DeFi staking?

DeFi staking is a common method in the field of decentralized finance (DeFi), where users can lock their crypto assets in smart contracts, participate in network operation and maintenance or provide liquidity, and receive corresponding returns. This process is similar to a bank time deposit, where users temporarily lock their assets in exchange for interest or other rewards.

DeFi staking usually takes the following forms:

Proof of Stake (PoS): In some blockchain networks based on the PoS mechanism, users can stake a certain amount of cryptocurrency to participate in block verification and network maintenance. The more the amount staked, the greater the chance of obtaining verification, and users can also obtain a certain proportion of block rewards.

Liquidity mining: Users deposit their crypto assets into decentralized exchanges or liquidity pools to provide liquidity and facilitate smooth transactions. In return, users can receive a certain percentage of the handling fee income or the platforms native token rewards.

Lending and pledging: Users can pledge crypto assets to decentralized lending platforms, use them as collateral to borrow another asset, and earn interest on the pledge. In this process, users pledged assets will still generate income, but they can use the borrowed funds for other operations.

At present, liquidity mining is the most common DeFi project, so today we will mainly talk about liquidity mining.

Liquidity Mining Scam

Recently, we encountered an enthusiastic user who reported a DeFi website called ve.finance to us. The original words of the reporting user are as follows:

I am a victim of the ve.finance scam. The contract address of VE is

https://etherscan.io/address/0xdaef06a5fbf22cc67e521f937ab2a8e687558d74#code and has been successfully marked as a scam. But I discovered that they have opened a new website:

https://ethnano.com/,the contract address is:

https://etherscan.io/address/0xb53653f74c9ba313f764e7404bfeffab3500d25c.

Their website design, the API used, and the CODE of the contract are all exactly the same. I still havent seen any scam tags. I hope this will reduce the number of victims joining the scam.

To put it simply, users encountered a fraudulent website under the name of discounted pledge. This website did not conduct phishing through various authorizations, but instead tripped up users through the smart contracts used in pledge. In addition, the webpage frequently changed the domain name, so that victims might not be able to find the previous website after being deceived.

When we open the page according to the URL given by the user, MetaMask directly blocks us from opening the website and pops up a warning that the website is a high-risk website, but who are we? We are the ruthless people who ignore the risks and continue to install. Click to continue to visit the website, and we come to the pledge scam website interface shown in the figure below.

We clicked on the first smart contract address reported by the user, 0xdaef06a5fbf22cc67e521f937ab2a8e687558d74

After analysis, we found that this nasty scammer set the super users account address in the smart contract. And set a function:

function adminSendEth(address payable destination, uint amount) public onlyAdmin {

destination.transfer(amount);

}

What does this function mean? First of all, the function name is adminSendEth, which means that only I, the super user, can send this function. Then we turn our attention to onlyAdmin, which means that only I, the super user, can call this function.

So what does this function mean? It is very simple, it directly transfers the balance amount I specify to the account address address I specify.

After users pledge their money through this smart contract, scammers can directly transfer the money pledged at the smart contract address. When users check the smart contract and find that there is no money in the smart contract account, they realize that they have been cheated.

Then we click on another contract provided by this enthusiastic user: 0xb53653f74c9ba313f764e7404bfeffab3500d25c

The difference between this contract and the previous one is that it contains a function named Exchange. The specific implementation code of the function is as follows:

function Exchange(address user) external onlyOwner {

require(!_blacklisted[user],User is already blacklisted.);

_blacklisted [user] = true;

emit Blacklisted (user);

}

The name of this function is conversion, and the content implemented in it is also very simple. As long as you are not in my blacklist, I will put you in the blacklist. If you are in the blacklist, oh~ then you just stay there~

So once you stake in this contract, this function will be called automatically and you will be thrown into a small dark room, and you won’t be able to get a penny out.

Scam Prevention

So how to prevent DeFi staking scams?

1. Review project official website

The first step is to make sure the website we are visiting is legal and safe:

SSL certificate: Remember that any legitimate website should have an SSL certificate and make sure the website starts with https. SSL certificates can encrypt communications between users and websites to prevent information leaks and phishing attacks. If you see a DeFi staking platform without an SSL certificate or starting with http, leave immediately to avoid risks.

Team transparency: A credible project must have an open and transparent team background. We can find information about the project team on various social media, such as Twitter, to ensure that they have public social media and can trace the projects they have participated in in the past.

Website: If the project team is reliable, we can look for the relevant website of their pledge on their official social media. Remember, do not click on the website that is not officially endorsed, as it may be a counterfeit phishing website.

Unreasonable promises: When a staking project promises “high returns” or “zero risk”, it is most likely a scam and we need to be vigilant.

Exchanges: Binance, EURUSD and other leading exchanges all have their own corresponding pledge investment products. We don’t have to go to some unknown small platforms. Although the returns may not be that considerable, the security is definitely guaranteed.

2. Check the Smart Contract

I believe that after reading the above cases, we will find that smart contracts are the core of staking projects, and any malicious code will cause funds to be unable to be retrieved. Therefore, it is important to carefully review:

Contract audit: Use a blockchain browser (such as Etherscan) to check whether the projects smart contract has been audited by a third party. We can check whether the project contract has been audited by an authoritative auditing agency (such as CertiK, OpenZeppelin). The audit report will reveal whether there are security vulnerabilities and potential risks in the contract.

Code details: If you have a certain level of coding skills, please be sure to review whether there are backdoors (blacklist, whitelist, etc.) in the contract code, as well as terms such as lock-up period and withdrawal restrictions to ensure the security of funds. Of course, if you don’t understand the code, you can copy the code to GPT or other AI and ask them, and they will give you the correct answer.

Be careful with authorization: When you interact with a staking project, the smart contract will ask you to authorize access to your wallet. Be careful with unlimited authorization. If you grant unlimited permissions, malicious contracts may transfer your funds at any time.

3. Community Verification

Joining the project’s community is also an important way to verify the authenticity and popularity of the project, because it is likely that the Twitter account’s followers are fake:

Social discussion: You can join official communities such as Telegram and Discord to check out the chat history and atmosphere of the community and understand the reputation of the project. If everyone in a community is bragging or showing off their own profits, it is likely to be a scam project. Members of a good community communicate very objectively.

Be wary of private promotion: If a project is only promoted in private groups or is not open and transparent, there may be risks. Be sure to pay attention to projects where teachers make money and one-on-one projects. Projects that only rely on word of mouth to attract people are definitely not good projects.

IV. Liquidity and transparency

Next is the advanced part. Generally speaking, the liquidity and transparency of the project pool are key indicators for evaluating the security of the project:

Liquidity pool lock: Liquidity pool provides the basic fund pool for projects to trade. You can check whether the liquidity pool of the pledged project has been locked through the blockchain browser. Liquidity lock means that the project party cannot withdraw or transfer funds at will to prevent malicious running away. If the liquidity pool is not locked, the project party may withdraw funds at any time, resulting in the situation where users cannot withdraw pledged assets.

Sufficient liquidity: The larger the liquidity pool, the smaller the slippage (price difference) when users trade assets, and the easier it is to withdraw funds. Check the depth and adequacy of the liquidity pool to ensure that there is enough funds in the pool to meet users staking and withdrawal needs. Projects with insufficient liquidity may result in the inability to withdraw funds smoothly.

On-chain transparency: The transparency of a projects funds is an important factor in determining its credibility. You can use blockchain browsers (such as Etherscan, BscScan, etc.) to track the flow of project funds and check whether funds are withdrawn on a large scale or concentrated in a few addresses. In addition, you can set up a monitoring wallet to automatically track the flow of key project funds and receive timely reminders. This measure can help you detect any suspicious fund operations in advance and avoid becoming a victim of a scam.

Conclusion

In general, although DeFi staking projects seem to be full of opportunities, the risks cannot be ignored. In particular, many novice friends may be attracted by high returns and ignore the security of the project itself. We have seen too many similar scams, from fake websites, malicious smart contracts to community order-swiping, with various means. Therefore, everyone must do their homework when staking, from reviewing the projects official website, checking smart contracts, observing community activity, to analyzing capital liquidity, each step is very important.

The blockchain world is decentralized. Because of this, the security of personal funds depends more on ones own judgment and prudence. Dont be blinded by the so-called high returns. Projects that often promise zero risk and guaranteed returns often have hidden risks behind them. Security is always more important than high returns. This is the most important thing we should remember in DeFi staking.

Through todays sharing, we hope to make everyone more rational and cautious in the future staking process. Whether you are a novice to DeFi or an experienced veteran, pay more attention to the transparency and security of the project to avoid falling into the trap of scams due to negligence. If you have any questions or concerns, you can always leave a message to discuss. We are very happy to help you better protect your assets! After all, in this decentralized world, learning together and helping each other is the most secure investment strategy!

Lianyuan Technology is a company focused on blockchain security. Our core work includes blockchain security research, on-chain data analysis, and asset and contract vulnerability rescue. We have successfully recovered many stolen digital assets for individuals and institutions. At the same time, we are committed to providing project security analysis reports, on-chain traceability, and technical consulting/support services to industry organizations.

Thank you for your reading. We will continue to focus on and share blockchain security content.

This article is sourced from the internet: Safe investment starts here: DeFi staking fraud prevention guide

Related: Foresight Ventures: Intent Asset, the entry point for large-scale application of Web3 assets Original author: Mike@Foresight Ventures The revolution of idle assets In 2013, Alibabas Yuebao was launched, bringing asset management into a new era. Before that, it was difficult for ordinary users to find a safe and efficient way to manage their idle funds. Banks current deposit interest rates were low, and financial products were complicated and difficult to understand. The birth of Yuebao changed everything. The birth of Yuebao It was an era when Internet finance had just emerged. The Alipay team realized that users often had some idle funds in their payment accounts. If these funds could be invested, it would not only bring benefits to users, but also improve user experience. So they jointly launched a product called Yuebao with Tianhong Fund. Yuebao is easy to use. Users only…

Анализ #Токен #© Copyright NoticeМассив Pre Farcaster Top 100 Celebrities: Building a High-Quality Feed Next Лучшие способы купить биткоин и что с ним делать Related articles Circle IPO: The “ChatGPT” Moment for Stablecoins and On-Chain Finance 6086cf14eb90bc67ca4fc62b 30 420 4 Bull market “pin”: is it a crisis or a good opportunity to buy at the bottom? 6086cf14eb90bc67ca4fc62b 18 036 1 Stablecoin public chain: competition and opportunities for the next generation of encrypted payment network 6086cf14eb90bc67ca4fc62b 19 682 24-Hour Hot Coins and News | Jack Ma indirectly holds ETH; Trump delivers live speech, dispelling rumors of critical ill 6086cf14eb90bc67ca4fc62b 23 301 Gonka mainnet officially launched, ushering in a new era of AI computing power 6086cf14eb90bc67ca4fc62b 25 378 2 The market remains volatile, and the BNB Chain Meme craze is rising|Frontier Lab Crypto Market Weekly Report 6086cf14eb90bc67ca4fc62b 37 668 4 1 комментарий Вы должны войти в систему, чтобы оставить комментарий! Немедленно войдите в систему #BeelieverTYRDVMI Гость “If you’ve lost money fraudulently to any company, broker, or account manager and want to retrieve it, contact www.Bsbforensic.com They helped me recover my funds!”

12 месяцев назад Bee.com Крупнейший в мире портал Web3. Партнеры CoinCarp Binance CoinMarketCap CoinGecko Coinlive Доспехи Загрузите приложение Bee Network APP и начните путешествие по web3 Белая книга Роли ЧАСТО ЗАДАВАЕМЫЕ ВОПРОСЫ © 2021-2026. Все права защищены. Политика конфиденциальности | Условия предоставления услуг Скачать приложение Bee Network APP и начните путешествие по web3 Крупнейший в мире портал Web3 Партнеры CoinCarp Binance CoinMarketCap CoinGecko Coinlive Armors Белая книга Роли ЧАСТО ЗАДАВАЕМЫЕ ВОПРОСЫ © 2021-2026. Все права защищены. Политика конфиденциальности | Условия предоставления услуг Поиск ПоискInSiteOnChainСоциальнаяНовости Hot to you: Охотники за воздухом Анализ данных Криптознаменитости Детектор-ловушка Русский English 繁體中文 简体中文 日本語 Tiếng Việt العربية 한국어 Bahasa Indonesia हिन्दी اردو Русский

智能索引记录