Counterfeit money attacks the cryptocurrency world: How to prevent it effectively?

Text | Hoho

Editor | Wen Dao

In the past month, EOS, HT and other currencies have been counterfeited. According to people from blockchain security companies, almost all mainstream currencies in the cryptocurrency circle have counterfeit coins.

Counterfeiters can use smart contracts to issue fake tokens that are exactly the same as the token name, description, logo, etc. Exchanges, DApps, and individual users are all targeted by counterfeiters.

The only flaw is the difference in the contract addresses of real and fake coins, but this is still a threshold that is not easy to identify for ordinary coin holders. Fake tokens often take away the victims' real assets.

As fake tokens flow into the cryptocurrency world and become more rampant, the issue of asset security undoubtedly deserves attention.

Gao Ziyang, co-founder of Chengdu Lian'an Technology, said that using well-known browsers to view on-chain transactions and pay attention to the status of tokens can effectively prevent counterfeit coins.

At 14:20 on June 21, Beosin Chengdu Chain Security issued a security warning that a user with the account name "larry5555555" issued 1 billion "fake EOS coins" and distributed them to several small accounts. It is estimated that the book value of the counterfeit digital currency exceeds 40 billion yuan.

After discovering a large number of fake EOS, Chengdu Lian'an quickly reminded the project party to take emergency measures and early warning preparations, and if necessary, find a security company to conduct a code audit to avoid damage to user assets.

Fortunately, as of press time, no blockchain project or exchange has been affected by this counterfeit currency incident.

This is the second counterfeit currency incident since June. Just one day before the EOS counterfeit currency warning appeared, HT also had a counterfeit incident, and some users suffered asset losses as a result.

On June 20, digital asset tracking platform CoinHunter detected that a scammer claimed that ETH could be exchanged for "HT" at a ratio of 1:177, luring novice users to transfer ETH into the scammer's account. This so-called "HT" is just a fake token privately issued by the scammer.

HT is a universal point issued by Huobi based on the Ethereum public chain. Huobi data shows that the exchange ratio of ETH and HT is approximately 1:78, which is much lower than the 1:177 claimed by the counterfeiters.

The exchange ratio of ETH to HT is about 1:78

According to CoinHunter, by luring users who are greedy for bargains, the counterfeiters have successfully obtained a total of 969 ETH, with a market value of over 2 million yuan. A single user was defrauded of up to 885 ETH.

From the two counterfeit currency incidents, it can be seen that the purpose of counterfeiting is to replace real currency. According to previous cases, the target of counterfeiters is not only ordinary novice currency holders, but even some public chains. DApps built on public chains have also become places for replacing counterfeit currency.

On April 12, the Tron DApp Tronbank suffered a counterfeit currency attack. It mistakenly identified the worthless tokens issued by the attacker as BTT tokens worth 850,000 yuan, causing huge losses.

The Chengdu Lian'an team analyzed that the main reason for the counterfeit currency incident was that the Tronbank smart contract did not strictly verify the unique identifier of the token, which allowed the counterfeit currency to successfully flow into the account.

Gao Ziyang, co-founder of Chengdu Lian'an Technology, told Fengchao Finance that whether the counterfeit currency can be successfully cashed out mainly depends on whether the exchange or project party has strict verification logic for the token. "If the relevant party does not verify strictly, they may be deceived by counterfeit currency."

"In fact, as long as there is no restriction on the name of the coin issued by the public chain, there will be counterfeit coins." A technician from a decentralized exchange told Fengchao Finance, "The counterfeit coin attack and counterfeiting principles are basically the same."

Gao Ziyang cited the example of fake USDT on the market, "Currently, almost all public chains that have opened the coin issuance function can issue tokens with the same name. The main way is to issue personal tokens with the same name as the target currency and similar icons and other information."

Screenshot of the USDT counterfeit currency list

He provided a statistical chart of counterfeit USDT coins, of which 4 of the 5 counterfeit coins were directly named "USDT". In fact, USDT is a stablecoin launched by Tether, and its issuance and trading use the Omni (formerly Mastercoin) protocol. "The real USDT on the Omni protocol is actually called TetherUS."

USDT’s True Identity on the Omni Protocol

Open the block browser of public chains such as EOS, Ethereum, and TRON. If you search for well-known projects such as BNB and OKB, it is not difficult to find that tokens with the same name are widely available.

Gao Ziyang said that the emergence of counterfeit coins is not due to loopholes in the above-mentioned public chains or tokens themselves. "Issuing tokens with the same name is a legitimate business scenario for major public chains. Although some attackers have maliciously exploited this business, there is nothing wrong with the token issuance mechanism itself. It's just that we need to raise our security awareness and make careful judgments when using tokens to avoid being deceived and suffering losses."

Take the EOS public chain as an example. Since the smart contract of the EOS public chain does not restrict the uniqueness of the token name, anyone can issue a token named EOS. A decentralized exchange told Fengchao Finance that the only way to distinguish true and false tokens is to determine the issuing entity of the currency contract, that is, the EOS account that issued the token.

According to an exchange practitioner, the only distinguishing point of tokens issued through smart contracts is the contract address. Other information such as token name, description, interface, etc. are all internal contents of the smart contract and are not restricted.

The above-mentioned person believes that "the low cost of counterfeiting and low user awareness are the fundamental reasons why counterfeit coins are rampant. For individual users, counterfeiters usually use proxy investment, arbitrage, quantitative trading, low-price exchange and other methods to defraud investors of real coins."

Exchanges and project parties can use technical means to distinguish between real and fake currencies, but for novice users, how should they guard against these counterfeit currencies?

A decentralized exchange told Fengchao Finance that users who have just entered the cryptocurrency circle often do not have the ability to distinguish between real and fake coins. Therefore, it is best to conduct OTC transfers and transactions through reliable channels, and do not choose to trade directly with individuals or operate on third-party platforms with insufficient credibility.

For cryptocurrency users with some trading experience, Gao Ziyang recommends using a well-known browser to view on-chain transactions and pay attention to the status of tokens, "so that you can effectively prevent counterfeit coins."

If you really can't tell the difference between the real and fake, the SlowMist security team suggests that you can recharge the assets in your digital wallet to the exchange to see if the recharge is successful. Fake digital assets will not be credited to the exchange. Users can also verify with the official token personnel, "but anyone with an exchange or wallet logo avatar is not necessarily a real official, so when verifying, be sure to find the official channel."

Have you ever encountered a counterfeit currency scam?

Source: Official Account: Fengchao Finance News