Not even on the last day of the year did the scammers take time off. In just six hours, a new cryptocurrency called YEAR was launched on the market, saw its price soar and soon collapse after the project’s developers applied a R$620,000 rug pull.
The cryptocurrency was created by EtherWrapped, a website that allowed users to view their transaction history with Ethereum and NFTs by connecting their Metamask wallet to the website.
The platform would then display your wallet stats and calculate a symbolic reward in the form of a YEAR token. The problem was that inside the contract intelligent of the token, there was a malicious line of code that prevented its sale in the market.
As no one could sell, the asset’s price skyrocketed artificially. The high jumped in the eyes of many users who decided to join the project, not knowing it was a honeypot scam.
In a few hours, the scammers who placed YEAR on the market liquidated their positions, earning around R$ 620,000 in the process.
how the coup happened
On Twitter, the user @cat5749 he said that when the project came out, several community members analyzed the code for something malicious, but found nothing. “At first glance, this contract is very small. I and others examined and found no red flags,” he explained.
Among the problems the community often looks for in contracts are: Can this contract drain your coins? Can you steal your NFTs? Can you do other malicious things?
The problem was with the ‘_burnMechanism’ function, which looked innocent at first. “What the others and I have lost is how someone can use this as a weapon for evil,” explained the developer.
A few hours after the token was released, the contract creator called the role and set its new owner to the Uniswap V2 contract address, an action that stopped the sale of the token on DEX.
“With that, the contract evolved into a honeypot where people could only make purchases, but not any type of sale. This meant that on a DEX chart, people would just see the candles going up and would induce the FOMO to buy more before the price went up any further,” reports the user.
The final blow came about half an hour later, when the scammer behind the contract stripped Uniswap V2 of liquidity, draining a pool of more than 30 ETH (BRL 620,000) in various transactions and driving the currency price to zero.
“I know we’re all going to get better at spotting these bad actors in the future. Web3 depends on it. Let’s take what we’ve learned here and improve it”, concluded the user.