Yield chasers in search of the next “DeFi gem” are falling victim to elaborate scams with rogue actors on the prowl, using cleverly devised malicious contract codes to steal funds.
From “rug pulls” to outright absconding with presale funds, the activities of DeFi scammers are threatening to overshadow the novel developments in the emerging crypto market niche.
DeFi Farming Hopeful Loses 36,000 UNI Tokens
Tweeting on Oct. 5, Alex Manuskin, a researcher at crypto keyless wallet maker ZenGo, revealed that an anonymous “Chad” with the moniker Jhon Doe unknowingly lost UNI tokens worth $140K. This loss came as a result of Doe’s participation in a fraudulent yield farming project.
The anonymous yield chaser seeking to leverage on the yield farming hype decided to put some of his UNI tokens in UniCats, a new DeFi scheme. The project allows investors to farm its MEOW tokens, after which they can withdraw their tokens.
And That’s Where Things Went Wrong
However, events took a left turn for the would-be-Chad as malicious codes in the project’s contract allowed the dev to withdraw the victim’s UNI tokens. This theft was possible because of an earlier approval grant by Doe for the project to spend an unlimited number of UNI tokens.
Commenting on the enormity of the error, Manuskin remarked:
“What Jhon doesn’t know is that once you approved the contract to use ∞ tokens, the contract can take their tokens at any time. Even after they were withdrawn from the farming scheme.”
The rogue dev reportedly siphoned 36,000 UNI tokens in two separate heists bringing the rogue actor’s loot to about $140,000. According to Manuskin, the scammer is a regular token thief who often creates phony farming protocols to fool unsuspecting yield chasers. Apart from fishing for new victims, the UniCat con artist is also reportedly using Tornado Cash, a crypto mixer, to obscure fund transfers.
Jhon Doe’s case is one of the many fraudulent actors taking advantage of the DeFi craze. Most DeFi projects turn out to be pump and dump schemes. As reported by CryptoPotato in September, DeFi projects HOTDOG, and PIzza saw their values skyrocket before becoming worthless within minutes.