Probality you will be rug pulled on your defi investment are.

in #leofinance3 years ago

Have you ever been the victim of a rug pull? or inadvertently granted some Dapp permission to spend an unlimited number of tokens from your wallet? I have, and I believe the rug pull I am currently experiencing is the worst type of rug pull. The person who pulled it also managed to squeeze a lot of other people, not just me. And the last time I checked, the address had accumulated almost 17 bnb (that equal to almost 5k usdt at that time.)

rug pull.jpeg

To get all the above information and more about that address, I only need to go to blockchain explorer.
According to Google, this type of rug pull or'scam' is known as a sweeper bot. People frequently get it by providing their password to a phishing site or a fake app impersonating Metamask or something similar, which required the user to enter their password.
While I'm not that care free to as to give my keywords away,but in another way of being careless,that is to obtain the bot when i try to build a smart contract for flash loan arbitrage which I learn on the internet.
It was a copy and paste smart contract,you must think it was so obvious right?dont ask,I don't know how I could fall for such obvious scam,but it's okay, its not only me,theres dozen others .

Never mind how much money I have wasted funding the contract over and over. The most significant loss is the other assets contained within the wallet, which include stake tokens and some gaming accounts tied with the address associated with the smart contracts. At the time, I recall approving unlimited bnb for the contract. What I don't realize is how much of a fool I am.

after failed executed the first time, i still not realize it was a scam because there is a remark to debug failed executions that stated like this :

Don't be worried if you fail. Because gas prices were high during the peak period, you simply need to try again with a larger amount of bnb funds.


but the on failing the second attempt is like flipping a switch in my head that make suddenly realize that chance of me have fallen to some clever scheme to steal bnb from other people and turned up it was so true,(what i dont know is there much more of this later on).the sweeper bot does not set to operate immideately,it just after some times it will start to steal bnb from victim adress.maybe the scammer thought this way it was harder to traces the source of the deployed bot.and i say it worked,regular crypto user would have a hard time tracing the bot back to it original contract.whats more,recently i have figured that the scammer can modify the code is the contract anytime and that makes the bot send the token to different adress he want.


photocollage_2022511131046475.jpg

scammer bsc adress 1
photocollage_202251113937784.jpg
scammer bsc adress 2


photocollage_2022516183745647.jpg

some screenshots of the case

And this was one of those instances when you questioned how you had been so foolish. I've had a number of those instances in my life, and I pray they don't happen again.

What is sweeper bot?

Simple, and just enough to render all of my tokens useless.
The bot comprises smartcontract code.
Sweeper bot code working by constantly monitor any incoming transcation to the victim wallet address, and if it was the selected token, the bot will simultaneously send the token to another third-party wallet address,the operation is done almost instantly therefore it is impossible for human interactions.

The bot is going to ensure that there wont be any token be left out, even dust of bnb will unaccounted to be sent. As a result, any action that required a gas fee, such as token swap and withdraw, is out of the question.

So, in sheer panic, I tried to revoke of which permission I had granted. I’m using my browser to accomplish this and have navigated to revoke. Access. These are some sites that providing revoking token access. You would want doing some checking about what site has access to spending token in your wallet.
Actually, it was the thought of revoking access that gave me the idea to writing this article there some people who might be unaware that there is a tool online for revoking permission, and if by any chance someone needed to do revoking or simply wanted to checking the spend limit that have been approved.

Key Takeaways

1.Though revoking access is not applicable to me because I will need some bnb in my wallet to pay for the gas fee.and because the bnb is a sole gas token for BSC,it was imposible for me to do any external action on that wallet.

2.most rug pull scheme are not severe like what im experienced in this article and usualy can be resolve by simply by revoking any unlimited token spend that you have given acces

3.Even you doesnt have problem like token in wallet missing or anything like it, doesnt mean you doesnt have to check and review token spend limit for your wallet. everyone should do it every once in a while.and if there any unlimited spend you should change it,for your wallet safety "unlimited" is dangerous,believe me.

4.Most importantly is DYOR; defi site,dex or anything that risking your money should be secure and can be trusted.I know i a though job,and for that here i present to you Rugdoc , this web3 website is just the perfect tools to do the job,and it was completely free too.believe me if you got crypto,you sure will want to look into this tool.it was a multichain web3 tools that keep track of most defi,token or any project out there and give their reference for them.and if you an owner of some defi app or staking farm you can list your dapp here for people to look into and gain confidence to investing into it.
(by the way,i have try input keyword like polycub and leodex ,but it doesnt return any result.It just my opinion,but from what i see,in the future, investors will likely will count on tools like this to give them some thought about what they are gonna putting their money into.)

Because crypto laws aren't fully regulated, I'm not sure if anyone will try to catch the scammer and return all of the bnb stolen to their rightful owner. I really don't understand how someone could carry out the scheme with all of the money displayed on the public blockchain and still enjoy the money freely. someone should do something to stop it.


Last words

As for me, I've lost some good investments because I can't take them out of defi because I'll need some for gas.
I could only login and see my investment growth day by day until now, with no way to harvest it.
However,there actually

That's all for now; I hope this article was useful whoever whos reading it.Im wishing all good Hive people a nice day today and tommorow and also the upcoming,lastly, Don't forget to leave your thoughts in the commennts section below.Thanks and until next time folks.

Some Useful links for your defi needs:

images.jpeg

  1. Revoke.cash using this site is pretty simple, just connect your wallet then it will automatically check all the permission and list then straight away.
  2. Bsc explorer this is for binance smart chain.but I've learn polygon and Ethereum explorer also have the similar feature.on bsc explorer you only have to navigate to more -> tools -> token approval; this link directly takes you to token approval tool of Binance Smart Chain, there similar tools on eth and polygon explorer as far as i know.
    3.[Zapper.fi](https://zapper.fi/revoke?utm_source=zapper_learn); another defi that offering tools to check and revoke access to your wallet.
    4.rabby;Rabby is a browser extension for chrome similar like metamask but with all the features you can ever want for crypto wallet include revoking tools,site access,swap,dapps browser

IMG_20220516_214058.jpg

  1. Extra : rugdoc;web tool that tracking dozens of defi project and checking their code for any potential exploits on their smart
    contract codes,audits and so much more.this is good for anyone who's doesn't have time to DYOR.this site do that for you.
  2. CoinDIX
    0_dynmp7m3rx08dkug.jpeg
    ; CoinDIX is a website that tracks literally thousands of DeFi vaults and lists all of the results in one place. According to their website.CoinDIX is currently monitoring over $116 Billion, more than 8000 vaults, 41 protocols, and 22 chains.

Written using Redmi 9T by :

k75bsZMwYNu2L3iBMXq5y7xeiy1isFJsZxnMZSXuXEsxe4ee1cUkGyPMyvsFEjsqMqWDCPiY5WE7trDYFgz7QN6TaR57vaYnXsZMWgwnWpHDvumVBuL1KahduicRvbqmxeage4weKwS3zhkcGSXz5968nyJRHLQkv (1).png

*Image source from google and screenshot.




Sort:  

Congratulations @owlyfarm! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s):

You distributed more than 10 upvotes.
Your next target is to reach 50 upvotes.
You received more than 50 upvotes.
Your next target is to reach 100 upvotes.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

To support your work, I also upvoted your post!

Check out the last post from @hivebuzz:

Hive Power Up Month - Feedback from May - Day 15
Support the HiveBuzz project. Vote for our proposal!