Scammers carefully track wallets associated with the original token, create similar-looking addresses, and execute fake transactions to deceive users into sending their real tokens to the scammer's controlled address.
The scammers' ultimate goal is to deceive users into inadvertently sending their real tokens to the scammer's address, mistaking it for the original recipient's address.
They exploit the user's familiarity with the transaction process and the auto-suggestion features of wallets, leading to a higher likelihood of erroneous transfers.
Let's take a closer look at a legitimate transaction and its corresponding fraudulent transaction to highlight the key differences and raise awareness about this deceptive scheme.
Please note that the address used in the example is randomly selected and is a victim of an active scam.
It is important to clarify that this address is not associated with Tres or its customers in any manner.
As an anecdote, we have seen that more than 40% of our customers have been targeted with this scam, which is more common than what you might think.
In the legitimate transaction screenshot (as seen below), you'll notice that it displays accurate information. The recipient's name is visible since it has been previously configured in the user's address book.
Additionally, its corresponding fiat value is displayed. This transparency provides users with confidence in the authenticity of the transaction.
In contrast, the fraudulent transaction screenshot reveals distinct disparities when compared to the legitimate transaction. It is important to note that the scam transaction is automatically marked with the "spam asset" tag by Tres, and transactions labeled as "spam asset" are hidden by default from the ledger page.
Furthermore, it is important to note that the recipient address in the fraudulent transaction is not listed in the user's address book. As a result, it is displayed as a raw address without a familiar name attached to it.
This absence of a recognized recipient name should immediately raise suspicion and caution during the verification process.
Unlike the legitimate transaction, the fraudulent transaction does not include a fiat value for the tokens being transferred. This absence of a fiat value serves as an important indicator that the transaction is associated with the fake token rather than the legitimate one.
It is crucial to note that relying solely on the symbol of the asset can be misleading when determining the authenticity of a transaction.
Instead, placing emphasis on the contract address, which serves as a unique identifier for the legitimate asset, is vital for accurate verification.
In addition to these discrepancies, another notable difference in the fraudulent transaction is the absence of a gas fee. This is because the user isn't the one initiating the transaction.
In typical blockchain transactions, users are required to pay a gas fee to cover the cost of executing the transaction. The absence of a gas fee further indicates that this transaction is part of the scammer's fraudulent activity.
We have created a table that provides a concise overview of the disparities between a legitimate transaction and a fraudulent one.
On platforms like Etherscan, the fraudulent transaction will appear above the original transaction which makes it “easier” to find and copy. It's important to note that this transaction won't bear any warning regarding the authenticity of the asset. A typical user will not notice the scam if they don’'t invest an extra 5-10 minutes looking into the transaction and verifying the address.
When creating new transactions, companies relying on Etherescan as their address repository put themselves under risk of sending their tokens to scammers.
On platforms like Etherscan, users searching for an address they interacted with may find the scammer's address listed before the legitimate one. The fraudulent transaction appears above the original transaction, without any warning about the authenticity of the assets involved. This underscores the importance of exercising caution and carefully verifying transaction details before proceeding with additional funds transfers.
In conclusion, the ERC20 impersonation scam is a complex scheme where scammers create fake tokens to deceive users into sending their real tokens to scammer-controlled addresses.
To safeguard your digital assets, it is crucial to stay vigilant, exercise caution during address verification, and stay informed.
When using the Tres Finance platform which is the Web3 financial data lake enabling finance teams to manage all their digital asset data for accounting, reporting and audit, you will be able to trust our data without any extra work.
Besides the financial applications, Tres has proprietary technology labeling transactions as scam/spam and reading the smart contracts involved.
The key indicators, as mentioned in the blog post earlier, are all visible while using Tres finance and are safeguarding your financial perimeter on the data level.
This article was also mentioned in our interview for CoinTelegraph