Besides passionate developers and sophisticated "yield farmers," the overhyped segment of decentralized finances (DeFis) is attracting numerous scammers. A number of DeFi scams have been exposed by eagle-eyed experts.
Check your funds, yield farmers
Today, Aug. 28, top-notch Ethereum developer and inventor of Yearn.Finance (YFI) protocol, Andre Cronje, has confirmed that one DeFi protocol is attempting to steal users' funds. He also showcased the emergency design that will help users withdraw their investments properly.
I've confirmed this is accurate. They are approving your funds to themselves, they are currently using transferFrom to take funds from users. Please revoke approvals, withdrawing your funds is not sufficient. https://t.co/ckPqcZASgK <- to revoke https://t.co/owbEBG4b1o— Andre Cronje (@AndreCronjeTech) August 28, 2020
According to the thread, the engineers in question have assigned approval power to one Ethereum address in the protocol. It allowed them to take control of users' funds with the "transferFrom" instrument. With this feature implemented, simple funds withdrawal is not sufficient anymore.
Mr. Cronje highlighted that all victims of this attack should use a tool that will allow them to revoke approvals of Ethereum transactions. Also, Nik Kunkel of Maker DAO released a manual for tech savvy users on how to use the "decreaseApproval" command to resist this attack.
At the same time, an anonymous crypto enthusiast who goes by @ElCryptoNoob on Twitter has checked the team members of another decentralized lending/borrowing instrument. He stated that all images are generated automatically with AI-powered tools.
$DLT Just a kindly warning:— Johan CryptoFURY (@ElCryptoNoob) August 26, 2020
do not send a penny in the @defi_loans $DLT pre-sale,
it's an obvious SCAM, with for example some AI generated photos used for the team, from https://t.co/1P3aalgvH6
Many other red flags, but I like this one.
G'night ! pic.twitter.com/z750kauPIA
Thus, both the protocol and its token offering represent blatant identity fraud. Also, its GitHub page was created two days ago, so the code may be plagiarized.
Have fun, not scam
However, some developers with high-end expertise and a sense of humor decided to mock both scammers and greedy "yield farmers." They released Scammet, a scam-by-design protocol that is built on the top of the Polkadot (DOT) blockchain.
This protocol claims it utilizes the DOGE-DOT perpetual contract. It has announced a Scammet (SCAM) tokensale. Speaking of the utility of SCAM coin, the engineers have stressed three steps for getting rich with Scammet:
Sell on Uniswap for a higher price. Provide liquidity to earn more SCAMs. Wait until SCAM becomes viral and gets listed in Binance.
Scammet developers emphasize that they are acting just like all other DeFi protocols. Their code is partially copied from Compound and Synthetix and underwent no security audit.