Crypto heist: From Poly network to Squid token

The attack on the Mt Gox crypto exchange was one of the first major hacking events seen in the cryptoverse. It exposed the vulnerabilities of crypto currency trading, because Mt Gox’s source code was unprotected and could be easily overwritten. Mt Gox was, at the time, the biggest crypto exchange in the world. It suffered two major attacks , once in 2011, and a larger one in 2014, where more than $615 million worth of Bitcoins were stolen by flooding the platform with fake coins.

Since then, several other exchanges such as KuCoin, UpBit and Zaif, to name a few, have been hit with major thefts. The Binance platform is one of the most widely used and trusted exchanges in the world. However, in 2019, it too fell victim to an attack by hackers who stole assets worth up to $40 million from its hot wallet, along with other sensitive information and APIs. Over the years, as developments have picked up pace in the sphere of blockchain technology, hackers have adapted newer and more sophisticated ways to infiltrate seemingly secure networks, posing security concerns to crypto investors all over the world. The question of the security of one’s crypto wallet , is pressing and highly debatable today.

The recent “white hat” attack on Poly Network seems to be an attempt to highlight glitches in the blockchain technology being used in major DeFi projects today. The hacker(s) allegedly stole $610 million worth of assets from the platform, only to return more than half of the tokens alongside questions and answers attached as “comments” to the refund transactions. The hacker(s) used a loophole in the smart contract protocol used by the Poly Network which was going unnoticed by the network’s developers. The hacker(s) sent an internal blockchain command known as EthCrossChainManager to send a specialized message across one of the Poly Network’s blockchains - the Ontology blockchain, to transfer ownership of certain smart contracts, and consequently the cryptocurrencies underlying the contracts, to wallets under the control of the hacker(s).

The hacker(s) indicated in the transaction comments that the hack’s main objective was to bring to the public eye the vulnerabilities of the platform before an insider could exploit the loophole, unbeknownst to others. The hack was intended to be a learning experience for the developers of the network and those like it, and the hacker(s) hoped that the developers would benefit from it and take utmost care in securing the platform in the future, in a way that would be befitting to its reputation as a billion dollar project. Poly Network responded by offering a bounty of $5,00,000 to the hacker(s) and requesting their continued contribution as the network’s “chief security advisor”.  

While hacking attacks reinforce investor’s concerns regarding the integrity of their crypto investments, there are numerous ways to leverage the volatility of the speculative crypto investment market to conduct large scale price manipulation scams. The rise of shitcoins has made it difficult for investors to judge authentic, research backed utility tokens from hyper inflated tokens with no intrinsic value. Shitcoins derive their value from the popularity of the pop culture trope they are based on - be it memes, songs or TV shows. They have no utility features, and no longevity as a result. The hype surrounding shitcoins dies down quickly - and sends its worth crashing down as quickly as it upsurges. Sometimes, this hype is artificially created by the anonymous developers behind a shitcoin project, who plan on revoking the project as soon as it has received a large amount of funding from the investor market. The recent SQUID token scam drives this point home.

The SQUID token was based on the Korean TV show , Squid Games, which rose to popularity in late October of 2021. It was launched as a play-to-earn token on the trading platform PancakeSwap. A play-to-earn token can be purchased and used in game to earn other tokens, which can then be redeemed for other crypto or fiat currencies outside the game. SQUID was marketed by its developers as the token which will be used in a game based off of Squid Games. The game was claimed to be in the developmental stage. Because of SQUID’s apparent association with the popular Netflix show, its value surged by thousands, increasing by more than 83,000% , before suddenly plummeting to zero when the creators of the token encashed it in large masses, draining the liquidity from the exchange in an infamous scam move known as “rug pull”.

SQUID’s disaster was not entirely unforeseen. When it comes to shitcoins, there are a few red flags an investor can look out for to protect themselves from potential scams. SQUID, unfortunately, was waving red flags all over the place. For one, its website (which has conveniently shut down later) , as well as its whitepaper, were riddled with elementary grammatical and spelling errors. In order to artificially inflate the token’s market valuation, SQUID’s developers had made it much more difficult to sell the tokens than it was to buy them. Consequently more than 40,000 investors held squid tokens during its dramatic downfall. SQUID’s official twitter and telegram channels also remained shady and unresponsive to user queries. The SQUID incident is one of the many recent attempts by nefarious parties to hyper inflate and crash crypto markets to make humongous profits out of the market’s volatility.

The question now remains - can a scam-free environment exist in the block?

The generic answer is that no technology is foolproof. There will always be loopholes for people to exploit, no matter how technologically advanced a system of operation becomes. Our only safeguard against attacks is to constantly be on the lookout for bugs and to find them before a third party does - one that might not have the user’s best interest at heart. It is essentially a question of speed and efficiency of one side versus the other. We, as reasonable investors, also owe ourselves the duty of care. We need to exercise due diligence when interacting in crypto communities and trading in unregulated asset classes. There are always telltale signs to be conscious of before we make investment decisions.

The first tip is to always DYOR. Never, we repeat, never take information at face value. The internet is a wonderful resource for us to dig deep into any topic under the sun and find a myriad of resources on it. Our advice is to do through reading on popular topics to form your own understanding instead of going with the market’s flow. When looking at a crypto project to invest in, you should read its whitepaper thoroughly, an absence of which is a very strong indicator of a weak token. The founders of the project should be well known, and there should be a defined structure of holding them accountable in case of any loss to the investors. The project should be well researched and it should outline its objectives, plans and operational methods clearly.

However, if you are reading a blog on crypto scams - we are guessing you are already quite a bit down that rabbit hole. So maybe you can move on to the next tip.

Tip number two is - keep your private key private. Do not share it with anyone under any circumstances, or you risk compromising your wallet’s access to third parties. You might even consider storing your crypto assets in a cold wallet - one that is stored in a USB. Cold wallets come with their own risks, such as risk of damage or loss of the device, but they are generally considered safer than hot wallets because there is no possibility of hacking an offline device.

Tip three is to beware of phishing scams. Phishing is one of the most widely used ways of obtaining unauthorized sensitive information. However, it is also one of the easiest to detect and prevent with basic care and awareness. Always double check the authenticity of the links you are clicking on, or being redirected to, especially if the landing page required you to input sensitive information. Phishing links often copy authentic links and swap a few numbers and letters.

Tio number four is to exercise basic common sense. If it seems too good to be true - it probably is. Yes, even when it is crypto we are talking about. No matter how lucrative people consider cryptocurrency investments to be, they still require considerable market and investment knowledge, careful scrutiny of market trends and well calculated investment decisions in order to bear fruit. If you get an offer to earn quick and easy returns- it's most probably a scam looking to prey on people who have been falsely deluded into viewing crypto as a path to earn a quick buck. You should also be mindful of projects asking for upfront fee payments for no direct utility in return.

With these tricks up your sleeve, we hope you are better equipped in your crypto journey. The world of crypto currency is vast and boundless. It presents us with opportunities that can completely revolutionize the way we conduct our daily lives - be it banking, finance, gaming, entertainment, art or money. The very fiber of the internet, as we know, is on the verge of being restructured through blockchain technology. It would be a great setback to the innovative powers of technology if the masses are deterred from participating and experiencing the benefits of crypto due to the scams and hacking attacks that seem to plague the community.

However, crypto technology has advanced leaps and bounds since the launch of BitCoin in 2008. It is evident with the expansion of the cryptocurrency market that bona fide crypto enthusiasts and developers are ready to stay one vigilant step ahead of scammers to ensure the integrity of the cryptocurrency platforms.

Disclaimer : This article is intended for informational purposes only. While we try our best to verify the contents of  our articles, DeFy cannot guarantee that this article, or any information we sourced from third parties which has been included in this article, are free of error. This article should not be substituted for investment/ financial advice. Any actions taken based on information contained in this article are at your own risk. DeFy does not claim to endorse views presented in this article as our own.