• Hacken
  • Blog
  • Discover
  • Scam Alert: Fake MNW Token On Binance Smart Chain Created Via Advanced Phishing Technique

Scam Alert: Fake MNW Token On Binance Smart Chain Created Via Advanced Phishing Technique

7 minutes

?Morpheus.Network and its smart contracts were never hacked or breached or put at any risk.

Tldr; Our partners from Morpheus.Network have stumbled upon a sophisticated phishing scheme on BSC involving a fake token. The Hacken team assisted by providing expert technical analysis. Through close collaboration, we managed to expose the unusually complex scam. 

Cryptocurrency security is crucial as cryptocurrencies operate on a decentralized network, meaning no central authority oversees transactions or monitors user activity. This decentralized structure opens up possibilities for malicious actors to exploit vulnerabilities in the system, such as hacking into an individual’s cryptocurrency wallet or conducting fraudulent transactions.

Additionally, cryptocurrency transactions are irreversible, making it nearly impossible to recover funds once transferred to a scammer’s wallet. Therefore, it is essential to prioritize security measures to safeguard against fraudulent activity and protect one’s cryptocurrency.

Taking a proactive approach against scammers is vital to mitigate the risks associated with cryptocurrency. Scammers often employ sophisticated tactics to gain access to individuals’ wallets or convince them to send cryptocurrency in exchange for false promises. Therefore, it is critical to stay informed about the latest scamming techniques and be vigilant in identifying potential scams.

This includes using reputable exchange platforms, utilizing secure wallets with two-factor authentication, and staying cautious of unsolicited emails or social media messages requesting cryptocurrency transfers. By staying informed and taking proactive measures, investors can minimize the risk of falling victim to fraudulent activity and help maintain the integrity of the cryptocurrency ecosystem.

Morpheus.Network is a company that has displayed a commitment to protecting its community, clients, and users. It has taken a proactive approach against online scams and shut down malicious websites targeting cryptocurrency users.

Everyone’s safety is everyone’s business, and through thoughtful and innovative coordination, we can make crypto the safest financial system on earth – through technology, agile governance, and education. There’s a crucial need for greater industry collaboration to enhance security. The future success of the entire industry depends on it.

Recently Morpheus.Network approached Hacken to collaborate on an investigation into some seemingly malicious activity on the Binance Smart Chain (BSC), which included creating a fake MNW cryptocurrency token.

Crypto Scams Continue To Increase in Complexity

According to Chainalysis, crypto scam revenue hit $5.9 Billion in 2022. More money is lost in scams than hacks ($3.8B stolen in 2022). Scams are becoming more complex due to advancements in AI and new levels of sophistication. The case of the Fake MNW token proves that.

Here, the bad actor used spoofing. Instead of making a fake website or extension, the attacker took things one step further: copycatting a fake smart contract, generating a similar-looking address, and adding malicious functionality to appear as an official deployer address.

What Happened?

Recently Morpheus.Network approached Hacken to collaborate on the investigation into seemingly malicious activity on the Binance Smart Chain (BSC), which included creating a fake MNW cryptocurrency token.

The official Morpheus.Network (MNW) token smart contract is:
https://etherscan.io/token/0xd3e4ba569045546d09cf021ecc5dfe42b1d7f6e4

At first, it looks as if the official ETH MNW smart contract deployer created a second fake MNW token on the Binance Smart Chain (BSC). 

However, upon further investigation, Hacken discovered a sophisticated phishing method, which was used to create a fake copycat version of the MNW token. This copycat token was later sold on PancakeSwap.

After closer inspection and detailed transaction review, we concluded that the actual sender is another address, not related to the MNW deployer address. 

The official MNW deployer address is [0xc6214f77387d95d134C62E0d33Cd6a0D97aEe7c4], while the address from which the transactions were performed is [0xc3ca1c8075595d1dfd1baabc324ba7b988c9e476].

How did the phisher make transactions look like they were sent from the original deployer address?

The phisher used a transferFrom function in the malicious MNW contract they created. The fake MNW contract was hidden in the Context contract and contained a function called “safeTransfer” designed to perform the transferFrom function. 

Also, notice it was added as a single line and doesn’t follow conventional formatting. In the TransferHelper library:

The reason why transfer events are found on Bbscscan.com is due to the usage of the MOON.transferFrom() function, which ultimately leads to the execution of Context.safeTransfer(). If this function returns false, the allowance checks in the original transferFrom() are skipped, allowing the from field to be forged. This is evident when the sender is 0xe15C1a6D4c72711876fAb0BaED69b83da3Bb0d5E.

For the other callers, TransferHelper.safeTransferFrom() is invoked, which forwards the transferFrom() call (with matching signature) to an already self-destroyed contract, 0x600Ca57B937a28Eb3012ED00D82688A09D365cEa.

In this way, the phisher was able to make it appear as if transactions were performed by the official deployer address, when in fact, they were done by the phisher’s address and tricky contract.

Moreover, the attacker created a similar phishing smart contract address using the vanity tool:

ETH (original): 0xd3e4ba569045546d09cf021ecc5dfe42b1d7f6e4

BSC (created by phisher): 0xd3E4Aa07f00eA53Ac4A122f1356f1A355025F6e4

How did the attacker create a similar address?

The attacker likely used a vanity address generator to create a similar-looking address that could be easily mistaken for the original address. Vanity address generators work by generating a large number of random private keys and then calculating the corresponding public keys until one is found that matches a specific pattern or phrase.

In this case, the attacker may have used a vanity address generator to generate a private key, resulting in a public address similar to the original address but with a few characters changed. By doing this, the attacker could trick people into sending cryptocurrency to the fake address, thinking they were sending it to the original address.

Lessons Learned

This case demonstrates that you must be extra vigilant against scammers. This includes carefully checking and double-checking every smart contract and wallet address. Scammers can now create convincing token clones that look legitimate at first sight and make smart contracts appear as if deployed from official addresses.

With the availability of vanity tools, it is important to check not only the first and last digits of an address but the entire address. Many wallets, such as Metamask, have a built-in address book so you can safely store known wallet addresses. 

Hacken and Morpheus.Network encourages more industry collaboration, knowledge sharing, and joint research to help make Blockchain the safest financial system on earth!!

Please be safe out there and keep yourself informed!

About Morpheus

Morpheus.Network is intensely focused on helping companies and government organizations remove barriers to digitize, optimize and automate their global supply chain operations. They help clients maximize revenue through digitization and process automation, protecting sensitive data, and untangling complex issues with the legacy supply chain system while delivering effective, equitable, and efficient global trade solutions.

All official Morpheus.Network links can be found here: https://morpheus.network/links/

About Hacken

Hacken is a Trusted Blockchain Security Auditor with a mission to make Web3 safer by contributing to security standards. In 5+ years, we have audited 1,200 Web3 projects and, in 2022, reached the significant milestone of zero exploits among audited projects.

Hacken team of 147 talents, including 60+ certified engineers, provide high-quality solutions at every level of blockchain security, including smart contract audits in Solidity, Vyper, Rust, and Move; dApp audits in JavaScript, Java, and Rust; penetration testing for web/iOS/Android apps and networks, and blockchain protocol audits.

Our product portfolio includes HackenProof bug bounties, CER.live cybersecurity ranking, and Hacken Extractor on-chain monitoring. As a contributor to EEA EthTrust Security Levels Specification, member of top industry organizations, and trusted security partner of 180+ Web3 projects, we continue to raise the bar for blockchain security.

Subscribe
to our newsletter

Be the first to receive our latest company updates, Web3 security insights, and exclusive content curated for the blockchain enthusiasts.

Speaker Img

Table of contents

  • Crypto Scams Continue To Increase in Complexity
  • What Happened?
  • Lessons Learned
  • About Morpheus

Tell us about your project

Follow Us

Read next:

More related

Trusted Web3 Security Partner