The originator of the Dingo Token – a cryptocurrency with an alleged market capitalization of $11 million – included a backdoor in the code to charge a fee of up to 99% of the token’s value on each transaction.
That’s according to cybersecurity firm Check Point Software, which issued a notice warning potential investors of what the company calls “a scam.”
While documents describing the Dingo Token claimed the system charged 10% per transaction, Check Point researchers found 47 transactions where the total fee per transaction was increased to 99%. The creator had also set fees at 99% for future trades, essentially stealing funds from all cryptocurrency traders, according to the analysis released this week.
The creator of Dingo Token has already transferred previously collected funds to other accounts, leaving no money for anyone holding Dingo tokens, says Oded Vanunu, head of product vulnerability research at Check Point Software.
“The feature has been repeatedly invoked by owners to prevent users from selling their holdings,” he says.
Cryptocurrencies are heavily based on math but also on good marketing, a dose of libertarian ideals and an influx of gray market money. Overall, hundreds of cryptocurrencies have been created, and not all of them will be legit or fraud-free. In a 2019 report, for example, Alameda Research uncovered significant fraud across numerous crypto exchanges. This is ironic, given that two years later the company and its sister company, cryptocurrency exchange FTX, had both declared bankruptcy, and their executives, including FTX and the Alameda co-founder , Sam Bankman-Fried, have been charged with numerous financial crimes.
While these efforts may have started as legitimate businesses, the Dingo Token scheme likely started as a fraud from the start, Check Point said in its analysis.
“We reviewed the Dingo smart contract and quickly found that it looked like a scam,” the company said. “The project website contains no real information about the owners of the projects.”
A rapid jump in popularity
While the Dingo Token is far down the list of popular cryptocurrencies — No. 774, at the time Check Point issued its advisory — transactions using the currency have jumped 8,400% in the past year, according to the cybersecurity company. The meteoric rise in popularity, along with the fact that the description of the cryptocurrency was limited, raised suspicions, leading Check Point to analyze the digital smart contract on which the token is based.
The analysis revealed the systematic theft of funds from merchants, using a variable called “TaxFee” to set the amount to be charged on each transaction.
“We don’t believe this is a mistake due to the nature of crypto scam projects,” Vanunu says. “In this case, [the] setTaxFeePercentsetTaxFeePercent the function code… works as a backdoor, [allowing] owner to change fees dynamically, which is not best practice for legitimate projects.”
The fake cryptocurrency scheme may be the most technical attack to date, but fraud is increasingly a danger to cryptocurrency investors and users, increasing after a hiatus following numerous cryptocurrencies whose value has fallen by more than 60%. In 2022, for example, the FBI warned that cryptocurrency scams had once again targeted businesses and consumers, this time with fake investment apps that led to the theft of over 40 million dollars. dollars.
Know your code
The Dingo Token incident highlights the need for companies to do due diligence on any cryptocurrency they plan to use or allow customers to use. Security flaws, such as the backdoor code used by Dingo Token, need to be identified and cryptocurrency investors need more risk education, Vanunu says.
“We recommend users only use known exchanges and buy from a known token that has multiple transactions behind it,” he says. “In the near future, we believe that more preventative solutions will be available for users to deal with these cyber threats.”
The creators of Dingo Token did not respond to a request for comment sent to their contact email address at the time of publication. Check Point thinks the creators are gone, but other scams will likely pop up to take their place.
“It’s important for consumers to be careful about the tokens they buy,” the company said in the analysis, adding, “Cryptocurrency is a volatile market. Scammers will always find new ways to steal your money by using cryptocurrency and new forms of cryptocurrency are constantly being minted.”
