SAFU Development

Common Scam Attacks

By, admin
  • 16 Sep, 2023
  • 0 Comment


A common phishing technique is sending emails/websites asking users to reset their passwords/recover their accounts. Once users log into these fake websites, they steal private keys.

Case: Alice logs in to an exchange and links to the MetaMask wallet, and receives a pop-up window indicating that the wallet is faulty and needs to be restored with mnemonic words. After the restoration, all assets in the wallet are stolen.


People claiming to be employees or representatives of certain dapps/institutions may contact users via email, phone or social media. They will steal funds from users by sending fake free minting/airdrop sites. Or by impersonating behavior to manipulate victims to extract funds or sensitive data

Case: The Ukrainian government accepts cryptocurrency donations and announces an airdrop of NFT. Imposters pretend to be the Ukrainian government and send out fake token airdrops to defraud.

Discord manages identity hijacking 

Attackers take control of bots trusted by the community to post fake announcements, scam links, or trick victims into giving up their cryptocurrency or NFTs)

Case: Hackers control blue-chip NFTs such as Bored Ape Yacht Club and other discord official servers, and send wrong links to members in batches. After users click, assets will be irreversibly stolen

BGP hijacking

By falsely claiming to have an IP prefix that is not actually controlled, and adding it to the routing table in the Internet BGP router, the attacker can hijack the traffic of the IP address. In this case, once the user tries to Login will be redirected to the trap address set by the attacker.

Case: Celer suffered a BGP hijacking attack, affecting 32 users and $235,000 in damages (2022.08)

Code backdoor & trap

The attacker hides a piece of malicious code with special functions in a normal program, such as a backdoor program with special functions such as destroying and deleting files, sending passwords, recording keyboards and DDoS attacks to steal user personal information.

Case: Bob mint an NFT on a certain website, and found that it disappeared two days later. Because the attacker implants certain features in the NFT code, he can authorize others to conduct NFT transactions or destroy other people’s NFTs, and cannot place orders, etc.

Front-end malicious code 

Attackers will implant malicious code into the front-end of websites such as exchanges, such as the label management system of user browsers, so that false approvals can be generated through this string of malicious codes, allowing user assets to be transferred to the attacker’s address.

Case: KyberSwap lost 2.56 million US dollars due to the malicious front-end planted by hackers (2022.09)