EtherWrapped, a project designed to provide a yearly summary of users nonfungible token (NFT) activity, launched a little over eight hours ago to palpable fanfare within the crypto community.
The website detailed a plan to airdrop YEAR tokens based upon quantitative engagement statistics in users’ MetaMask wallet, or in simpler terms, their number of transactions, volume traded and gas fees, among other data.
Upon verification on EtherScan, a number of well-regarded developers and engineering experts in the space assessed the coding of the smart contract. Meows.eth noted that these parties saw a “presence of a function titled _burnMechanism,” but concluded that it was merely a harmless error by the seemingly amateur creator.
What we noticed during a brief pass was the presence of a function titled _burnMechanism.
This function looked innocent enough, it would fail if you attempted to interact with the contract owner.
What myself and others missed is how might one weaponize it for evil. 7/ pic.twitter.com/CthmAw3a2A
— meows.eth (@cat5749) December 31, 2021
However, unbeknown to all, the creator of the contract maliciously planted this flaw to administer the “revokeOwnership” function soon after, designating ownership to themselves and subsequently orchestrating a honeypot scenario in which users could only buy, not sell, the asset.
Consequently, those who had connected their wallet and received the airdropped token witnessed their asset soaring in value, and as such, fuelled by the alluring propensity of fear of missing out (FOMO), were incited into purchasing more on the secondary Uniswap V2 market.
It must be stated, the action of interacting with the contract or claiming the token did not result in losses, but rather the ensuing investments into the YEAR asset on decentralized exchanges.
According to EtherScan, the malicious entity was able to siphon 59.7 Ether (ETH) from the scam, equivalent to $225,000 at current prices. In addition to this, the Uniswap V2 contract registered $6.8 million in daily trading volume.
Although not a vast amount in the wider context of DeFi’s $139 billion in total value locked (TVL), the incident does highlight the critical importance of reviewing and verifying the authenticity and contractual diligence of newly formed smart contracts prior to connecting Web3 wallets.
Related: Recounting 2021’s biggest DeFi hacking incidents
Decentralization, often in the form of financial distribution, is one of the fundamental principles of Web3.. Whereas the previous iteration of the internet curtailed power to centralized Silicon Valley behemoths, Web3 promises to grant power to the people.
Last year, a panoply of decentralized finance projects, including UniSwap, dXdY, ParaSwap and others, successfully deployed native assets — many of which were valued at tens of thousands of dollars — to members of their community in a bid to advance the development of their ecosystem.
Last month, ENS become the latest project to…
Read More: cointelegraph.com