Uniswap Fake Deriswap Liquidity Pair
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Uniswap allows anyone to list a token. Therefore, there have been a massive number of scams with tokens named similarly to popular projects.
In this case, Deriswap was a real project, but didn't have any token associated. The announcement caused a lot of activity searching for the token, and the opportunistic scammer listed a coin with the same name, netting a substantial sum of $53k.
This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16]
About Uniswap
"Uniswap is an Ethereum exchange, built using smart contracts and liquidity pools, as opposed to the order book of a traditional centralized exchange (CEX), such as Binance. With any Ethereum wallet, users can simply connect to the Uniswap application and effortlessly exchange ERC20 tokens without first sending them to the exchange platform account."
"[T]he development of Uniswap was facilitated by Vitalik Buterin’s idea for a decentralized exchange (DEX), which would involve an automated market maker. Actually, the protocol developer himself, Hayden Adams, at first tried to just practice development on Solidity, and later this hobby brought him several grants and $100 000 from the Ethereum Foundation. Now the project went far beyond just entertainment and became one of the most important components of the entire DeFi industry."
"Uniswap scams are not a new happening within the crypto space. Uniswap ETH-based decentralized exchange that offers every project a chance to air its views to the world. Notwithstanding, it’s one of the most misused platforms within the DeFi world, with more entities taking advantage of its name and services."
"Since its ‘V2’ overhaul in May, Uniswap has emerged as a cornerstone of the nascent DeFi ecosystem, with data published by Dune Analytics indicating that Uniswap comprises DeFi’s top pool by total users with 92,000."
"Scam tokens are a growing problem on the decentralized exchange and liquidity pool Uniswap — owing to the protocol’s open listing policy." "Uniswap, allows users to import any new token simply by pasting its address to the Uniswap’s swap menu."
"Cronje is seen in crypto circles as a prolific developer with a Midas touch. Hype and a “fair” launch (and an extremely low 30,000 supply cap) caused the token prices of his first project, YFI, go from under $30 in July to a peak of $42,000 in September. As a result, hopefuls would pile inordinate amounts of money into subsequent Cronje projects—like Keep3r Network and the now-defunct Eminence—to bank on quick profits, even though they weren't fully tested."
"But today, Cronje only released only a product and no token. Perhaps this was to avoid the issue of his loyal userbase plowing into his latest thing and then complaining when there's an issue. But this new tactic, however, didn’t stop scammers from almost instantly issuing fake “DWAP” tokens on decentralized exchange Uniswap to immediately attract traders wanting to pile into the next Cronje moonshot."
"November 22, 2020 - Fake Uniswap LP tokens net scammers $52K."
"Andre Cronje's latest project announcement saw scammers immediately issue fake 'DWAP' tokens. One such scammer made away with $53,000 in under 30 minutes. Over 30 fake DWAP tokens have since been issued."
"André just gave an update about deriswap 30 mins back. Someone created a fake token called $DWAP. 60 addresses in less than 15 mins with 150+ ETH. Aaaaanddd its gone. Take few mins to hover around etherscan before u jump, it’s not that hard."
"Today, after Deriswap was released, the first such scam pool saw an attacker issue fake DWAP tokens, supply the Uniswap pool with 72.4 ETH, conduct a few trades, attract gullible traders, and exit the entire pool with 162.3 ETH about 20 minutes later." "They even sent the illicit DWAP tokens to the ‘yearn:deployer’ contract address to make the issuance seem more legitimate."
"This process netted the scammer over 90.1 ETH, worth over $53,000 at current prices."
"Meanwhile, since then, over 30 DWAP pools have been issued on Uniswap, each attracting liquidity and netting scammers with several ETH for their efforts."
"[T]here could be a lot of fake tokens on the Uniswap platform that mimic the legitimate projects and deceive users into trading their funds for a worthless scam token."
"With any token able to be listed on the platform’s drop-down menu simply by making a GitHub request, the platform’s users are increasingly calling for more stringent vetting to be introduced."
"Uniswap Labs said [July 23rd, 2021] that it was restricting access to dozens of tokens on its trading interface app, including synthetic assets meant to mirror the prices of stock-market giants like Facebook Inc. and Tesla Inc., as well exchange-traded funds such as Invesco’s so-called QQQ that tracks the Nasdaq 100 Index." However, there is no indication of anything done to restrict scam tokens.
"As Uniswap’s protocol is permissionless and both good and bad actors can list tokens through it, you will often see a warning for users to take the initiative in avoiding scammers."
"Rather than searching for tokens or pairs on Uniswap, you can verify you are selecting genuine ones by going via a trusted source, such as the CoinMarketCap or CoinGecko crypto tracking websites. On CoinMarketCap, for example, you can search for the token, select it, then navigate to the trading pairs towards the bottom of the page. If you then click on the relevant pair next to Uniswap, it will take you to the genuine Uniswap page and help you to avoid fake tokens. It also has an option at the top for MetaMask." "Explorers like Etherscan can also be used to check the vital analytics needed to make a more informed decision."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| November 22nd, 2020 | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $53,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
Ensure platform operators are trained to avoid listing fraudulent tokens.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ No Title (Aug 3, 2021)
- ↑ @degenspartan Twitter (Aug 3, 2021)
- ↑ How Does Uniswap Work (Jun 5, 2021)
- ↑ Fake Tokens on Uniswap Are Trying to Cash in on DeFi Hype (Sep 10, 2021)
- ↑ Scam Tokens Flooded Decentralized Exchange — DailyCoin (Sep 10, 2021)
- ↑ @defiprime Twitter (Sep 10, 2021)
- ↑ Uniswap Reports A Surge In Scam Tokens On The Platform Claiming Affiliation To Popular DeFi Projects - Digital Coin Standard (Sep 10, 2021)
- ↑ Uniswap Restricts Fake-Stock Tokens as Regulatory Scrutiny Grows - BNN Bloomberg (Sep 10, 2021)
- ↑ How to Avoid Buying Uniswap DeFi Scams in 2021 | Hacker Noon (Sep 10, 2021)
- ↑ How to Identify and Avoid Uniswap Scams | Alexandria (Sep 10, 2021)
- ↑ Trade or Trick? Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange (Sep 29, 2021)
- ↑ @AndreCronjeTech Twitter (Sep 29, 2021)
- ↑ @halfapple772 Twitter (Sep 29, 2021)
- ↑ Address 0xac830c76fc37ef3dd4c28c9b7ee548d1a46112eb | Etherscan (Sep 29, 2021)
- ↑ @stangulchenko Twitter (Sep 29, 2021)
- ↑ Deriswap Capital Efficient Swaps Futures Options And Loans (Sep 29, 2021)