Threat actors have set their sights on the Base network and its users, posting honeypot tokens and risky assets over the past few days. The tokens are designed to exploit contract backdoors to allow the attacker to drain users’ wallets.
On-chain analysts have discovered a new wave of token launches that pose a danger for early token snipers or automated traders. These new tokens on Base may be able to drain wallets by exploiting one of their smart contract functions.
One of the recently added tokens, NUDE AI, was flagged for being a honeypot, and trading has stopped in the past few hours. The other flagged token is Make Europe Great Again (MEGA), which has not stopped its trading activity.
The newly launched NUDE AI token was initially accepted as a new promising AI meme token. During its first day of trading, the team also sniped up to 28% of the supply, initially aiming to perform a rug pull. Instead, the token’s trading froze just a day after the launch, despite locking in $288K Uniswap liquidity.
`NUDE AI was considered a hot new AI meme token, before being flagged for suspicious activity. | Source: DexScreenerMore recent honeypot tickers include AIOS and BURP. The newest token suspected to be a honeypot, Scrypt AI (SAI) is still trading and transferring every few seconds, with no flag for suspicious activity.
Honeypot tokens can cause damage very fast
External honeypot checkers also do not catch all newly launched assets, which may go hours or even days without an audit. Any of the thousands of new tokens created each day may carry the threat of being a honeypot and expose wallets to risks.
Honeypot tokens are easily flagged, but they can also quickly lead to losses in just minutes after launch. The trend follows the expansion of Base as one of the platforms with the most significant growth of token launches in the past year. Base is one of the most active networks for new memes, especially the new wave of AI tokens.
The newly reported scam is most relevant for traders who use direct in-wallet purchases.
The newly launched assets sent out a transaction to mint the token, paid in ETH, but the balance was transferred out of the wallet. However, the rest of the wallet’s balance was not affected.
Base is the newest chain to be targeted by threat actors with waves of honeypot tokens. This has left traders debating about the right moment to join new tokens. Based on research by GoPlus, the chain hosted 54,000 rug pulls, honeypots, and other risky tokens during Q4 2024.
Thousands of tokens launched on top DeFi chains
The threat actors focused on Ethereum and BNB Smart Chain for the potential of creating tokens with a backdoor.
In the last quarter of 2024, a team of analysts from GoPlus flagged 67,000 suspicious tokens on Ethereum, BNB Smart Chain, and Base. Some of the honeypot tokens simply prevent the buyer from selling. Others perform more complex actions, as in the case of the newly listed assets.
The new threat has evolved, meaning that interacting with the token can transfer assets without prior approval. The overall token count has decreased, while the attacks have become more sophisticated. Honeypot tokens, as a class, also follow market trends, with concentrated attacks during the hyped market periods.
Web3 wallets such as OKX often flag risky tokens, or give an OK sign for vetted ones. However, not all new honeypot tokens may be covered, as new contracts are constantly launched. The best approach is to wait for an OK sign or for some of the available Web3 services to vet the token.
The SlowMist web3 security firm also notes similar Web3 attacks against smart contracts. In the past day, the team noted an attack against the Mosca smart contract on BNB Smart Chain.
Previously, UniLend Finance was also exploited for $197K due to a vulnerability in the redeem smart contract.
The team also tracks multiple phishing attempts, targeting valuable personal wallets. SlowMist noted a 67% increase in wallet drainer attacks in 2024 compared to the previous year, coinciding with the bull market and increased DeFi and Web3 activity.
Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap
Read the full article here
