The crypto world has always been like a primitive forest, with riches buried deep in the dense forest and traps hidden in between.
On June 29th, Merlin Lab, a machine gun pool project on BSC, was attacked by so-called “hackers”, and the project owner then announced to shut down the project and started to sell off the project tokens, and the official Twitter, WeChat community and project miki documents were also disbanded within a few hours.
From last year’s DeFi summer, to this year’s BSC-led ecological outbreak, to the crazy “animal orgy”, we have witnessed countless earth dogs cheating, running away, guarding themselves, underhanded operations, etc. Some people have seized the opportunity in luck and timing, but many more have fallen in the treacherous DeFi flood.
How are we going to tell which items are qualified from the sea of complicated items? Which belong to the inferior quality? And how to use the means available to ordinary people to avoid the dirt dog?
Without further ado, let’s get right to the point.
- The information hidden behind the official website
First, let’s start with the obvious part
First, a good project at least need to be equipped with a level of official website, UI, github, project white papers, various official media channels should be complete and beautiful, which reflects the attitude of the project, if even these are not, please raise alarm.
Also check whether there is content update inside github, check the past information of each media channel to identify whether there is suspicion of account renaming and falsification.
If these basic conditions, and then consider whether the number of official and community fans and the project is proportional to the heat, for example: some dog project, spread on WeChat is very hot, a look at the number of fans of the official Twitter is quite a lot, but the results of the tweets sent out no comments and no retweets, you need to be alert to whether the project has to buy fans to create a false prosperity may be.
Second, through the official website registration and other information to confirm whether the project’s original development intention and the advertised information are consistent, as follows.
Here we take polywhale as an example, on June 22, this claimed to be the first DeFi mining pool on polygon announced the cessation of development, and the team gave a bizarre reason – token economic performance and poor market conditions, we can find some clues using the official website.
First of all, we query the project side domain name through the webmaster’s whois information query page (whois.chinaz.com), this step allows us to understand some basic information about the website, including the registrar of the domain name, the domain name registration time and expiration date and other information.
We can see that the domain name polywhale.finance was registered only 2 months ago, and the registration is only valid for one year, so we can simply judge that this project is a rush out, and secondly, for serious projects, the domain name of the official website is valid for one year is too short, which means that polywhale does not do detailed long-term development planning. This means that polywhale does not have a detailed long-term development plan, or does not intend to do so next year, the ambush of running away has been laid here.
Of course, we can go further, by confirming the official website server location, to further determine where the project is from, and whether it is consistent with its publicity, for example: if a project claims to be from Singapore, but finally found that the server is in the country, it is reasonable to suspect that they are false propaganda.
First of all, we determine the IP address of the website through the IP website query function of the same webmaster (http://stool.chinaz.com/same). For general websites that do not hide the real location or are not shielded, here you can directly query the physical address where the website is located.
Uniswap can be queried for the corresponding physical address
If not, you need to use another tool, censys (https://censys.io/ipv4), to find the real IP address through censys, a search engine.
For example, if we go to the above censys website and look up Swarm, which is known by many as the Tenno project, and search their official website ethswarm.org (the https prefix is not required for the query), we can see that the physical address corresponding to the IP is located in Shenzhen, and the Tencent cloud server is used, so from this point of view alone, Swarm has a domestic origin. If we add other supporting evidence, we can have a basic judgment on Swarm.
This is to review a project from the perspective of the official website, we can also make a basic research on a project from crypto assets as well as blockchain browser.
- Blockchain browser’s advancement
The information shown by the blockchain browser is basically true, and using this, we can dig out a lot of useful information.
First of all, we must clarify the correct address of crypto assets and beware of fake coins, which is the first step to enter the crypto world. For example, in the Heco browser, if we randomly search for the code of an asset, dozens of different addresses will jump, the vast majority of which are worthless air.
Some scammers often issue fake coins of crypto assets with high attention nowadays in bulk, and at the same time, inject certain liquidity on public chain DEX such as Uniswap and pancakeswap, and then spread the smart contract address on some social media channels with the intention of misleading users.
Some even set the smart contract code to only allow users to buy but not sell, and if users see the address in social media and believe it, they can only sit back and watch it rise and eventually return to zero after buying their tokens, a situation that was extremely common in the previous animal market. So, no matter what the project is, especially if it is an on-chain project, the contract address of the digital asset must be checked in person, and do not listen to what is said in the community.
Secondly, we can judge some basic information by observing the number of pass addresses held. For the new project’s, if the number of crypto assets holding addresses is little or not growing, it is more risky, and some people may feel that this is the first opportunity to participate in the early stage, and the point that needs to be clear is that 99% of the earth dog projects will go to zero.
Then, we can also estimate the holding cost and number of early users by looking up the records of transactions, and judge the risk by comparing the current market price. For example, if the transaction cost of querying a crypto asset at the very beginning is extremely low (which can be checked by the corresponding transaction hash) and the number is huge, then the risk is naturally higher at this stage.
In swap-type projects, using a good blockchain browser can also avoid stepping in the hole. Many of these projects are forked sushiswap, and there is a time lock contract in the sush contract code, which mainly plays the function of transferring funds from the contract, for example: funds can only be used on a specific date, at a specific time or at a specific block height, and certain dirt dog projects, will deliberately set this time lock contract address to a personal address to facilitate runaway or backroom operation.
We can distinguish the compliance of DEX projects by checking whether the time lock address is a contract address or a personal address, and the process is not complicated.
First of all, find this swap a LP contract address (if not, you can build a LP with your own small capital, but remember to revoke the wallet authorization), go in, then select contract -> contract read, and in the page down to find the owner column, go in and check whether the address is a contract address or a general address, if only a general If it is just a normal address, you need to be vigilant (the contract address will have a contract section and a detailed code).
In addition, regular fraud risks we also need to pay attention to, for example, fake app registration, wallet private key leakage, phishing websites, wallet over-authorization, etc.
To sum up, in order to do not step in the pit, not to be cheated, and to protect their own funds, Big Star summarized the following points.
- do not take the project background or promotional language as the only criteria for judging the value of the project.
- for the project-related promotional content, first doubt and then verify.
- make good use of the information on the official website and the blockchain browser. 4.
- Do not disclose your private key and avoid over-authorization of your wallet.
- Do not click on links from unknown sources, and take official channels for APP upgrade. 6.
- Don’t trust or participate in information claiming to be platform customer service, and can buy crypto assets at high prices.
- Stay away from the dogs and be rational.
*Note: The above content is for reference only, if there are any mistakes, please feel free to correct them.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/so-easy-non-technical-staff-can-also-learn-the-dirt-dog-fraud-prevention-tips/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.