Honeypot Crypto Scams — What are They and How do They Work?

The growth in popularity of cryptocurrencies is now evident to everyone, enthusiasts and skeptics. However, among the many consequences of this phenomenon are aspects related to criminal activity.

Several reports demonstrate the increase in crypto-related criminal activity in 2021. Among the many operations used by criminals, the practice of the so-called “honey pot” is one of the most widespread.

After a necessary premise on smart contracts, this article will explain how a honeypot works. But, more importantly, we will see how the world is fighting this phenomenon, protecting savers.

Understanding smart contracts

Let’s think of a typical case where a customer has to send money to a supplier. Blockchain technology makes this step automatically executable. The secret that governs this mechanism is precisely the invention of smart contracts.

Smart contracts are computer programs that provide for the execution of at least one transaction. They represent one of the features of the blockchain that users have appreciated the most over the years.

However, such an ingenious mechanism has a dark side. A developer with bad intentions can design an intelligent contract to scam users. Having clarified a clever agreement without too many technical details, we can analyze the honeypot strategy.

The first honeypot crypto scam

The simplest way to understand a complex phenomenon like a honeypot is to analyze a real case. In 2018, a criminal came up with a rather clever idea for obtaining cryptocurrencies from inexperienced users.

The user created a wallet, placing $ 5,000 in $MNE (Minereum). The cryptocurrency in question is not essential; what is relevant is to know that $MNE is an Ethereum-based coin.

After doing this, he shared his private key in a public chat. Believing they had found a great deal, many users rushed to withdraw coins. However, no one knew that the operation relied on a particular smart contract.

Without wasting time on technicalities, here is what happened:

• Users connected their wallets to the website and attempted to withdraw coins
• Before approving the transaction, users needed to confirm the gas fee on the operation
• Since Ethereum’s gas fees are famously high, it is crucial to understand that the transaction cost was not a small one
• Believing to withdraw $5,000, users imagined that spending $100 for the transaction would not be a big deal
• Here is the tricky part: the intelligent contract took the gas fee and moved it to a secondary wallet
• In the end, the transaction would fail because the system would find no funds for the gas fee. The most clever trick here was that, in the future, no one could withdraw the original $5,000.

Honeypot levels

There are different types of honeypots, and a recent study has identified at least three:

• Ethereum Virtual Machine (EVM): at this level, users may think to have found weak spots in a smart contract. However, the agreement never entirely runs, and users only lose their money.
• Solidity Compiler: Solidity is the name of the popular coding language in intelligent contracts. Users would need to analyze every smart contract to find issues in the code.
• Etherscan Blockchain: criminals can also exploit the lack of information on Etherscan’s website, a famous Ethereum blockchain explorer. Skilled scammers can hide secondary transactions on the system.

Fighting honeypot crypto scams

While criminals have so many designing the perfect honeypot scam, users’ defense weapons are fewer. So first, cyber education can help us prevent unpleasant situations online.

It is undoubtedly positive that several developers build tools to identify honeypot scams. Even better, cryptocurrency projects can use these tools to prove their safety.

Another vital step to observe in this case is to dedicate the right time to research. It is unwise to trust users sharing their wallets’ private keys online. Criminals rely on the lack of research from their victims.

New crypto projects generally like to show all sorts of audit certificates they obtained on intelligent contracts. So if a new blockchain initiative does not mention any audit, we should be cautious.

Falling into the trap of honeypot scams can be easier than you think. The idea of quick and easy enrichment can appeal to anyone, but it is good to maintain a rational approach to the market.

Understandably, not all users have the skills to analyze a smart contract. For this reason, many developers issue audit certificates on all types of arrangements in the blockchain.

A small loophole in the smart contract can lead many users to lose large amounts of money. Financial and cybersecurity education is the most potent weapon that each of us has against scammers.