Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Analysis » $1.8M Lost to Fake MetaMask Token Honeypot Scam

$1.8M Lost to Fake MetaMask Token Honeypot Scam

by

It appears that almost 400 people have fallen victim to the scam. 

$1.8M Lost to Fake MetaMask Token Honeypot Scam
Shutterstock cover by Harry Wedzinga

Key Takeaways

  • A fake MetaMask token project has scammed traders out of $1.8 million worth of ETH.
  • The scammers hacked the DEXTools app's front end to convince users that their fake token was legitimate.
  • The fake MetaMask token is the third major scam to hit the crypto space over the holiday season.

Share this article

A fake MetaMask token has conned traders out of over $1.8 million. Hackers injected code into the DEXTools application’s front end, convincing traders that the token was verified.

The MetaMask Token Scam

A fake MetaMask token has left speculative traders reeling. 

Hundreds of traders fell victim to a MetaMask token honeypot scam Monday evening, with grifters making off with over $1.8 million.

The scam, which played on traders’ anticipation of a MetaMask wallet token, used a flaw in the popular DeFi trading app DEXTools to convince users of the token’s legitimacy. A scammer was able to inject code into the DEXTools app front end for the Uniswap WETH/MASK pair, which, when viewed, would launch a pop-up telling users that the MASK token was verified.

The fake MASK token pop-up. Source: @cobynft

After buying the fake MASK token, unsuspecting users found that they were unable to sell it. This style of scam is often referred to as a “honeypot,” allowing users to enter, only to find that the smart contract governing the token’s interactions prevents them from selling.

In the case of the fake MetaMask token, the scammer appears to have programmed the smart contract to wait until upward of $1 million worth of liquidity was traded into it, then to prevent holders from selling. The scammer pulled out 475 ETH from the token’s Uniswap liquidity pool, according to transaction data from Etherscan, worth $1.79 million at press time. The illicit gains were sent to Tornado Cash, a popular coin mixing application, and were laundered to an unconnected wallet. 

Reports of the scam first emerged on Twitter Monday evening, with several accounts warning that the MASK token was a scam despite the pop-up on DEXTools telling traders it was legitimate. Since then, Twitter user @cobynft has provided a breakdown of how the scam occurred, explaining how it was a “serious fault” of the DEXTools app developers that allowed the scam to convince so many people to buy the tokens. 

An additional reason that the MetaMask token scam was so effective is the current anticipation for a legitimate MetaMask token. The MetaMask team have repeatedly hinted at decentralizing the popular EVM wallet by issuing a token, with many speculating it could be done through an airdrop. 

The fake MetaMask token is the third major scam to hit the crypto space over the holiday season. On Sunday, Binance Smart Chain project MetaSwapMGAS stole 1,100 BNB from users in an apparent rug pull. Just yesterday another Ethereum project called MetaDAO appears to have executed a rug pull on its investors, making off with 800 ETH, worth over $3.2 million.

Crypto Briefing contacted DEXTools for comment on the attack on its application’s front end but did not receive a reply by press time.

Disclosure: At the time of writing this feature, the author owned ETH and several other cryptocurrencies. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.