Last week, Mikko Ohtamaa, the co-founder of Trading Protocol, shared news about a new offer of a honeypot token contract package provided by crypto scammers. Suppose the developer behind the advertised code is not attempting to scam the scammers who use such contracts to entice cryptocurrency investors into purchasing malicious untradeable tokens. In that case, the advertisement might suggest an enhanced efficiency of honeypots in passing audits.
Read also: Crypto Scammer Steals $3.2 Million through Honeypot Scheme
"Automatic audits won’t detect any harmful functions anymore due to the update," claims the seller of the honeypot crypto scam package, adding that the code managed to pass seven out of ten paid audits at the time of publication. Furthermore, the individual promoting the new scam tool emphasized the code's 100% success rate, explaining that "Pinksale presale has been passed eleven times out of eleven with this contract."
The post’s author suggests using "a perfect marketing method" with additional recommendations included in the bundle to ensure smooth usage of Pinksale, a popular token launchpad platform, and avoid honeypot detection.
The Honeypot Package, available for purchase for $1,350, is just one of the recently advanced scam tools. The cryptocurrency community has also discussed an advertisement for an elaborate wallet drainer, promising the capability of draining ERC-20 tokens, NFTs, and Ether, all while bypassing security measures like MetaMask's latest updates, for a price ranging from 3 to 10 ETH.
Ohtamaa also shared with the X community another curious advertisement from the world of Web3 criminals, highlighting its representation of "the career development of a crypto scammer."
The post advertised the wallet-draining tool that reportedly allowed the scammer to make $8,000 within three days of work. Now, the mysterious author is ready to sell a copy of this particularly powerful drainer for "at least $5,000."
Prominent on-chain detective ZachXBT called this individual "a paid group drainer guru," doubting his ability to steal any money.
Recently, there have also been reports about crypto scammers targeting developers. One such exploit impersonating the modular blockchain network Celestia was highlighted by the real-time Web3 anti-scam platform Scam Sniffer.
"Beware of fake Celestia GitHub jobs," Scam Sniffer warned the community, explaining that scammers were attempting to gain authorization to extract sensitive information from the code repositories. The message appeared to be sent by the GitHub recruitment team, which was offering an attractive position to the recipient. The email included a malicious link disguised as a redirect to the application form and was created according to "best phishing practices," creating a sense of urgency as the recipient had only 24 hours to complete the application.
Read also: FBI vs LockBit Battle: No Names Revealed, Ransomware Group Restores Its Servers
According to Scam Sniffer, scammers utilized GitHub functionality to issue comments for the distribution of their phishing emails.
Notably, even public repositories that have not been starred by any users also attract scammers’ attention and receive such messages. While this may simply indicate that criminals are not selecting their potential victims carefully enough, it may also be a deliberate strategy, targeting beginning developers who might be particularly susceptible to checking out lucrative job offers.