Scammers have found a new way to defraud Solana users by exploiting the blockchain's "Permanent Delegate" extension which allows them to burn tokens shortly after a transaction. Meanwhile, there has been a concerning increase in crypto ATM scams, and the FBI issued a warning about North Korean cybercriminals targeting the crypto industry with very sophisticated social engineering attacks. Penpie, a DeFi platform, became one of the first crypto hack victims of September after it recently suffered a $27 million exploit.
Scammers Target Solana Users With Token Burning Trick
Scammers have discovered a new way to defraud Solana users by exploiting an in-built token extension that allows them to burn victims' tokens within seconds of their purchase. Slorg, a member of the Solana-based Jupiter Core Working Group, revealed in a recent post on X that this new tactic has already impacted users. One victim reported swapping tokens, only to find that their wallet reflected no balance despite a confirmed transaction.
The scam hinges on Solana’s "Permanent Delegate" extension, a feature that is designed to offer certain tokens unrestricted privileges. While it is intended for legitimate purposes like retrieving mistakenly transferred tokens or automating payments, the feature has been manipulated by bad actors.
In one case, a user swapped for a token named "RED," which had this extension enabled. This allowed the scammers to burn the tokens just seven seconds after the transaction was completed.
PeckShield explained that the Permanent Delegate extension in Solana's Token 2022 standard allows for actions like burning or transferring tokens without limitation. While this feature can be beneficial in specific cases, Solana has acknowledged that it can be misused.
Scammers might burn tokens for various reasons. Slorg pointed out that some may do so simply to create chaos, while others may want to reduce the token’s available float, thereby preventing price drops. By burning tokens, scammers can manipulate tokenomics, which then affects the circulating supply and inflates the token's value.
Security firms Beosin and PeckShield suggest that the goal might be to deceive users into thinking the token’s circulating supply remains stable, allowing scammers to benefit from price manipulation on DeFi protocols. Despite these warnings, there are tools like RugCheck and indicators from Jupiter to detect when this extension is activated.
Bitcoin ATM Scams Surge
The United States Federal Trade Commission (FTC) has reported that there has been a concerning increase in scams involving Bitcoin ATMs. In fact, these scams have increased almost 10-fold since 2020.
Scammers are taking advantage of the anonymity and speed of crypto transactions to defraud victims, and often convincing them to transfer funds via Bitcoin ATMs under false pretenses. In 2023, losses from these scams surpassed $110 million. Older consumers, particularly those aged 60 and above, are three times more likely to fall victim.
Bitcoin fraud losses by year (Source: FTC)
A Bitcoin Depot spokesperson responded to the FTC’s warning, and shared that the company posts scam alerts on its kiosks and includes screen prompts to inform customers about potential fraud. They also clarified that no legitimate agency or company will request payment through Bitcoin ATMs or demand BTC for any official purpose.
Additionally, the spokesperson provided safety tips, and advised users not to send crypto to unknown people or digital wallets. They are also cooperating with regulators and law enforcement to protect consumers.
The push for the regulation of Bitcoin ATMs is also gaining some traction. In Chico, California, a local government committee recently discussed efforts to treat Bitcoin ATMs with the same regulatory oversight as banks.
FBI Warns of North Korean Crypto Scams
The scams threatening the crypto community are not only limited to crypto ATMs. The FBI recently issued a warning to the crypto industry about North Korea’s increasingly sophisticated social engineering tactics targeting employees of decentralized finance (DeFi) platforms, crypto companies, and those involved with crypto exchange-traded funds (ETFs).
North Korean state-sponsored hackers are orchestrating elaborate and tailored cyber attacks that are designed to infiltrate companies and steal crypto assets. Despite improved cybersecurity measures, these attacks have proven quite challenging for even the most security-conscious firms.
The FBI shared some details about the persistent danger posed by these hackers, who use detailed social engineering campaigns to deceive employees. They conduct extensive research on their potential victims, and gather information from social media and professional networking profiles to construct very believable scenarios that appeal directly to the individual’s background and interests. In many cases, these attacks take the form of job offers, investment opportunities, or other legitimate-sounding engagements that are designed to build trust and deliver malware.
North Korean hackers have been known to impersonate recruiters, technology firms, and industry contacts, using stolen imagery and fake identities to add credibility to their schemes. They are fluent in English and have an impressive understanding of the technical aspects of the crypto field. This makes their deceptions so much harder to detect.
Recent FBI observations show that North Korean cyber actors have been conducting reconnaissance on companies associated with crypto ETFs. The hackers’ tactics include unexpected requests to execute code or download applications, unsolicited job offers from well-known firms, and investment opportunities. They also often push to move communications to less secure platforms to bypass security protocols.
The FBI advises companies in the crypto sector to be vigilant and adopt robust security measures to mitigate the risks posed by these attacks. The North Korean Lazarus Group alone has laundered more than $200 million worth of crypto between August of 2020 and October of 2023. This makes them one of the most serious cyber threats in the crypto industry.
Penpie Protocol Hacked
The Penpie protocol, a decentralized finance platform built on Pendle, suffered a major exploit on Sept. 3 that resulted in the loss of $27 million in client funds. The transaction was traced to a hacker using an address ending in “bb7.”
As a precaution, Penpie suspended all deposits and withdrawals. Pendle also reassured its users that customer funds are safe and paused all contracts until the issue is resolved.
This incident is part of a broader trend of increasing crypto hacks in 2024. A report from Immunefi revealed that more than $1.2 billion has been stolen in hacks and exploits this year, spread across 150+ incidents. Centralized finance platforms have experienced the greatest financial losses due to their larger capital reserves.
PeckShield also reported that losses from crypto hacks exceeded $313 million in August 2024 alone. Additionally, the amount of funds stolen by phishing attacks surged by 215% during the same month, with one single attack accounting for $55 million in losses, according to a report by Scam Sniffer.