The
originator
of
the
Dingo
Token
—
a
cryptocurrency
with
a
purported
market
capitalization
of
$11
million
—
has
included
a
backdoor
in
the
code
to
charge
each
transaction
a
fee
of
up
to
99%
of
the
worth
of
the
token.
That’s
according
to
cybersecurity
firm
Check
Point
Software,
which
has
issued
an
advisory
warning
potential
investors
of
what
the
company
calls
“a
scam.”
While
the
documents
describing
the
Dingo
Token
claimed
that
the
scheme
charged
10%
per
transaction,
Check
Point
researchers
found
47
transactions
where
the
total
fee
per
transaction
had
been
increased
to
99%.
The
creator
had
also
set
the
fee
to
99%
for
future
transactions,
essentially
stealing
the
funds
of
any
traders
of
the
cryptocurrency,
according
to
the
analysis
published
this
week.
The
Dingo
Token
creator
has
already
transferred
previously
collected
funds
to
other
accounts,
leaving
no
money
for
anyone
holding
Dingo
tokens,
says
Oded
Vanunu,
head
of
products
vulnerabilities
research
at
Check
Point
Software.
“The
function
was
called
many
times
by
the
owners
to
prevent
users
from
selling
their
holdings,”
he
says.
Cryptocurrencies
are
heavily
based
on
mathematics
but
also
on
good
marketing,
a
dose
of
libertarian
ideals,
and
an
influx
of
gray
market
cash.
Overall,
hundreds
of
cryptocurrencies
have
been
created,
and
not
all
will
be
legitimate,
nor
will
they
be
free
of
fraud.
In
a
2019
report,
for
example,
Alameda
Research
uncovered
significant
fraud
in
many
crypto
exchanges.
That’s
ironic,
given
that
two
years
later
the
firm
and
its
sister
company,
cryptocurrency
exchange
FTX,
had
both
declared
bankruptcy, and
their
executives,
including
FTX
and
Alameda
co-founder
Sam
Bankman-Fried,
have
been charged
with
numerous
financial
crimes.
While
those
efforts
may
have
started
as
legitimate
businesses,
the
Dingo
Token
scheme
likely
started
as
fraud
from
the
start,
Check
Point
stated
in
its
analysis.
“We
examined
the
Dingo
smart
contract
and
quickly
found
it
seemed
like
a
scam,”
the
company
stated.
“The
project
website
contains
no
real
information
about
the
owners
of
the
projects.”
A
Quick
Jump
in
Popularity
While
the
Dingo
Token
is
far
down
the
lists
of
popular
cryptocurrencies
—
No.
774,
at
the
time
Check
Point
released
its
advisory
—
transactions
using
the
currency
had
jumped
8,400%
in
the
past
year,
according
to
the
cybersecurity
firm.
The
meteoric
rise
in
popularity,
along
with
the
fact
that
the
description
of
the
cryptocurrency
was
limited,
raised
suspicions,
leading
to
Check
Point
analyzing
the
digital
smart
contract
on
which
the
token
is
based.
The
analysis
uncovered
systematic
theft
of
traders’
funds,
using
a
variable
called
“TaxFee”
to
set
the
amount
to
take
from
each
transaction.
“We
don’t
believe
that
it
was
a
mistake
due
to
the
nature
of
crypto-scam
projects,”
Vanunu
says.
“In
this
case,
[the]
setTaxFeePercent
function
code…operates
as
a
backdoor,
[allowing]
the
owner
to
change
the
fee
dynamically,
which
is
not
best
practice
for
legitimate
projects.”
The
fake
cryptocurrency
scheme
may
be
the
most
technical
attack
yet,
but
fraud
is
increasingly
a
hazard
for
cryptocurrency
investors
and
users,
surging
after
a
hiatus
following
numerous
cryptocurrencies
plunging
in
value
by
more
than
60%.
In
2022,
for
example,
the
FBI
warned
that
cryptocurrency
scams
had
once
again
targeted
businesses
and
consumers,
this
time
with
fake
investment
apps
that
led
to
the
theft
of
more
than
$40
million.
Know
Your
Code
The
Dingo
Token
incident
highlights
the
fact that
companies
need
to
conduct
due
diligence
on
any
cryptocurrency
in
which
they
plan
to
use
or
allow
customers
to
use.
Security
gaps,
such
as
the
backdoor
code
used
by
Dingo
Token,
need
to
be
identified
and
cryptocurrency
investors
need
more
education
on
the
risks,
Vanunu
says.
“We
recommend
that
users
only
use
known
exchanges
and
buy
from
a
known
token
that
has
several
transactions
behind
it,”
he
says.
“In
the
near
future,
we
believe
that
more
preventative
solutions
will
be
available
for
users
to
deal
with
these
cyber
threats.”
The
Dingo
Token
creators
did
not
respond
to
a
request
for
comment
sent
to
their
contact
email
address
by
publication
time.
Check
Point
believes
the
creators
are
gone,
but
more
scams
will
likely
appear
to
take
its
place.
“It
is
important
for
consumers
to
be
careful
with
the
tokens
they
buy,”
the
company
stated
in
the
analysis,
adding
that
“cryptocurrency
is
a
volatile
market.
Scammers
will
always
find
new
ways
to
steal
your
money
using
cryptocurrency,
and
new
forms
of
crypto
are
constantly
being
minted.”
About Author
