- Scammers have made off with some $1 million after faking a MetaMask token listing
- The scammers injected code into the DexTools site to make the token appear to be verified
- MetaMask didn’t announce the token on their Twitter feed
A scam involving the anticipated MetaMask airdrop has led to hundreds of ETH being stolen and another lesson in looking before you leap. Rumors of a MetaMask airdrop have circulated for some time now, and a group of scammers has preyed upon those anticipating the release by fooling DeFi tools site DexTools into thinking that its fake MASK token was genuine, leading to victims buying up the token in droves before it was revealed to be a scam.
Scammers Capitalize on MetaMask Token Anticipation
The MetaMask airdrop is one of the most hotly anticipated airdrops in the crypto space given the popularity of the platform and the potential value that could result for users. Twitter user @cobyNFT revealed how a group of scammers used the excitement over the MetaMask airdrop, and some coding expertise, to make a fake MASK token:
How did someone make a fake $MASK token and scam hundreds of ETH by exploiting DexTools?
A Thread 🧵 pic.twitter.com/pUb9MRwBlT
— coby.eth (@cobynft) December 27, 2021
@cobyNFT said that DexTools has “faulty coding” which allowed the scammers to inject code into the title and description on DexTools which was executed by the website, resulting in the token displaying a ‘verified’ status. This was enough for some to think that the MetaMask token had finally hit. Some $1 million worth of the token were purchased following the fake token creation, which was later revealed to be a honeypot, with sells locked so that the tokens could not be redeemed in any way.
@cobyNFT says that the scammers will likely run the funds through the Tornado Cash mixer to obscure their origin, allowing them to cash out fairly easily.
Basic Checks Would Have Prevented Loss
DexTools has so far failed to comment on what appears to be a security breach at their end, but the victims should have been suspicious of the MetaMask token given that they had to buy it rather than it being the airdrop that everyone is anticipating. A quick check of the MetaMask Twitter feed would have shown no mention whatsoever of the MetaMask token being launched, which should have been the reddest of red flags.