While the decentralized finance (DeFi) space has seen tremendous growth in 2020, this hasn’t been without consequences. One of those consequences appears to be the proliferation of criminals and scam operators using the industry’s prominence to make a quick buck and defraud investors.
A Yield Farming Operation Gone South
Recently, Alex Manuskin, a researcher at keyless wallet service provider ZenGo, claimed on Twitter that an anonymous investor had lost Uniswap tokens worth about $140,000. According to the tweet. The investor, who goes by the moniker Jhon Doe despite being named Chad, had participated in a fraudulent yield farming project.
Chad had joined UniCats, a new DeFi scheme, hoping to leverage on the hype around yield farming. He put his UNI tokens into the project, allowing investors to farm its tokens (known as MEOW) and withdraw them.
Unknown to Chad, however, the project had malicious code in its smart contract. These codes allowed UniCats’ developers to withdraw his tokens. Chad had unwittingly accepted for the project to spend an unlimited number of tokens. So, by granting that approval, he had opened the floodgates for hackers to prey on him.
“What Jhon doesn’t know is that once you approve the contract to use ∞ tokens, the contract can take their tokens at any time. Even after they were withdrawn from the farming scheme,” Manuskin explained.
The rogue developers eventually took over 36,000 UNI tokens across two transactions, causing Chad to lose $140,000. Manuskin added that this isn’t a concentrated event, as the rogue devs have frequently created scam yield farming projects to take advantage of unsuspecting investors.
Skilled Hackers Preying on Opportunistic Investors
Issues like these are part of why many have raised warning signs over the investors who push money into DeFi projects. It looks like the Initial Coin offering (ICO) boom once more, as many investors merely see these as opportunities to make a quick buck.
Yield farming has been one of 2020’s top crypto buzzwords. Users get a small share of transaction fees for contributing liquidity to a DeFi project making it pretty safe. However, opportunists are always on the prowl.
The yield farming phenomenon is especially dangerous as most investors don’t even understand the projects they’re backing. Last month, crypto market aggregator CoinGecko published a report on a survey that included 1,370 yield farmers. As the report showed, a staggering 93 percent of them had gotten at least 500 percent in their yield farming returns.
However, only about 40 percent of these people claimed that they could read the smart contracts underpinning the protocols they farm with. Despite this significant red flag, many of them claimed that they wanted to continue with the activity.
Not understanding a project’s smart contract is tantamount to investing in aa company without understanding its business model. As any investment expert can attest, this hardly ever ends well. Chad has learned this lesson, and there’s no indication that the hackers who fleeced him of $140,000 won’t find some other unsuspecting victim soon enough.