Be Alert Against Scams!
In the past decade, more and more people have become interested in cryptocurrency and the digital assets associated with it. While the virtual world has opened up a wide range of possibilities, it has also become a hotbed for scams. During the Christmas season of 2022, the NUS FinTech Lab experienced this firsthand, as cybercriminals used the FinTech Lab’s name and the NUS logo to create fake websites, social media accounts, and even mint tokens with the name “NUS FinTech Lab (NUS)”.
This article details the steps NUS FinTech Lab took to identify and counteract a fraudulent website and associated tokens, and how you can do the same if targeted with a similar attack.
Fake Tokens:
A group of scammers have created fake tokens on Binance Smart Chain and are promoting them through a fake Telegram account and website. They are using the NUS logo and a fake Twitter account with the handle @nus_lab and the name “NUS FinTech Lab” to promote it.
To find out the token holders and other details, we searched for the token address on Binance’s Smart Chain (BSC) Scan. The token addresses and holders, as well as the quantity held, can be found under the “Holders” tab.
A few of the websites that have published the tokens are :
1.https://thebittimes.com/token-nus-BSC-0x9285d9a79cd1da8f1d5904ed38bbef5c82f4f587.html
2. https://recentcoin.com/token/nus-fintech-lab-nus-0x9285d9a7
3.https://cryptovotelist.com/newborn/0x9285d9a79cd1da8f1d5904ed38bbef5c82f4f587
4.https://top100token.com/address/0x9285d9a79cd1da8f1d5904ed38bbef5c82f4f587
5.https://coinsgem.com/token/0x00caaff31108014071eed798ccb9197684a2e6d3
Action/measure taken:
To protect members of the general public who may be duped into buying these fraudulent tokens, the NUS FinTech Lab team reached out to Binance using the Report/Flag Address option available on the token’s page on Binance. As a result, Binance has posted a warning message at the top of the token page.
Fake Website:
Fraudsters may use a tactic called impersonation scams to trick people into giving away their personal information for financial gain. They create websites that look very similar to official organizations, but the domain name may be slightly different. This makes it hard to tell the real from the fake.
In the case of the fraudulent NUS FinTech Lab token, the fraudsters have created a website (fintechlabnus.com) with a URL slightly different from the Lab’s official website (fintechlab.nus.edu.sg). Do not trust this website and be sure to double-check the URL before giving out any personal information.
To make sure you are visiting a legitimate website, double-check the URL of the website or contact the official organization. For example, if you’re looking for the official website of the NUS FinTech Lab, a quick Google search of “nus fintech lab” should return the website for our organization (fintechlab.nus.edu.sg). Websites created by fraudsters are often hastily created and shared with links on social media and email, so typically do not show up as the top result in a search engine.
The scammers’ fake website copied some content from the NUS Fintech Lab’s official website in an attempt to appear authentic, but there are several signs that this group is not affiliated with NUS. For instance, the contact information listed on the website is different from the official contact details of the NUS FinTech Lab.
Signs that a website might be a scam can include missing information about the team behind it, a whitepaper listed as coming soon but not actually available, and an unclear description of the token being offered. For example, if the token is described as a “Music NFT” but no explanation is given for what this means or what it is for, it could be a red flag.
Additional clues that the website is fake can be found by querying the Whois database (e.g., https://whois.domaintools.com/). The fact that the domain was only created very recently (on 22 December 2022) should be another signal that the website may be suspicious. Using this information we were able to identify who was hosting this fraudulent website and contact the appropriate law enforcement authorities to take action.
To ensure the safety of our data, we have conducted a thorough review of our own internal IT systems and can confirm that our systems have not been breached.
Scrutinizing the Marketing Channels:
Be wary of online crypto projects that seem too good to be true. Scammers have been known to use social media platforms to promote fake projects, so don’t be fooled. Before investing in any cryptocurrency, look into it carefully to make sure it is legitimate. The NUS Fintech Lab has identified cases of scammers impersonating them on Telegram and Twitter.
1. https://t.me/nusofficialchannel
2. https://twitter.com/nus_lab
These scams, known as Rug Pull Scams (see https://nftnow.com/guides/scams-explained-what-are-rug-pulls-and-are-they-a-crime/), involve the scammers creating a new token and hyping it up through marketing tactics then disappearing shortly after selling it. It’s important to stay vigilant and do your own research before investing.
The FinTech Lab was able to reach out to these platforms to block (and or flag) these false accounts, but always be vigilant of any suspicious activity.
Analyze the White Paper and Identify Team members
Before investing in any cryptocurrency, it is important to read the white paper, which outlines the development process. Fake cryptocurrencies often have poorly written and inaccurate white papers that do not explain how it works or how it is intended to be used. Reading the white paper can help you understand the protocols and blockchain of a cryptocurrency, and make sure it is legitimate.
White papers should always list the names of the people who created the cryptocurrency. You can usually find their coding, comments, and discussions on websites like GitHub or GitLab. Some projects use forums and chat apps like Discord to talk about the project. If you can’t find any of this information, it’s probably a scam.
In the case of the fraudsters impersonating the NUS FinTech Lab, the code behind their token is a copy of the sample smart contract code provided by Binance for token generation. Anyone can view the code by visiting the “Contract” tab on the Binance Smart Chain Scan website. Because no information about the team members is available, buyers should be wary of trusting the project.
The blockchain, cryptocurrencies and distributed apps (DApps) are exciting new technological developments with tremendous potential to create value for fintech. However, due to the nascent nature of the technology and the lack of appropriate regulation to protect consumers, many fraudsters are taking advantage of the hype to scam consumers. As it is so easy to create websites and social media accounts to impersonate legitimate players, it is important for you to be vigilant. This article chronicles our recent experiences with a scam that attempted to impersonate our NUS FinTech Lab. We hope that our experiences and the tools/techniques we used to identify the scam can also help you conduct sound due diligence when considering investing in cryptocurrencies.