Simple Science

Cutting edge science explained simply

# Computer Science# Cryptography and Security

Understanding Trapdoor Tokens in Cryptocurrency

Learn about Trapdoor tokens and the risks they pose to investors.

― 6 min read

Trapdoor Tokens: ATrapdoor Tokens: AGrowing Threathidden scams.Trapdoor tokens trap investors with
Table of Contents

In recent years, the rise of cryptocurrencies has led to the emergence of various scams, particularly on decentralized exchanges (DEXs) like Uniswap. One of the most alarming forms of these scams is known as Trapdoor tokens. These tokens have caused significant financial losses for many investors, amounting to hundreds of millions of dollars from 2020 to 2023.

Trapdoor tokens are designed to allow users to buy them easily but block them from selling. This is accomplished by embedding logical bugs or specific features in the smart contract code, making it difficult for users to receive their money back after investing. In this article, we will explore the characteristics of Trapdoor tokens, how they function, and the risks they pose to investors.

What Are Trapdoor Tokens?

Trapdoor tokens are digital tokens that give the impression of being profitable investments. They entice users into buying them with the promise of high returns. However, once an investor has purchased a Trapdoor token, they soon find that they cannot sell it back to recover their funds. This is due to the malicious coding within the token's smart contract, which prevents any selling activities.

The scam works as follows: investors buy the token using a well-known and valuable cryptocurrency. Once the investment is made, the scammer can withdraw all the valuable tokens from the Liquidity Pool, leaving investors with worthless Trapdoor tokens.

How Trapdoor Tokens Work

The operation of Trapdoor tokens involves several steps:

  1. Deployment: A scammer creates a Trapdoor token and launches it on the blockchain, along with a liquidity pool that pairs the Trapdoor token with a high-value token.

  2. Purchasing: Investors are encouraged to buy the Trapdoor token by transferring the high-value token into the liquidity pool. Often, the buying fee is set low to attract more investors.

  3. Rising Value: As more investors buy into the Trapdoor token, its value seems to increase. However, the investors are unable to sell their tokens as intended.

  4. Withdrawal: The scammer then removes all the high-value tokens from the liquidity pool, disappearing with the investors' money.

Differences Between Trapdoor and Other Scams

Trapdoor scams are often confused with similar scams, such as Honeypots or Rug-pull scams. Here's how they differ:

  • Honeypots: These scams lure in more experienced investors by showing a vulnerability in the smart contract that looks exploitable. When investors try to take advantage of this vulnerability, they find it was a trap.

  • Rug-pull scams: These are broader scams where scammers lure investors into buying tokens, then vanish with the funds. In contrast, Trapdoor tokens specifically prevent investors from selling the tokens.

The Impact of Trapdoor Tokens

The financial impact of Trapdoor tokens is significant. Research has shown that over 50,000 unique investors have lost money due to these scams. Some of the losses are staggering, with the top three scams alone accumulating more than 6,992 ETH in losses.

Building a Dataset of Trapdoor Tokens

To better understand Trapdoor tokens, a team of researchers developed a dataset containing 1,859 verified Trapdoor tokens from Uniswap. The process of building this dataset involved:

  1. Data Collection: Researchers gathered all token addresses from Uniswap, examining over 131,000 unique tokens.

  2. Filtering: Tokens were filtered based on specific criteria, such as the absence of selling transactions and a high percentage of buying to selling activity.

  3. Verification: Each token was manually assessed through simulated buying and selling to confirm its Trapdoor nature.

  4. Analysis: The collected tokens were analyzed to identify common characteristics and techniques used by scammers.

Techniques Used in Trapdoor Tokens

Trapdoor tokens employ several coding techniques to trap investors. These can be classified into three main categories:

  1. Conditional Assertions: These techniques involve coding conditions that must be met for a sell transaction to succeed. If a user doesn't meet the conditions, the transaction fails.

  2. Trading Fee Manipulation: In this method, scammers set excessively high fees for selling the tokens. This effectively drains users' funds each time they try to sell.

  3. Numerical Exceptions: Scammers induce errors that prevent transactions from completing, often by manipulating values in the contract. These errors can result from incorrect calculations, which block users from successfully selling their tokens.

Analyzing Trapdoor Techniques

Scammers create traps in various ways, often making them difficult to detect. Some of the common mechanisms employed include:

  • Using Flags: Scammers may implement boolean variables that can be toggled to activate or deactivate sell privileges.

  • Setting Limits: Restrictions on the number of tokens that can be sold at a time can also be employed, blocking users from liquidating their assets.

  • Blacklists and Whitelists: Scammers may maintain lists of addresses that are allowed or denied the ability to trade tokens, controlling who can sell and who cannot.

  • Misleading Code: The use of dummy functions and vague error messages can help obscure the true intentions of the smart contract, leaving investors confused about why their transactions fail.

The Dangers of Trapdoor Tokens

The dangers of Trapdoor tokens extend beyond individual investors. These scams erode trust in the cryptocurrency market as a whole and can deter potential investors from participating in decentralized finance. The lack of regulatory oversight in the DEX space creates an environment ripe for exploitation, allowing scammers to thrive while investors remain vulnerable.

Preventing Trapdoor Token Scams

Investors can take several steps to protect themselves from Trapdoor tokens and similar scams:

  1. Research: Before investing in a token, conduct thorough research on its creator, project, and code.

  2. Check Token Transactions: Look for warning signs, such as an unusual lack of selling transactions or excessive fees.

  3. Use Verification Tools: Leverage available tools and platforms that analyze Smart Contracts for potential risks.

  4. Stay Informed: Keep up with trends and news about cryptocurrency scams to stay ahead of new tactics employed by scammers.

Conclusion

Trapdoor tokens represent a serious threat to investors in the cryptocurrency space. By understanding how they work, the techniques employed by scammers, and the risks involved, investors can better safeguard their assets. The combination of awareness and caution is crucial for navigating the ever-evolving landscape of decentralized finance. While the allure of potential profits in the crypto market is strong, it's essential to remain vigilant against scams designed to exploit the unwary investor.

Original Source

Title: From Programming Bugs to Multimillion-Dollar Scams: An Analysis of Trapdoor Tokens on Uniswap

Abstract: We investigate in this work a recently emerged type of scam ERC-20 token called Trapdoor, which has cost investors billions of US dollars on Uniswap, the largest decentralised exchange on Ethereum, from 2020 to 2023. In essence, Trapdoor tokens allow users to buy but preventing them from selling by embedding logical bugs and/or owner-only features in their smart contracts. By manually inspecting a number of Trapdoor samples, we established the first systematic classification of Trapdoor tokens and a comprehensive list of techniques that scammers used to embed and conceal malicious codes, accompanied by a detailed analysis of representative scam contracts. In particular, we developed TrapdoorAnalyser, a fine-grained detection tool that generates and crosschecks the error-log of a buy-and-sell test and the list of embedded Trapdoor indicators from a contract-semantic check to reliably identify a Trapdoor token. TrapdoorAnalyser not only outperforms the state-of-the-art commercial tool GoPlus in accuracy, but also provides traces of malicious code with a full explanation, which most of the existing tools lack. Using TrapdoorAnalyser, we constructed the very first dataset of about 30,000 Trapdoor and non-Trapdoor tokens on UniswapV2, which allows us to train several machine learning algorithms that can detect with very high accuracy even Trapdoor tokens with no available Solidity source codes.

Authors: Phuong Duy Huynh, Thisal De Silva, Son Hoang Dau, Xiaodong Li, Iqbal Gondal, Emanuele Viterbo

Last Update: 2024-12-19 00:00:00

Language: English

Source URL: https://arxiv.org/abs/2309.04700

Source PDF: https://arxiv.org/pdf/2309.04700

Licence: https://creativecommons.org/licenses/by/4.0/

Changes: This summary was created with assistance from AI and may have inaccuracies. For accurate information, please refer to the original source documents linked here.

Thank you to arxiv for use of its open access interoperability.

Reference Links
Referenced Topics

More from authors

Similar Articles