PeckShield Raises Security Alarm on Several Tokens
The Intelligent Insurer #50 — Security firm highlights over 50 potential rug pulls
Respected blockchain security company PeckShied has raised concerns over a significant security issue for investors on the Binance SmartChain. The company has listed over 50 potentially dangerous tokens with numerous vulnerabilities that can put investor funds at risk.
In the latest Intelligent Insurer, we detail the vulnerabilities highlighted by PeckShield and the risks they pose for investors. We also detail how investors can protect themselves from unforeseen dangers in the digital assets industry.
PeckShield lists potential rug pulls
PeckShield announced a list of potentially dangerous tokens on Twitter, posting a link to a spreadsheet containing the projects. Each project’s vulnerabilities were also identified as the security outfit warned users to be aware before choosing to interact or invest with them.
A significant criterion PeckShield used was examining the state of admin powers in each project. The listed projects had several red flags such as the ability to mint unlimited tokens, restrict token selling, and blacklist any account. Empowering the dev team and admins with such powerful capabilities goes against the ethos of decentralized ecosystems. In turn, this places the projects’ tokens in a position where they can be manipulated.
Rug pulls are just one security incident investors could suffer. Typically, the project team behind such incidents pumps token prices upward and subsequently leaves investors holding the bag as prices fall. Given the relatively anonymous nature of DeFi, tracing stolen funds and identities is nearly impossible. Thus, centralizing power in the hands of dev teams poses significant risks to investors.
Admins with extensive powers were behind the November 26th, 2021 rug pull on SnowDogDAO, the first memecoin launched on the Avalanche Network. In this case, a proposed buyback was hijacked by the admins of the project. While investors had difficulties accessing the platform, the admins carried out huge trades and made away with $30 million, leading to the project’s extinction. Investors, needless to say, had no recourse and could not recover their funds.
The Squid Game rug pull is another case characterized by extensive admin powers. Named after the popular South Korean Netflix series, the project marketed itself as a “play-to-earn” cryptocurrency. Within a few days, the token’s price surged by thousands of percent, sucking in investors who were perhaps enthusiasts of the series. The project admins later paused all activities, restricting investors from reselling their tokens before absconding with an estimated $3.38 million.
Investors need to take extra care
Peckshield’s list contains other red flags that investors must watch out for. For instance, the list consists of projects named after the 45th President of the United States Donald Trump. Other projects mimic the names of popular stocks such as Amazon, Google, and ARK Invest. Lastly, memecoin projects are plentiful, with many choosing to mimic DOGE’s theme and list names such as “Floki.”
Discerning investors will likely spot such obvious scams and understand the need to conduct deep research into projects. However, the technical nature of DeFi projects don’t lend themselves well to simple analysis. Code vulnerabilities continue to exist, and even Peckshield’s extensive list cannot unearth these risks.
For instance, the highly reputed Poly Network suffered a hack due to a code vulnerability on August 10th, 2021. Investors lost $600 million due to a bug that enabled hackers to overwrite a smart contract on the Network’s protocol. This was a project that was audited and had the highest credentials possible in the DeFi space. Yet, investors suffered regardless.
Digital asset security solutions are still nascent, and investors continue to bear the brunt of security lapses. Due diligence can only highlight so many risks. Digital asset insurance solutions such as Insured Finance provide robust protection for DeFi and crypto investors. For times when due diligence is not enough, the cover provided by Insured Finance makes sure that you will not lose your investment.
About Insured Finance
Insured Finance is a decentralized, peer-to-peer insurance marketplace. Users can request customized insurance on a wide variety of digital assets, thereby ensuring full protection. Those fulfilling requests can earn premiums and earn a competitive return on their capital. Claims are fully collateralized and settled instantly.