PolySwam CEO Steve Bassi has warned that scammers may take advantage of the excitement surrounding the Ethereum merger to launch new scams targeting novice crypto users.
The Ethereum merger is expected to take place within the next 20 hours.
In an interview with Cointelegraph, PolySwarm founder and CEO Steve Bassi said that these scams can come in the form of fake ETH 2.0 tokens, fraudulent mining pools, and fake airdrops.
PolySwam is a decentralized cybersecurity marketplace that connects cybersecurity experts with projects and companies through the use of bounties.
Fraudulent Staking Pools
This Ethereum upgrade marks the transition from the current proof-of-work (PoW) consensus mechanism to proof-of-stake (PoS).
For many ETH holders, joining a staking pool will be the only way for them to benefit from staking rewards if they don’t hold the 32 ETH required to become an independent validator, Bassi said.
“Staking is a fairly new concept to most people in the crypto community, and unless you have 32 ETH, you’re going to have to join one of those staking pools to earn from your ETH.”
However, Bassi warned that syndicated staking providers “carry their own risks” as it typically requires users to deposit ETH and relinquish control of it.
New staking providers “may offer very attractive terms,” Bassi said, but could “rug pull suddenly,” affecting participants in the pool.
“This risk currently exists in DeFi platforms/pools and tokens, but the merger will give scammers a new world of roles.”
upgrade scam
One of the more immediate threats is scammers trying to trick users into signing fraudulent transactions or giving up their private keys under the guise of migrating to a new ethereum chain.
Bassi reiterated that upgrading to proof-of-stake should be transparent, with users not required to do anything to migrate or save their ethereum-based tokens, stating:
“We will likely see scammers attempting to get users to sign fraudulent transactions and/or reveal private keys under the false pretense that they need to do something to migrate the chain.”
fake airdrop
Another possible attack vector, Bassi added, would come in the form of a "fake airdrop" -- convincing users to sign a transaction or visit a phishing site in order to receive a fake airdrop.
“The ETH merger would be a good excuse for these crooks to masquerade as a well-known, economically valuable project promising an airdrop.”
"These airdrops may redirect users to a phishing site where they may be scammed out of their ETH, private keys, and/or in an elaborate transaction signing attempt."
The Ethereum Foundation called the upcoming merger "the most significant upgrade in the history of ethereum," and urged users to remain "extremely vigilant" against scams trying to take advantage of them during the transition. It has repeatedly warned that there are no so-called ETH2 or ETH 2.0 tokens.
Most onlookers expect the upgrade to be successful given experience with previous testnets, but Bassi said it is still possible that scammers or hackers will find a way to attack the system.
“We really don’t know if there is a group of scammers/hackers who have developed attacks or DDoS techniques against the Ethereum chain that they can use post-merger when ETH 2.0 has the full economic value of ETH 1.0.”
“If such an attack did occur, it would likely only temporarily affect the Ethereum chain, and possibly the market, as there are many bright eyes watching post-merger behavior. However, attackers may be looking for opportunities to exploit any findings Profit."
Joy
Zoey
Beincrypto
Bitcoinist
Cointelegraph