Newly Discovered ‘SleepDrop’ Attack Puts Your ETH at Risk

Members of the Forta network have discovered a new type of cryptocurrency scam dubbed the “Sleepdrop,” which has affected a significant number of users. The scam involves the presence of unexpected tokens from a seemingly legitimate contract in users’ wallets. Users who do not avoid such airdropped tokens are at grave risk.

The Forta network sent out a tweet on Thursday warning about the Sleepdrop. According to Forta, this scam operates by imitating the appearance of a genuine token through a technique similar to “sleepminting” of NFTs. But the bad actors specifically target ERC-20 tokens. So far, the scammers have impersonated tokens from Uniswap, Chainlink, Lido, Circle, and others.

Forta Announces a Bounty to Thwart Sleepdropping

To deceive unsuspecting users, the scammers airdrop the fraudulent token to multiple individuals. By making this transfer, it appears as if the tokens come directly from the authentic contract.

Upon connecting their wallet to the website, users sign a transaction that appears to link them to a decentralized application (Dapp). However, unbeknownst to the users, this transaction actually invokes the connect function of the contract, resulting in the transfer of a small amount of ETH.

Scammers will then use an ice phishing attack to trick victims into exchanging their new tokens with the main legitimate tokens, and the smart contract will steal ETH from the victim’s wallet.

Forta, which first noticed the scam, is a Web3 security solution and real-time detection network that monitors blockchain activity. The network is made up of a decentralized network of independent node operators who scan transactions and block changes for potential threats.

Since the discovery, the Forta community has compiled a list of Sleepdropper addresses and scam URLs that present a risk. On Friday, it announced a bounty to detect Sleepdropping. The Forta Foundation will cover initial Bot deployment costs, including staking. The prize will be paid out in the FORT token.

Ivan Spanier, a Forta Foundation member and discoverer of the Sleepdrop scam, spoke with BeInCrypto about the risks that this new type of fraud poses. In Spanier’s view, it is a “uniquely insidious” scam.

“Interacting with a Sleepdrop contract almost always ends with a drain of native tokens in all cases. To be clear, airdrops always have to be claimed from verified contracts and from official sites,” Spanier said.

“Under no circumstances should users interact with such airdropped tokens, even if it appears to have been sent by the official team,” he added.

Crypto Crime Still Less Than 1% of Total Volume

This new kind of attack is just one of many tricks scammers use to steal your cryptocurrency. But despite constantly emerging threats, you are still relatively safe.

According to the 2023 Chainalysis Crypto Crime Report, Illicit transaction volume reached a record high of $20.6 billion in 2022. Marking the second consecutive year of growth despite the market downturn.

However, it’s important to note that illicit activity in the cryptocurrency space represents less than 1% of total transaction volume. Additionally, while a significant increase took place this year, the proportion of crypto-related crime is actually decreasing over the long term.