Crypto security researchers are raising the alarm over a new kind of memecoin that is able to bypass scam filters on popular trading data sites that monitor scams.

“What we’re seeing here is a growing sophistication of scam tokens in avoiding detection techniques,” Michael Lewellen, head of Solutions Architecture at OpenZeppelin, told DL News.

The token, which trades under the ticker REPUBLICAN, appears unassuming on the surface.

Yet buried within is a crafty piece of code that lets its programmer withdraw REPUBLICAN tokens straight out of any crypto wallet holding them.

Traders swap Ether for REPUBLICAN on decentralised exchanges only to have the tokens they just bought transferred away. The code also secretly gives its creator a near infinite balance of the token.

The malicious memecoin was first spotted by an X user called yourfriend_btc on Wednesday before being shared by other accounts.

🚨 SCAM ALERT:

Malicious $REPUBLICAN token contract on Base

Contains hidden code that BYPASSES token allowances. The contract can move $REPUBLICAN out of YOUR wallet without permission.

⚠️Worst of all, it looks LEGIT on Dexscreener. ⚠️

— yourfriend_🅱️TC_🎹😹 (@yourfriend_btc) October 30, 2024

It’s not clear how much the scammer has profited. Traders have so far bought and sold over $408,000 worth of the memecoin, according to Dex Screener, a popular trading data site.

What’s more, because the fraud is easy to replicate and difficult to spot, it may only be a matter of time before similar scam tokens claim more victims.

Obscuring backdoors

Newly launched memecoins that contain malicious code aren’t usually an issue for savvy crypto traders.

Security tools can automatically scan the code of new tokens to check for traps.

But audits from three such tools on Dex Screener showed no issues with the REPUBLICAN token. Dex Screener cautions that such audits may not be 100% accurate.

“The industry has recently gotten better at quickly detecting these types of exploits using real-time monitoring solutions,” Lewellen said. “Knowing this, scammers are now resorting to obscuring backdoors.”

To avoid detection, the person who programmed the REPUBLICAN token wrote extra snippets of malicious code in assembly language — a programming language that is used to communicate more closely with underlying machine code.

Assembly language code is harder to interpret, making it more difficult to detect if it contains malicious properties, Lewellen said.

In the past, malicious tokens have cost traders dearly.

A scam token named after the Netflix show “Squid Game” stole $2.5 million from traders in 2021. The token contained code that prevented buyers from selling it so it could only increase in value.

Such so-called honeypot tokens are less of an issue today because security tools on sites like Dex Screener make them easy to spot.

According to Lewellen, monitoring solutions should be in place before too long to identify the assembly language obfuscation technique.

Then, Lewellen warned, scammers will get to work finding other, more creative ways to hide their intent.

Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at tim@dlnews.com.