introduce

With the rapid development of Web3, more and more users are beginning to enter this industry and invest. Among them, in the on-chain investment industry, meme coins have become the most popular and attractive investment object among users.

Meme coins have the characteristics of fast issuance, high rise and fall, and anonymity of the issuer. However, a large number of fraud gangs have taken advantage of users' enthusiasm for meme coins, disguised themselves as meme coins, and launched a large number of fraudulent activities against users on the chain. These criminals take advantage of the characteristics of smart contracts to design various risky tokens, trick users into investing and then make illegal profits by triggering program code backdoors and other methods. These risk tokens typically have the following characteristics:

  • The contract creator has the authority to issue unlimited additional issuances;

  • Users can only buy but cannot sell;

  • Malicious black and white list settings;

  • Transaction taxes can be maliciously tampered with, etc.

Once users purchase these tokens, they are likely to suffer irreparable losses of funds. In order to deal with the increasingly serious risk of fraud, it is particularly important to identify and warn of risky tokens.

This article will analyze the situation of risky tokens on five popular Ethereum Layer2 networks (Base, Arbitrum, Optimism, Blast, Mantle) in the past three quarters based on the GoPlus Security API and real on-chain data, with a view to providing Provide reference and warning to users.

Method description

Data Sources

  • GoPlus Security API

GoPlus Security API is an open, license-free Web3 security data API service provided by the GoPlus team for Web3 developers and end users. This service provides professional developers in the technology industry with the ability to protect their users and meet the security needs of C-side users.

The transaction data on each chain is mainly collected and queried through DUNE.

Analytical method

Based on the GoPlus Security API, we scanned a total of 564,180 potentially risky tokens on 5 Top Layer2 Chains (users called through products integrating the GoPlus Security API).

We conducted data analysis and visualization on the above suspected risky tokens based on DUNE, and formed an open source Dashboard, which displays three data indicators:

  1. the number of unique traders involved in suspected risky tokens

  2. the transaction amount involved in suspected risky tokens

  3. all suspected risky tokens contract addresses

The sample period of the data in this article is within the past three quarters. Specifically from August 1, 2023 to May 24, 2024. Since the Blast chain was launched in March 2024, its sample period begins in March 2024, but some ERC-20 tokens on its chain were issued in February 2024.

Risk Token Definition

The definition of risk tokens in this article mainly comes from Token Risk Classification (TRC). The detailed definition of each condition below can be found in TRC. Specifically, this article considers smart contracts that meet any of the following conditions as potential risk tokens.

  • Honeypot (TRC-001): This token has a "honeypot" mechanism, and users can buy it but cannot sell it.

  • OwnershipRetrieval (TRC-003): Token ownership may be retrieved maliciously.

  • AntiWhale (TRC-014): Token contracts can restrict transactions by large holders, and specific users may not be able to cash out freely.

  • TransferPausable (TRC-011): Token transfer can be paused, and user funds may be maliciously frozen.

  • SlippageModification (TRC-010): Token contracts can modify slippage at will, and users may suffer unpredictable losses.

  • BlacklistFunction (TRC-008): Token contracts can set up a blacklist, and specific users may not be able to transfer and trade freely.

  • WhitelistFunction (TRC-013): Token contracts can set up a whitelist, and specific users may not be able to transfer and trade freely.

  • TradingCooldown (TRC-016): Token contracts can set a trading cooling period, and users may not be able to conduct transactions in time.

  • SelfDestruction (TRC-006): The token contract can self-destruct, and the tokens held by the user may suddenly disappear.

  • ExternalCall (TRC-007): Token contracts can call external contracts, and there is a risk of being maliciously exploited.

  • PersonalSlippageModification (TRC-012): Slippage can be modified for specific users, and target users may suffer targeted losses.

  • AntiWhaleModification (TRC-015): Transaction limits for large holders can be modified, which may further harm the interests of specific users.

  • BalanceManipulation (TRC-004): The token balance can be modified arbitrarily, and the number of tokens held by the user may suddenly change.

  • HiddenOwnership (TRC-005): The identity of the token owner is hidden, making it difficult to track the responsible party.

  • FullSaleRestriction (TRC-009): The token contract can completely restrict the sale, and the holder may not be able to cash out in time.

  • FullBuyRestriction: The token contract can completely restrict the purchase, and the holder may not be able to cash out in time.

  • NotOpenSource: The token contract code is not open source.

Base

The number of new tokens on the Base chain and the number of new suspected risky tokens

Image source: BlockBeats

In the past three quarters, a total of 573,484 ERC-20 tokens have been added to the Base chain, of which 381,790 new suspected risky ERC-20 tokens have been scanned, accounting for approximately 66.6%! That is, in the past three quarters, more than half of the newly issued ERC-20 tokens on the Base chain are suspected risk tokens.

The trend of the number of new ERC-20 tokens on the Base chain is to first decrease and then increase significantly. Especially since March 2024, the number of new ERC-20 tokens on the Base chain has increased significantly. In April 2024, the largest number of new ERC-20 tokens were added to the Base chain, reaching 240,000.

The number of new suspected risky ERC-20 tokens on the Base chain is highly positively correlated with the number of new ERC-20 tokens, and the trends of the two are similar.

Number of user addresses involved in suspected risky tokens on the Base chain

Image source: BlockBeats

Before March 2024, the number of addresses involved in suspected risky tokens on the Base chain was relatively stable, approximately in the range of 230,000-300,000. But overall, the number of addresses involved in suspected risky tokens on the Base chain is generally on an upward trend, slowly growing from 287,000 in August 2023 to 372,000 in February 2024. Since then, there have been sharp peaks, reaching 1.135 million and 1.994 million in March and April 2024 respectively. Although it has dropped to 1.301 million in May 2024, it is still much higher than the same period in 2023, and May 2024 is not over yet. It can be seen that as time goes by, the risk of fraud faced by users on the Base chain continues to increase.

Decision

The number of new tokens on the Arbitrum chain and the number of new suspected risky tokens

Image source: BlockBeats

In the past three quarters, a total of 95,203 ERC-20 tokens have been added to the Arbitrum chain, of which 85,633 new suspected risky ERC-20 tokens have been scanned, accounting for approximately 89.9%!

The number of new ERC-20 tokens on the Arbitrum chain is relatively stable and has a slight upward trend. From August 2023, there will be 8,520 new ones, and by April 2024, there will be 12,349 new ones.

Like the Base chain, the number of new suspected risky tokens on the Arbitrum chain is highly positively correlated with the number of new ERC-20 tokens, and the trend is consistent.

Number of user addresses involved in suspected risky tokens on the Arbitrum chain

Image source: BlockBeats

The number of addresses involved in suspected risky tokens on the Arbitrum chain shows a clear upward trend, especially between March 2024 and May 2024, when the number grew significantly. The number of addresses involved in suspected risky tokens on the Arbitrum chain increased from 36,000 in August 2023 to 3.78 million in May 2024, an increase of approximately 105 times!

Suspected risky tokens on the Arbitrum chain affected 3.78 million users in May 2024, seriously threatening the security of users' assets.

Optimism

The number of new tokens on the Optimism chain and the number of new suspected risky tokens

Image source: BlockBeats

In the past three quarters, a total of 73,737 ERC-20 tokens have been added to the Optimism chain, of which 70,089 new suspected risky ERC-20 tokens have been scanned, accounting for about 95%! That is, in the past three quarters, about 95% of the newly added ERC-20 tokens on the Optimism chain are suspected risk tokens!

The number of new ERC-20 tokens on the Optimism chain is also highly positively correlated with the new number of suspected risky ERC-20 tokens.

The changing trend of the number of newly added ERC-20 tokens is to increase first and then decrease. The chain in the previous article saw a significant increase in the number of new ERC-20 tokens during the cryptocurrency bull market from March to May 2024, while the number of new ERC-20 tokens on the Optimism chain was relatively small, with an average monthly growth Approximately 4,500 ERC-20 tokens.

Number of user addresses involved in suspected risky tokens on the Optimism chain

Image source: BlockBeats

The number of addresses involved in suspected risky tokens on the Optimism chain is significantly lower than the above two chains. Until March 2024, this volume fluctuates relatively little. From March to May 2024, the number of addresses involved in suspected risky tokens on the Optimism chain increased significantly.

Since the number of new suspected risky ERC-20 tokens on the Optimism chain was relatively small from March to May 2024, the number of addresses involved in suspected risky tokens increased significantly during this period. This phenomenon may be due to the former suspected risky tokens affecting a large number of users during the cryptocurrency bull market, or it may be due to the small number of newly added suspected risky tokens during this period affecting a large number of users.

Blast

The number of new tokens on the Blast chain and the number of new suspected risky tokens

Image source: BlockBeats

The Blast chain will be launched on the mainnet in March 2024, but transactions have already been carried out on the chain in February 2024, so there is only data from February to May 2024.

In the past three quarters, a total of 13,859 ERC-20 tokens have been added to the Blast chain, of which 12,608 new suspected risky ERC-20 tokens have been scanned, accounting for approximately 91%.

The number of new ERC-20 tokens on the Blast chain is on a downward trend. After the Blast chain's mainnet went online in March 2024, a large number of ERC-20 tokens were rapidly added, and then the number of new tokens gradually decreased. About 91% of the new ERC-20 tokens are suspected risk tokens.

Number of user addresses involved in suspected risky tokens on the Blast chain

Image source: BlockBeats

After the Blast chain mainnet was launched in March this year, users have grown rapidly and on-chain transactions have been active. Data shows that in March 2024, the number of addresses involved in suspected fraudulent contracts on the Blast chain was as high as 642,000, which is close to the 663,000 on the Optimism chain, indicating that transactions on suspected risky tokens on the Blast chain are very active. Before May is over, the number of addresses involved in suspected risky tokens has reached 218,000, which may reach a record high. As an emerging Layer 2 chain, the Blast chain has begun to suffer from fraud problems, which deserves a high degree of vigilance.

Mantle

The number of new tokens on the Mantle chain and the number of new suspected risky tokens

Image source: BlockBeats

In the past three quarters, a total of 5,645 ERC-20 tokens have been added to the Mantle chain, of which 3,801 new suspected risky ERC-20 tokens have been scanned, accounting for approximately 67.3%.

The proportion of new ERC-20 tokens on the Mantle chain and its new suspected risky ERC-20 tokens are both on a downward trend.

The number of new suspected risky tokens on the Mantle chain is the least among the five chains.

Number of user addresses involved in suspected risky tokens on the Mantle chain

Image source: BlockBeats

The number of addresses involved in suspected risky tokens on the Mantle chain is generally smaller, even lower than that of the newly launched Blast chain. However, the data shows that this indicator is generally on an upward trend, gradually rising from 1,519 to about 54,000, an increase of more than 35 times. Therefore, the problem of fraud on the Mantle chain also deserves high vigilance.

Summarize

Overall, the number of addresses involving suspected risky tokens in various Layer-2 Ethereum networks has grown rapidly, and the investment environment faced by users has become increasingly harsh. The data clearly shows that as the popularity of these networks increases, so does the risk of encountering scams, especially those related to meme tokens. This trend is evident in all analyzed networks. As the entire industry continues to evolve, we all need to remain vigilant and proactively guard against these threats. As an open, permissionless and user-driven Web3 modular user security layer, GoPlus Network provides users with full life cycle protection of transactions, leveraging decentralized user security networks and advanced AI-driven security. The solution can provide in-depth risk analysis and provide users with smart and efficient security services. If users encounter any security issues, we will do our best to help solve them.

[Disclaimer] There are risks in the market, so investment needs to be cautious. This article does not constitute investment advice, and users should consider whether any opinions, views or conclusions contained in this article are appropriate for their particular circumstances. Invest accordingly and do so at your own risk.

  • This article is reprinted with permission from: "Rhythm Blockbeats"

  • Original author: GoPlus