Cryptocurrency is a new distribution in the financial industry. Transparency and security are the core element in a crypto project which is much lacking in the traditional financial industry.

Recently we have seen many scams, rug pulls, and honey pots both in ROI Dapps and Defi protocols within the cryptocurrency sector. Today, we’re going to look into a common issue which is called an Exit Scam.

 

 

What are exit scams?

There are 3 classic Exit scams that commonly happen in the ROI DAPP sector. Below are 2 common scenarios that are frequently used by project owners/developers

 

1. Owner Acts
   In this situation, the project owner deposits a large amount into the project either before the launch date or upon launch of the project, a large amount is invested into the project. Indirectly, this will portray an impression, that the project is solid and stable, which users will have “extra confidence” to invest, knowing that there is a large amount in the contract balance
   
   When the balance is sufficient and when the owner’s invested amount has reached its maturity period, they’ll withdraw all their investment, which will cause a huge dent in the contract balance.
   
   This will, directly and indirectly, cause panic and investors will start performing panic withdrawal. Most of the time, in this situation, the project will last a minimum of 24 hours and a maximum of 48 hours.
   
   
    
2. Codded scripts
   When a ROI Smart Contract is deployed, and the project is not audited, there are high (almost 99.99%) either the project owner or developer(s) of the project had embedded and malicious code to withdraw all the funds from the project (smart contract) when they decide to shut it down (which usually, after their targeted amount of money in crypto is achieved)
   
   When the function is triggered, the entire amount in the smart contract balance will be withdrawn and sent to the project owner or the developer and no investors are able to withdraw after that since there won’t be any balance in the smart contract for withdrawal

 

 

DAPP Mirror Effect

This is the third scenario that does happen but is not as frequent as the 2 scenarios above. So, what is a Mirror Effect?

Here’s the outline view of what a DAPP Mirror Effect is.

1. A verified and audited contract is been deployed
2. After x number of days, the original verified and the audited contract is been replaced with an unverified and unaudited smart contract to perform an act of scam and unethical scenario

 

 

Mirror Effect Explained

Let’s understand how a project owner uses Mirror Effect to lure potential investors and then Rugg the entire project. This is a very unethical, gruesome, and heartless act of a project owner @ human towards their investors @ another human.

In the beginning, the project owner will deploy a smart contract that has no malicious codes or any scam scripts. This is done due to the fact that they need an audit report to back their project and to show to the community @ investors that their project is legit and has been audited by more than one audit company. Usually, they’ll choose reputable audit companies, like HazeCrypto that has a name in the current industry.

The twist here is, they will have the same smart contract built up but with a malicious code or backdoor ready to be deployed as well.

Now, once the project owners have received the audit report from the auditing company, they will do either of these two:-

1. They will not temper with anything for a while (maybe until the contract has 10 / 100 BNB) then they’ll swap the original verified and audited contract with the fake contract. Or,
2. Instant swap between the original verified and audited contract with the scam contract.

 

Scams / Backdoor On an Audited & Verified Project?

 
I believe this will be the next big question that you would want to know and ask. It doesn’t sound logical nor can your mind comprehend it but there is more than meets the eye.

One has to understand that the blockchain verifies a smart contract only. Auditing companies, verify the programing codes, in this case, Solidity. Neither the blockchain nor an auditing company conducts a check or audit on the following: -
1. Website speed/layout
2. Design / Video / Animation
3. Management of the project
4. Marketing & Promotions
5. Community growth

An auditing company checks the project's code once it’s been deployed on the blockchain. When all the necessary criteria are met, and no backdoors, malicious codes, or scam scripts are found, the audit company issues a report verifying that the project bearing the stated contract address is legit and no unethical or fraudulent activity is found.

The most important part here for you as an investor to understand and take note of is:-

You, as an investor, must always verify the project’s smart contract address against the audit report’s details. When both the smart contract address is the same, it ensures that you are investing in the verified project, but if you notice a difference, please do not invest as 99.99% it's going to be a fraudulent act of play.
 

---

Now, that you have a comprehensive understanding of how Mirror works, let's have a look at the recent scam happenings with a project called BNBMatrix.

1. The owners/developers created and deployed a smart contract that was free of backdoors, malicious codes, and scam scripts
2. They got the smart contract audited by audit companies
3. Upon receiving the audits, they swap the interface of the website to the unverified and unaudited smart contract
4. Investors invested in the unverified contract and none actually verified the smart contract they are investing in with the smart contract address in the audit report
5. The funds were withdrawn in the pretax that investors withdrew the profits
6. A few days prior to the incident, a second version of the same project was created and deployed
7. HazeCrypto identified the issue when many complaints came in
8. A scam announcement was created and posted and the owners, quickly got the smart contract verified and wanted an audit report from HazeCrypto
9. They were rejected by HazeCrypto because they had acted unethical and conducted their business unethically and scammed many users’ who trust them

 

Learn – Read – Understand

 

The only way to be competitive and also avoid being scammed or rug pulled is to get yourself educated about those topics. A few things you as an investor should take into consideration before investing in a ROI Dapp:-

1. Always look for an audit report. Verify the contract address that you’re going to invest vs the contract address at the audit report
2. PDF/whitepaper of the project is something you have to study and understand. Without understanding the details and how the project works, don’t invest.
3. Ensure that the group is active or a moderator/admin is there to answer your questions/doubts

 

For any doubts or any related issues about a project which has been audited by HazeCrypto, please feel free to ask at our telegram community group.