Webacy Investigates What's Really Behind Fraudulent PayPal USD Tokens

Webacy Investigates What's Really Behind Fraudulent PayPal USD Tokens

PayPal became one of the first global payment firms to introduce a dollar-backed stablecoin (PYUSD) last week. This marks a huge win for crypto and the adoption of peer-to-peer payments and data transfers.  

However, like many things in web3, bad actors took a swing at defrauding users by issuing fake multiple (66 to be exact - so far) tokens on various networks.

At Webacy, we believe in providing our users with valuable insights and knowledge to mitigate risk and enhance security. We ran these fake tokens through our Risk Score API – this is what we found.

TLDR:    

  1. Many addresses flagged as blacklisted
  2. False Token Names that don’t quite sound right 🧐:
  • "ElonUSDCtetherPYUSDdaiBUSD1Inu"
  • "USDCtetherPYUSDdaiBUSD1Inu"
  • "Magic Paypal Money"
  • "Stable PAL"
  • "HarryPotterObamaShadow7Inu"
  • "DanTetherUsdcDAIPierrePaypal1DollarInu"
  • "Pyongyang USD"

3. Total supply were a little suss

4. … and much much more!

All of the false addresses were (correctly) marked as suspicious through the Webacy Risk Score API. In addition to warning you to take a second look, our robust data intelligence can give you insights that could save your (or your user’s) bags altogether.

Get in touch with our team to leverage the entire Webacy Safety Suite to protect your company and/or your self-custody assets.

For you extra curious cats, read on to glean detailed insights into the false contracts.

Digging Deeper...

Many of the contracts attempted to deceive users by having a similar token name or symbol. “PYUSD” was utilized multiple times, along with variations of “PayPal” and “USD” to deceive traders.

Here are some examples:

Contract: 0xe0a8ed732658832fac18141aa5ad3542e2eb503b
"token_name": "PayPal USD"
"token_symbol": "PYUSD"
Other flags: oddly low holder count, also flagged as blacklisted among other scam-signaling factors
Contract: 0xa33ef369a9cc634efa106991290ff8973b31d466
"token_name": "PayPal USD"
"token_symbol": "PYUSD"
Other flags: oddly low holder count, also flagged as blacklisted among other scam-signaling factors
Contract: “0x64328c17ca6fed43d5b4c24da3792e71598c2685":
"token_name": "PYUSD"
"token_symbol": "PYUSD"
Other flags: oddly low holder count, total supply low, also flagged as blacklisted among other scam-signaling factors

Some of the contracts were not flagged immediately as blacklisted addresses, yet our data analysis flagged other aspects of the smart contract. Here are some examples:

Contract: 0x208996f3bf71f57df92ff0fea7f4e287aa569ea0
"token_name": "PAYPAL USD"
"token_symbol": "PYUSD"
Other flags: oddly low holder count, total supply was questionable, all capitalization, among other scam-signaling factors

In some instances, the mistake may be a matter of token symbol crossover. Just like how FORD (Forward Industries) stock goes up any time Ford Motor makes big news, some contracts may be flagged as malicious when in fact there was an unfortunate overlap in naming.

Take the below contract for example:

Contract: 0x5bb50ac8f117965d3771003b40ca36016cdbb9c7
"token_name": "Pyongyang USD"
"token_symbol": "PYUSD"
Other flags: oddly low holder count, no other major critical findings, not blacklisted

It could be a misnomer, or a simple accident.

We found ourselves giggling a few times when components of a smart contract signaled a creator with a sense of humor:

Contract: 0x155dc74a005433ec5f496980e0d17259acee361f
"token_name": "PYUSD"
"token_symbol": "PYUSD"
"total_supply": "420690000"

Nice.

Another one:

Contract: 0x4d84ef85274f873f9d08de44fe5e7670fc1f244e
"token_name": "DanTetherUsdcDAIPierrePaypal1DollarInu"
"token_symbol": "PYUSD"
"total_supply": "111111111111"
Other flags: signs of centralized contract control
Contract: 0xc2dd6a37f1692b2f7e794ab8bdac5493d2f1ac6d
"token_name": "HarryPotterObamaShadow7Inu"
"token_symbol": "PYUSD"

Across all the token contracts we evaluated, one thing is clear: we’re proud that the Webacy Risk Score API correctly flagged and delivered insights on all false PYUSD contracts.

We are incredibly grateful to our partners who are already leveraging Webacy’s powerful insights. If you’d like to leverage these insights for your business or personal crypto asset management, please get in touch!