Fraudsters may use the excitement surrounding the Ethereum Merge to launch new scams targeting new crypto users, warned Steve Bassey, CEO of Police.
The Ethereum integration is expected to take place in the next 24 hours.
Speaking to Cointelegraph, Steve Bassi, founder and CEO of PolySwarm, said these scams could be fake ETH 2.0 tokens, fake mining pools and fake airdrops.
Police is also a decentralized cybersecurity marketplace that connects cybersecurity professionals with projects and companies using bonuses.
Fraud pools
Ethereum’s upgrade marks the transition from the current Proof-of-Work (PoW) consensus mechanism to Proof-of-Stake (PoS).
Bassey said that for many Ether (ETH) holders, joining a staking pool will be the only way to get a product from earning rewards if they don’t have the 32 ETH required to become an independent validator.
“Staking is a pretty new concept to most of the crypto community and unless you have 32 ETH lying around you will have to join one of the staking pools to profit from your ETH.”
Bassey, however, cautioned that integrated share providers “bear their own risk” because they often require users to deposit and relinquish control of their ETH.
Bassey said that first-tier vendors who “can come up with very catchy words” can do a “sudden carpet pull” that affects those who participate in the pool.
“This risk exists with DeFi platforms/pools and tokens today, but integration allows fraudsters to create a whole new universe of characters.”
Improve cheating.
One of the more recent threats involves fraudsters trying to trick users into signing fraudulent transactions or parting with their private keys in order to migrate to the new Ethereum chain.
Bassi reiterated that the upgrade to proof-of-stake should be transparent, noting that users don’t have to do anything to migrate or protect their ETH-based tokens:
“We see fraudsters trying to get users to sign fraudulent transactions and/or leak private keys by falsely pretending that the user needs to do something to migrate the chain.”
False air drops
Another potential attack vector comes in the form of “fake airdrops,” Bassey added — convincing users to sign marketing messages or visit phishing sites to receive a fake airdrop.
“ETH integration will be a good excuse for these scammers to pretend to be popular, economically viable, promising airdrops.”
“Those airdrops redirect users to a phishing site where they can abscond with their ETH, private keys, and/or transaction signature attempts.”
The Ethereum Foundation called the upcoming merger “the most significant update in the history of Ethereum” and urged users to be “highly vigilant” for scams that try to take advantage of users during the transition. He has repeatedly warned that there is no such thing as an ETH2 or ETH 2.0 coin.
Related: Vitalik Buterin Imitators Raise ETH Mining Ahead of Merger
The update is expected to be successful with most viewers, given the experience in previous testnets, but Bassey said there is still a chance that fraudsters or hackers will find a way to game the system.
“We don’t know if any group of fraudsters/hackers out there have already developed on-chain attacks or DDoS techniques that could be used after the merger when ETH 2.0 has the full economic value of ETH 1.0.
“If such an attack occurs, it could affect the chain and possibly the market as there are many smart eyes watching post-merger behavior. However, an attacker will likely want the opportunity to monetize any findings.