Steve Bassi, CEO of PolySwam, warned that scammers will likely use the excitement surrounding the Ethereum Merge in order to launch new scams targeting newbie crypto users.
The Ethereum Merge is expected within the next 24hrs.
Steve Bassi, PolySwarm’s founder and CEO, spoke to Cointelegraph about the possibility of scams such as fake ETH 2.0 tokens and fraudulent mining pools.
PolySwam, a decentralized cybersecurity marketplace, connects cybersecurity experts with projects and companies via the use of bounties.
Fraudulent staking pool
The Ethereum upgrade marks the change from the current proof of work (PoW), consensus mechanism, to proof-of stake (PoS).
Bassi stated that many Ether (ETH), holders will only be able to reap the rewards of staking if they do not have 32 ETH.
“Staking” is a new concept in crypto. If you don’t have 32 ETH, you will need to join one the staking pool to get a return on your ETH.
Bassi warned however that pooled staking providers “carry your own risk” because it often requires users deposit and to give up control over their ETH.
Bassi stated that upstart staking companies, which may offer “very attractive terms”, could “sudden carpet pulls” that would impact those who are part of the pool.
“This risk exists today with DeFi tokens/pools and tokens. But the Merge will allow scammers a new universe of characters to work with.”
Scammers are trying to con users into signing fraudulent transactions, or giving away their private keys in the hope of migrating to Ethereum.
Bassi reiterated the fact that proof-of-stake upgrades should be transparent and users shouldn’t have to do anything to migrate their ETH-based tokens or keep them safe.
Scammers will likely try to convince users to sign fraudulent transactions or leak private keys. This is based on the false pretense that they need to move chains.
Bassi also mentioned that “fake Airdrops” are another attack vector. These fake airdrops will convince users to visit phishing websites or sign transaction messages in order to get bogus airdrops.
These scammers will use the ETH Merge as a reason to pretend that they are promoting airdrops for well-known and economically valuable projects.
“Those airdrops are likely to redirect users to an phishing website where they might be fleeced of their ETH and private keys, as well as crafted transaction signature attempts.”
The Ethereum Foundation called the Merge the “most important upgrade in the history Ethereum” and urged users to be vigilant for scammers trying to exploit them during the transition. It repeatedly warned that there is no ETH2 or ETH2.0 coin.
Related: Vitalik Buterin impersonators increase ETH phishing ahead Of The Merge
Most people expect the upgrade to be a success given the experience with the previous testnets. However, Bassi stated that there may still be scammers or hackers who have managed to hack the system.
“We don’t know if there are any scammers/hackers who have already created an attack or DDoS strategy against the chain that can be used post Merge, when ETH 2.0 has the economic value of ETH 1.0.
“An attack like this would likely only temporarily affect the chain, and possibly the market, as there are many smart eyes monitoring behavior post-Merge. An attacker will most likely seek the opportunity to monetize any discovered discoveries.