Spam, Spam, Spam...*
Tuesday is spam day here at chez Creepto. The mail lady delivers a big heap of catalogs, coupons, church invitations, and other assorted crap - and dumps it in our mail box. Whereupon we pick it all up, and deposit it in the recycle bin. EVERY Tuesday. Like clockwork. Garbage in, garbage out.
Turns out my Ethereum address, much like my real one, is target to scam, spam, and other forms of digital crap. I usually find out when looking at my address on Etherscan, and seeing that, sigh, another token I've never heard of was added to the dropdown.
It started 3 months ago with "Scatter token", that literally bills itself an "ER20 virus", and urges you to infect other people with it. You're supposed to send it around, but only to people who have Ether in their wallet (presumably so their addresses can be collected later, by following the token's contract address). How would you react if you found a letter in your mail asking you to send back a list of all the people you know who have money? Because that's what Scatter is.
Then came the ShitCoin known as KickCoin - you can read the full analysis in my previous post.
Today, I found 32,000 token from something calling itself Minereum. My hopes weren't up from the beginning - no one out there gives you free anything. Anyone who tells you differently is a scammer, or works for the government (but I repeat myself). I decided to investigate further.
After reading their various sites, announcing their "successful airdrop", and "First self-mining contract", I got down to the nitty-gritty in their How To page. You can spend (waste?) time reading, or read these bullets:
- Nearly 1.2 million addresses were polluted, pardon me, collected to be "Genesis addresses"
- "Genesis addresses" get 32K MNE.
- You start on "Level 1" (where are my pyramid scheme fans at?), which means you can't:
- transfer MNE
- sell MNE
- use MNE
- receive MNE
- destroy or transfer your Genesis address
- You can pay a fee (last I checked 0.1 ETH or around $16 at current prices) to transfer to "Level 2"
- On "Level 2" you still can't transfer, receive, sell etc., but you can "self mine" (you "mine" 1.84 MNE per day)
- Of course, once you pay another fee (another 0.1 ETH), you are finally welcome to "Level 3"! Then you can transfer the MNE and trade it on Minereum DEX (one assumes more fees will be assessed), but you still cannot receive MNE.
So ELI5 this scam: I give you some Monopoly money, I tell you that to use it, you have to pay me real money. I then tell you you can only use it in MY game, and that other players can't give you more Monopoly money directly - they have to pay me as well.
And lest you think these nice people are doing this from the kindness of their heart, I'd like to remind you that the price of minting a new ERC20 token is 0. You only pay gas fees for the initial contract minting. So they put in NOTHING, pollute our ETH addresses with their shit, and expect us to send them real ETH, for the price of being able to send them more ETH later.
Oh, and in case you're asking yourself: where do all those scammers collect all these addresses? Like leeches, they attach themselves to addresses of known contracts, DeFi protocols, games, etc. and collect addresses that they know are connected to real people with real money. Here, for example, is the address for the Publish0x Payout Wallet. Now you have the addresses of all of us who ever got some BAT.
- If you got it for free - it's not free
- If you need to pay to use it - it's scam
- If it asks you to forward it to your friend - run away
- It's about time we had a "Do Not Call" feature on the Ethereum Blockchain, so that we can weed these scammers out, and so that I'll have less material to write about
- And finally, these nice Minereum people urge you to "join the community" and contact them on Twitter, Telegram etc. (I'm not posting their links). I urge you to go on all these platforms, and tell them to go mine themselves.
If you’re a Publish0x user, who got BAT transfers, and your address shows that you got MNE, please comment below. I want to see if Publish0x deposits were the vector by which this spam began. If it is, we’ll need to figure something about preventing this in the future.