A new scam has appeared that tries to take advantage of the recent unsteadiness of the USDC stablecoin peg, by pretending to be a safe way for users to swap their USDC into Tether. In reality, attackers are draining ether from victims’ wallets.
On Tuesday, someone registered the domain name circle.blog, and began mocking up a convincing website with copies of previous news updates from the actual Circle page. The next day, the scammer posted their own update which announced a new, fictitious product called Circle Swap.
Circle Swap purported to be a partnership between Circle and TronDAO to create a new swap market between USDC and Tether, backed up with liquidity from TronDAO. The blog post linked to the supposed Circle Swap product on another domain, circledefi.center, which was registered on March 12.
The interface for this page is a copy of the Raydium application — but with its disclaimer removed and several of the links made non-functional, including the ‘docs’ page. The source for the application contains a file called ‘config.js’ which begins with the comment: “P***Y DRAINER @ Obfuscate this file with obfuscator.io,” apparently an instruction these users didn’t understand.
This file links to another address at hapewives.claims, which was registered to someone in Charlestown on the island of Nevis. Visiting that site reveals text that states: “Nothing to see pepe.”
Inside this file is also a wallet address, which Etherscan has already flagged for associations with a phishing scam. Approximately 74 ether have been sent to this address, from 80 unique addresses. 3.5 ether has been deposited in total since the fake blog domain was registered. At least some of the funds which have come out of this wallet have since been swapped through Uniswap and SideShift.
Another address is referenced in the scam, which has also been flagged by Etherscan as a phishing scam. It has received only 2.5 ether.
USDC depeg scam a stark reminder to exercise caution with DeFi
The scam seems to function by getting users to approve the website and then sign transactions which allow the attacker to remove their ether.
This serves as a good reminder that you need to be extraordinarily cautious when interacting with DeFi. Mistakes can be very costly, and often irreversible. Scammers look for opportunities, like a stablecoin depegging, where individuals may be more likely to make a rash decision and be taken in by one of these sites.