Cybersecurity firm Check Point said it discovered a smart contract function called “setTaxFeePercent” which can reportedly change the contract’s buy and sell fees.
The research arm of cybersecurity software firm Check Point has flagged the Dingo Token (DINGO) as a “potential scam” after reportedly discovering a smart contract function that has been used to manipulate transaction fees.
In a Feb. 3 blog post, Check Point Research (CPR) said it looked into the code behind the Dingo Smart Contract, discovering a backdoor function “setTaxFeePercent,” which can change the contract’s buy and sell fee up to 99%.
This is despite the project’s whitepaper stating that there is only a 10% fee per transaction.
According to CPR, this essentially allows the project’s owner to withdraw up to 99% of the transaction amount whenever a user buys or sells the token.
In one case the cyber security software firm observed a user who spent $26.89 to purchase 427 million Dingo Tokens but instead received 4.27 million, or $0.27 worth of Dingo Tokens.
The firm said it decided to investigate the Dingo Token project after seeing the token rise 8,400% this year, and found at least 47 instances of the function being used to allegedly scam token investors.
“We all know that 2022 was a hard year in the crypto market. However, when we saw a token raised by 8400% this year, we had to investigate the project and understand what was unique about it. We examined the Dingo Smart Contract and quickly found it seemed like a scam,” it wrote.
The firm also pointed to the Dingo Tokens website, noting that it has “no real information about the owners of the projects,” other than a four-page whitepaper.
“If you’ve incorporated crypto into your investment portfolio or are interested in investing in crypto in the future, you should make sure to only use known exchanges and buy from a known token with several transactions behind it,” wrote the research firm.
As of writing, Dingo Token is ranked 298 on CoinMarketCap with a live market cap of $82,555,168.
Related: Sneaky fake Google Translate app installs crypto miner on 112,000 PCs
Cointelegraph reached out to the creators of Dingo Token for a response to the allegations but has yet to receive a reply before publication.
Users of Twitter and CoinMarketCap have also recently reported issues with the Dingo Token. Crypto trader IncredibleJoker said they could not sell their holdings in a Feb. 3 post.
@DingoToken when can I sell your scam coin?? My shit is worth $26,000 and I can’t sell any of them!!!!!!!!!!!
— IncredibleJoker (@IncredibleJ0ker) February 5, 2023
Dingo Token responded to the user’s Twitter post, asking the user to message them privately, but no further updates have been made public.
While on CoinMarketCap, user mraff1579 appeared to reference the backdoor function raised by CPR.
“Wow dont lislisten to send to new wallet they took 30 billion coins and only received 300 mil because of fraudulent tax wow ppieces of Shit. . I was going to send to deployed for coin but got screwed , pretty sure anything you do will result in lost of 99%,” the post said.