Cybersecurity firm Check Point said it discovered a smart contract function called “setTaxFeePercent” that can reportedly change the contract’s buy and sell fees.
The research arm of cybersecurity software firm Check Point has flagged the Dingo Token (DINGO) as a “potential scam” after reportedly discovering a smart contract function that has been used to manipulate transaction fees.
In a Feb. 3 blog post, Check Point Research (CPR) said that after looking into the code behind the Dingo Smart Contract it had discovered a backdoor function, “setTaxFeePercent,” that can change the contract’s buy and sell fee by up to 99%.
This is despite the project’s whitepaper stating that there is only a 10% fee per transaction.
According to CPR, this essentially allows the project’s owner to withdraw up to 99% of the transaction amount whenever a user buys or sells the token.
In one case, the cyber security software firm observed a user who spent $26.89 to purchase 427 million Dingo Tokens but instead received 4.27 million, or $0.27 worth of Dingo Tokens.
The firm said it decided to investigate the Dingo Token project after seeing the token rise 8,400% this year, and found at least 47 instances of the function being used to allegedly scam token investors.
“We all know that 2022 was a hard year in the crypto market. However, when we saw a token raised by 8400% this year, we had to investigate the project and understand what was unique about it. We examined the Dingo Smart Contract and quickly found it seemed like a scam,” it wrote.
The firm also pointed to the Dingo Tokens website, saying that it has “no real information about the owners of the projects,” other than a four-page white paper.
“If you’ve incorporated crypto into your investment portfolio or are interested in investing in crypto in the future, you should make sure to only use known exchanges and buy from a known token with several transactions behind it,” the research firm wrote.
At time of writing, Dingo Token was ranked 298 on CoinMarketCap with a live market cap of $82,555,168.
Related: Sneaky fake Google Translate app installs crypto miner on 112,000 PCs
Cointelegraph reached out to the creators of Dingo Token for a response to the allegations but did not receive a reply before publication.
Users of Twitter and CoinMarketCap have also recently reported issues with the Dingo Token. Crypto trader IncredibleJoker said they could not sell their holdings in a Feb. 5 post.
@DingoToken when can I sell your scam coin?? My shit is worth $26,000 and I can’t sell any of them!!!!!!!!!!!
— IncredibleJoker (@IncredibleJ0ker) February 5, 2023
A Dingo Token moderator responded to the user’s Twitter post, asking the user to message them privately, but no further updates have been made public.
Meanwhile, on CoinMarketCap, user mraff1579 appeared to reference the backdoor function raised by CPR.
“Wow dont lislisten to send to new wallet they took 30 billion coins and only received 300 mil because of fraudulent tax wow ppieces of Shit. . I was going to send to deployed for coin but got screwed , pretty sure anything you do will result in lost of 99%,” the post said.