Staying Safe

How to Trade Memecoins Safely—3 Examples of Common Scams

By The Fire Team
Popular Memecoins like Pepe, Shiba Inu, and Dogecoin

How To Stay Safe When Trading Memecoins

What’s the $PEPE price? Does $TURBO have another 2x in it? If there’s any meta (the type of projects/tokens people talk about the most) in web3 right now, it’s memecoins. If you’re not aware, memecoins are tokens (mostly) without utility, governance rights or any other purpose but to have fun. 

And to many in crypto, nothing is more fun than trading (and hopefully making a profit). If you’ve been in web3 for long enough, you’ve seen this before—both Dogecoin and Shiba Inu skyrocketed in value—mostly because it was funny.

Right now, there are two new cool memecoins: 

  • $PEPE was launched to “make memecoins great again”, promising fun and memes.
  • $TURBO was launched by artist Rhett Mankind, who worked with AI language model GPT-4 to launch the next great memecoin.

Both coins have skyrocketed in price and market cap, which created profits for early holders and attracted traders. But as we explained in our last article, scammers love when people get greedy and FOMO into decisions. That’s when traders let their defenses down.

And we don’t want to stop you from memecoining. It’s crypto! You have the freedom to do what you want! But we don’t want you to lose your assets in a rushed decision.

That’s why we’re writing this article. We want to help you stay safe when you trade $PEPE, $TURBO or any other memecoin. We’ll start by explaining the mechanics of how traders get scammed when buying/selling memecoins and then give you 3 examples of what that might look like.

Let’s start with how most scams around tokens work in the first place.

How Malicious Token Approvals Enable Scams

Token approvals are basically allowances you give to a smart contract. If you have 10 ETH in your wallet and give a smart contract an allowance of 1 ETH, it can send that ETH (or portions of it) anywhere.

This enables a ton of legit use cases: Take a DeFi lending protocol like Aave.You grant its smart contracts the power to shuffle your tokens around as needed to make transactions easy for everyone. 

But when you give bad actors token approvals, they won’t use that to enable decentralized lending—they’ll send your assets to themselves. That’s why getting token approvals is the most common way users scam people and take their assets.

They lure users into granting token approvals to dodgy contracts or fake tokens, then run off with the approved tokens from the victim's wallet.

The first step to staying safe is to install a transaction simulator like Fire and get warnings whenever a smart contract wants an approval. 

But when you’re used to signing transactions, you might just approve things out of habit—especially when you’re FOMOing into a memecoin! 

That’s why we want to share 3 common ways people get scammed when trading memecoins:

Stay Away From These: 4 Common Memecoin Scams

There are 3 common places where bad actors love to collect token approvals. Always be suspicious of these: 

1) Copycat Tokens

This one isn’t always about token approvals, but about making you buy the wrong token. As the popularity of memecoins grows, so does the number of copycat tokens trying to ride on the coattails of their success. These tokens are designed to mimic memecoins like Shiba Inu, Dogecoin or $PEPE in name, logo, and branding. That way, they try to get you to believe you’re buying the original token. In the best case, you’re paying money for a fake token. 

But copycat token claims sometimes even request token approvals to trick you into granting them permission to spend your real tokens.

Look at the tweet below:

Tweet showing a copycat token of $pepe

The token claim may or may not be an outright scam, but this account is announcing a token claim without being the official account. Even if you buy these tokens and don’t lose your assets, they won’t be the real $PEPE tokens, which means you won’t benefit if $PEPE’s price increases.

2) Impersonation Websites

Fake websites look just like the official website of a memecoin. These impersonation websites might prompt you to connect your wallet and “buy” the tokens, but then ask you to grant token approvals, after which scammers can steal your assets. 

Always verify that you're on the correct domain before interacting with any website, especially when it comes to connecting your wallet or granting token approvals.

Compare these two pages. One is the official $PEPE page which links to exchanges to buy. The other wants you to connect your wallet and then requests approval for all of your assets.

Comparison images between the real and fake $pepe websites

It’s easy to mistake one for the other! There are subtle differences: Where the fake site wants you to connect the wallet, the real site sends you to Uniswap. But if you’re looking to buy as quickly as possible, it’d be easy to fall for this, isn’t it? If you’re excited to buy in and sign the fake transaction, you’d lose everything in your wallet. Because it’s so easy to make fake pages like these

If you’re going to buy a memecoin, make sure you’re on the official page.

3) Fake exchanges

Memecoins are often ERC-20 Ethereum tokens. That means you usually buy them on decentralized exchanges (DEX) like Uniswap and Sushiswap. While Fire shows you the original domains to make sure you only transact on the official sites, some scammers even build fake exchanges and marketplaces! 

Because you’d expect Uniswap, Sushiswap and others to need token approval, this is one of the biggest risks for giving the wrong person the wrong approval. 

Check out this fake Sushiswap page. It looks exactly like the real Sushiswap:

Fake sushiswap page

But when you try to connect a wallet, it asks you for your seed phrase. This is a crude scam aimed at beginners, but there are more sophisticated scammers who ask for token approvals instead.

Fake sushiswap page asking you for your phrase to steal your assets

When you’re convinced you’re on an exchange, always make sure you’re on the real URL. To be sure you can trust a domain, you can install Fire and look for the golden checkmark. 

Fire protecting from malicious Uniswap scam

Even popular dApps get exploited and compromised, but when you see that golden checkmark, you’re most likely safe from harm on that domain.

4) Pay-to-claim

This scam doesn’t ask for token approvals. Instead, it tells you you can claim free tokens (often called an airdrop). But when you connect your wallet, it doesn’t prompt a sign-in, but prompts a transaction that would send your ETH directly to the contract. 

We recently pointed out one of these on our Twitter. A “Golden Pepes” account was advertising free tokens, but then asking you for ETH (and approval for all your tokens)

Fake Pepe Scam being outlined

If you’re exploring Ethereum, check out Fire!

We’re a trusted chrome extension that simulates transactions before you sign any potentially malicious smart contract.
Check it out
To Summarize

Whenever memecoins are hyped, scammers create copycat tokens, fake websites or entire fake exchanges that ask you for token approval and steal your assets. Always verify that you’re on the official domain and simulate transactions with Fire to make sure you keep your assets and stay safe when trading memecoins.