Streakk - Scam project to destroy the databases of their investors
About
Streakk operates in the cryptocurrency niche. The company is headed up by founder and CEO, Suki Chen
Registration
With respect to Streakk, Chen’s LinkedIn profile represents it launched in 2019. This is baloney. Streakk’s website domain wasn’t registered until May 21st, 2022. Streakk didn’t exist prior to May 2022.
Audit of the Streakk
Audit was conducted on the website https://www.certik.com/
We can immediately notice critical errors that were found in the audit
1) SQL injection
SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input
2) Centralization Risk due to improper sensitive data storage
Your data can be used for personal purposes by Streakk's project administrators
3) Denial of Service
Streakk can stop serving its investors at any time
Streakk's Smart Contract
A lot of the investors I talked to were able to guarantee that the investment in Streakk was safely because Streakk using a smart contract. So, this is true. This project really uses Smart Contract. But if we go deeper into this Smart Contract, we can clearly see that it is broken
Cryptocurrency techs love the phrase «code is law». It is explained by the fact that all smart contract projects are mostly open source projects. What does this mean? It means that almost anyone can study the source code of a smart contract
You need to see what features the smart contract has and what the developers say. To open the source code, go to the project address on Etherscan. The interface with details will open
A similar page will open, but you will already be able to access the source code of the project. At the bottom of the table, select the «Contract» tab. A full contract source window will open. It looks rather cumbersome, but we are only interested in a few features. Look for features that mention the words «transfer», «burn», «mint» or «create»
Functions with such names generally describe the token turnover process. In them, attackers can hide the operations of endless release of tokens. If the creators of the project claim that only 21 million coins will be issued, and in the code there is a feature named «mint», «create» or «issue» and a large volume of lines inside the feature - it makes sense to think about it
The creator of YEAR tokens changed the access rights settings in the smart contract, making it impossible to sell the asset. The distribution of YEAR tokens, which allowed viewing wallet activity on an annual scale through a dedicated website, turned out to be a planned fraudulent scheme
According to Twitter reports, the creator of the smart contract did not initially reveal his ill intentions. Moreover, the smart contract was even audited due to requests from the crypto community. As a result, no obvious critical vulnerabilities were found. However, it was later revealed that the incineration function (which did not actually burn but checked the recipient’s address) of tokens was created in advance with the possibility of data substitution
According to smart contract logic, users could not send tokens to the contract owner. As soon as the YEAR hand gained popularity, it launched the function with the address substitution. The new owner of the smart contract became the address of the trading platform
Such a scheme is not new in the crypto market and has already received the name «honey pot». Similar fraud occurred earlier with the famous project Squid Game, which managed to grow by 5,000% in a day
This is the code in the Streakk smart contract. As we can see, they uses same function Transfer Address from, Address to. It makes think about it
By the way, the whole code has an address "uint256". We can be sure it’s a user who gets all the money from investors
Dear friends, be careful when you choose a project or company in which you are going to invest money. Streakk is not trustworthy, because all the information about this fraud is in the public domain on the Internet. Check the information and draw conclusions
Created by Johan Kotkas