Scam Sniffer: "NUDEAI" and "MAGA" on the Base chain are fraudulent tokens, with backdoor code that can bypass authorization to transfer assets

ChainCatcher message, Scam Sniffer has issued a warning on social platforms that the newly issued "NUDEAI" and "MAGA" tokens on the Base chain have been confirmed as fraudulent tokens. Attackers have transferred backdoor code from SafeMath.mod() to the MerkleProof.verifyCalldata() function in the smart contract, allowing them to transfer assets arbitrarily without user authorization.

The involved token contract addresses are: NUDEAI (0xcb33289e…85d4cf95af3574) and MAGA (0xc20fd8…f703e8b522372901). Scam Sniffer reminds users to be cautious of such fraudulent tokens that implant backdoors through the transferFrom function and recommends conducting security verification before interacting with unknown tokens.