Attackers search for exploits in the smart contracts or other parts of decentralized exchanges. Examples for smart contract hacks and exploits can be found in R01. Others exploit the nature of decentralized exchanges where everyone can list every token. Some of these malicious token listings just imitate established tokens of successful tokens as described in R04. Others start marketing programs for an own token, but do not provide enough liquidity (or the scammers drain the liquidity provided by the buyers) on the dex, which allows victims to buy the tokens but not to sell them (see Squid game token scam as an example: https://trustwallet.com/blog/lessons-from-the-squid-game-token-scam). Another source explaining scam coins and tokens can be found here: https://coinmarketcap.com/alexandria/article/how-to-identify-and-avoid-uniswap-scams.
