Security firm Blockfence has revealed that they have discovered a complex and repeated fraud scheme in which the fraudster has been creating over 1,300 tokens on multiple chains and profiting nearly $32 million through market manipulation and malicious code modifications.
Contents:
Toggle
Fraud Team Makes Tens of Millions of Dollars in a Year
How the Fraud Scheme Works: Initial Setup and Funding
How the Fraud Scheme Works: Market Manipulation and Deception
Specific Malicious Techniques
Blockfence: Could Be the Work of One Person
RugPull Projects Keep Coming
Security Team
Blockfence
In a report released on the 18th, Blockfence employee Pablo Sabbatella discovered tokens named “Blockfence” on the chain that were issued by a fraudster.
The investigation revealed that this is a massive and meticulously automated fraud scheme involving over 1,300 Rug Pull projects that have occurred since April 2023 on the Ethereum, BSC, and Arbitrum networks. The estimated number of victims is 42,000, with a total stolen amount of $32 million.
Advertisement – Continue reading below
In theory, the token contracts of Rug Pull projects should be flagged as high-risk in some markets’ monitoring alerts or fraud detectors. However, the fraudster manages to avoid detection by using the following methods:
First, the fraudster initially sends 10 to 20 ETH from a self-owned wallet (which is destroyed after 3 months) to a “newly created and never interacted with” wallet and then uses that funding to create a fraudulent token.
The fraudster creates the token contract, and the deployer receives the complete supply.
Usually, the token names are highly relevant to current trends or unreleased crypto projects, such as project names like DreamFi or the meme coin frenzy AIPEPE, exhibiting clear characteristics of “honeypot scams” that take advantage of victims’ FOMO and irrational desire to participate early.
Next, the fraudster relinquishes ownership of the contract to mislead RugPull monitoring tools into labeling the token contract as “safe,” allowing victims to enter the trap with a false sense of security.
Ownership of the token contract is transferred to 0x00, also known as the burn address.
Then, the fraudster deploys the token contract on UniSwap and injects liquidity. At the same time, they manipulate the market through wash trading to create the illusion of real trading activity and attract victims to believe that this is a popular token that is about to rise.
Victims buy fraudulent tokens in the UniSwap liquidity pool.
Additionally, the fraudster uses the “lock()” function to lock the LP tokens until December 30, 2024, to convince monitoring tools and victims that their investment is safe and that the fraudster will not redeem their LP tokens and execute a Rug Pull.
However, once the funds are sufficient, the fraudster is able to drain all liquidity from the market and reduce the token’s value to near zero.
The fraudster executes a Rug Pull.
Even though ownership of the contract is relinquished and LP tokens are locked, the fraudster still manages to dump a large number of tokens. Specifically, they do this by:
User balance manipulation: When someone buys the fraudulent token, the fraudster uses another unauthorized malicious contract to change the victim’s account balance to 1 (effectively destroying it), preventing them from selling the tokens. This malicious contract is highly related to all fraud tokens that have been issued and Rug Pulled.
The fraudster sets the victim’s balance to 1 using an external malicious contract.
Unlimited token minting: The fraudster also calls another malicious contract’s “dissort” function to fake their token holdings, allowing token holders to evade detection tools and successfully sell a large number of tokens for profit.
The external contract falsifies the fraudster’s token holdings.
Hiding malicious contracts: The fraudster utilizes a specific number and total token supply that is hardcoded in the code and dynamically converts and generates the address of the malicious contract to evade checks.
The fraudster hides and obfuscates the malicious contract in the token contract.
Lower profit targets: It is worth noting that the fraudster sets lower profit targets for each fraudulent token, approximately 5 to 20 ETH, in order to avoid detection and attention.
In summary, despite appearing to pass through various security tools’ monitoring, each token contract of the fraudster still retains malicious functionality that can destroy user tokens and even fabricate the deployer’s token holdings and supply.
Regarding the aforementioned fraud techniques, Blockfence believes that the fraud scheme may be the work of a single person through automated programs, based on the close timing intervals and amounts of most interactions and operations. Investigator Sabbatella also warns and advises:
I recommend not relying on just one contract and fraud detection tool, but using multiple different tools and evaluating the results comprehensively. Additionally, I would never purchase assets that I don’t fully understand.
Rug Pull incidents are prevalent in the cryptocurrency industry, from the meme coin frenzy in April last year, the “BALD” rug on the Base chain in August, to the token speculation named after Elon Musk’s AI “Grok,” highlighting the high risks and prevalence of market manipulation and various illicit activities in the crypto market.
Previously, ChainNews reported multiple repeat Rug Pull offenders, demonstrating that the same team may continue to create multiple Rug Pull projects to defraud investors.
(Rug Pull Expert! Magnate Finance on Base Chain Rug Pulled Three Times, Successfully Made $6.5 Million)
(Rug Pull Offender Strikes Again! Lendora Protocol Team RugPull, Has Made Over $10 Million)
Therefore, investors should remain cautious when it comes to any hot trends, as exaggerated marketing tactics and the lure of high returns can blind most people. Making rational decisions and managing risks is the only solution.
Rug Pull
wash trading
cryptocurrency fraud
fraud