ETHTrustFund rug pulls for $2.2 million
The operators of a project called ETHTrustFund on Coinbase's Base layer-2 Ethereum blockchain have apparently rug-pulled the project. The ETHTrustFund project was a fork of the Olympus DAO project on Base, but there was months of inactivity on the project following its March launch. Then, on July 20, the developer deleted his Telegram and Twitter accounts and the project's website, and suddenly moved the project treasury to a new wallet. The funds were then laundered through Railgun and Tornado Cash.
- ETHTrustFund, Rekt [archive]
ZKasino rug pulls after raising $33 million
A project promising to build a decentralized casino managed to raise $33 million, despite an anonymous team that had exhibited several instances of shady behavior throughout ZKasino's development. The project promised that everyone who bridged ETH to their layer-2 chain would be able to receive their ETH back 1:1 in thirty days.
Instead, the project's creators transferred those more than 10,500 ETH ($33 million) to Lido, an Ethereum staking service. As for the "return" of funds, the project team indeed followed through with their promises to return the crypto... except instead of ETH, depositors received the project's native token, ZKAS, which would vest over a period of 15 months. The project announced that they had calculated the ZKAS distribution based on a discounted rate, "as a favour to our users who have bridged to participate in the ecosystem". Gee, thanks!
One investor in the project wrote, "We made a mistake investing in Zkasino early. ... [I]t sounds like a scam, but 95% of crypto consists of such crap. With memecoins pumping every day, people believe this could be the next one."
It seems that ZKasino's creators have links to other crypto scams, including a failed "ZigZagExchange", which raised around $15 million that was allegedly misallocated to work on the ZKasino project. Crypto sleuth zachxbt had also described the team as "proven bad actors" in December, listing multiple instances in which they had avoided making promised payments.
After the rug pull, the project's planned IDO on Ape Terminal and AIT Launchpad were canceled, and MEXC (which had invested in the project's seed round) canceled the token listing.
$2 million emptied from Grand Base real world asset platform
Grand Base, a real world assets platform built on the Base layer-2 blockchain, has seen $2 million exit the platform in a hack or rug pull.
The team behind the project claimed that the deployer wallet had been compromised, allowing an attacker to drain the project's liquidity pool. Altogether, 615 ETH (~$2 million) was taken from the project.
Grand Base is a platform where users can trade "gAssets", which are crypto tokens that represent stocks in tech companies including Amazon, Apple, Google, Meta, and Microsoft.
MuskSwap and related projects exit scam for over $5 million
A person or group have raised funds for various crypto projects only to abandon them, empty the project wallets, and launder the funds through Tornado Cash. The largest of the projects was called "MuskSwap", which proclaimed: "$MUSK & MuskSwap was born to show admiration to elon musk's super projects like solarcity, tesla, space x and his constant influence on the world finance & the crypto market."
The project described itself as a DEX with a native $MUSK token, and launched in July 2021. However, the token tanked on December 25, 2021. Although the project team tried to blame the crash on "liquidity issues" and promised paths forward, they locked the project Telegram chat on March 11, 2022. On April 5, 2022, the team withdrew remaining funds and deleted the website.
Crypto analysis firm CertiK linked the MuskSwap project to several other scam tokens and projects: RocketDoge, InfinityGame, SpaceX, MUFC (themed after Manchester United), and Elona Musk. Altogether, the rug pulls have drawn in $5.1 million.
Project promising to rug pull raises almost $29,000
A project describing itself as "The world's first memecoin pre-announced as a rugpull" was explicit in its marketing: "do not buy this coin, as it will go to zero."
Despite that, people sent the creator over 8.8 ETH (almost $29,000) for the project's "pre-sale", even as they repeated on Twitter that the project was a scam and that no one should buy it.
Previously rug-pulled Lucky Star Currency project somehow rugs again
The astrology-based Lucky Star Currency project rug-pulled for $1.1 million in October 2023. You'd think that might be the end of it, but on March 22, 2024, ownership of the project was transferred to a malicious smart contract that then drained tokens priced at almost $300,000 from those who still held them.
You almost have to admire the tenacity.
TICKER project developer steals $900,000
A developer brought on to run a presale for the $TICKER token stole $900,000 from the project. 15% of the token supply was sent to the developer to distribute via an airdrop, but instead of doing so, the developer sold the majority of the tokens for around $900,000.
After the thief was identified by blockchain sleuth zachxbt, they posted a long message on Twitter, writing, "im not sorry for any of you, tbh. you are all morons if you believe all it needs to make it here is to send your money to a custodial address and get rich". The thief later spent some of the money on Milady NFTs and memecoins.
zachxbt stated that he had identified the developer, including his full name, location, and other details. He encouraged those who were scammed to contact him if they were interested in pursuing legal action.
Incognito Market drug marketplace pulls multi-million dollar double scam
Since March 5, those who used the Incognito Market darkweb narcotics marketplace have found themselves unable to withdraw the Bitcoin and Monero they had on the platform. It appeared the platform had exit scammed for somewhere between $10 and $30 million.
Making matters worse, on March 10 the website posted a message reading, "Yes, this is an extortion !!" They wrote that, although the platform promised to "auto-encrypt" messages between buyers and sellers, and auto-delete after an expiry date, messages were not encrypted or deleted. They demanded that users pay an additional $100 to $20,000 to have their information removed from the dataset, which they promised to release at the end of May. "Whether or not you and your customers' info is on that list is totally up to you."
The tactic is reminiscent of that of ransomware groups, which often demand double fees: one from victims of hacks first to regain access to their systems, and another in exchange for a promise to destroy stolen data.
- Incognito Darknet Market Mass-Extorts Buyers, Sellers, Krebs on Security [archive]
BitForex shuts off website after $57 million withdrawal
The Hong Kong-based BitForex cryptocurrency exchange has shut down access to its platform after a suspicious outflow of around $57 million on several blockchains. Users who have tried to log in see a CloudFlare page explaining that they are blocked from accessing the website by CloudFlare's DDoS protection service.
The withdrawals were first noticed by blockchain detective zachxbt, who also noted that the exchange has stopped processing withdrawals and has not been replying to customer support inquiries.
It seems likely that the outflows were an exit scam rather than an outside attack, particularly given the lack of communication and somewhat shady status of the exchange. The firm faced regulatory scrutiny in Japan in mid-2023 for operating without a license, and has been accused of inflating its trading volume. Its CEO resigned in January, but promised a new team would be taking over.
RiskOnBlast gambling platform rug pulls for $1.3 million
RiskOnBlast, a gambling and trading platform on the new ethereum layer-2 Blast blockchain, appears to have performed the blockchain's first major rug pull — before the blockchain has even officially launched. Blast was created by the developers of the Blur NFT platform, and received funding from the Paradigm crypto VC.
The team behind Blast had even helped to promote the RiskOnBlast platform, tweeting from its official account that Blast was "a new challenger" in the ecosystem with "undeniable" potential.
On February 25, the platform drained more than 420 ETH (~$1.3 million) from more than 750 user wallets on their platform. The project's anonymous team then laundered the funds through various services and exchanges. All social media accounts for the project were taken offline.