In the dynamic realm of cryptocurrency, recent events have highlighted the ever-present threat of Rug Pulls—deceptive maneuvers that leave investors empty-handed. Our Threat Intel Blockchain system, developed by Check Point, recently sounded the alarm on a sophisticated scheme that managed to pilfer nearly $1 million. Let’s delve into the details of this elaborate crypto con and understand how it unfolded. Check Point’s Threat Intel blockchain system identified and alerted the following address 0x6b140e79db4d9bbd80e5b688f42d1fcf8ef97798
The scammer (0x6b140e79db4d9bbd80e5b688f42d1fcf8ef97798) tactic is to create tokens based on the latest hypes to lure victims to buy his tokens, for example, the token name GROK 2.0 (0xd4b726c5b5e6f63d16a2050ee3ac4a0f0f81f1d4), possibly derived from a well-known AI system (X GROK), is intended to attract buyers.
The Anatomy of the Scam: How did this elaborate scam work, and how did it manage to siphon off a substantial sum? Here’s a breakdown:
- Creating Fake Tokens: The scam commenced with the creation of deceptive tokens, exemplified by the token GROK 2.0. The choice of names often mirrored trending topics to attract unsuspecting buyers.
- Adding Money to the Liquidity Pool: To create a façade of legitimacy, the scammer injected funds into the token pool, creating the illusion of a vibrant and active token.
- Orchestrated Trading Activities: Leveraging a specialized function (0x521da65d) in the contract, the scammer executed simulated trades, making it appear as if genuine buying and selling were occurring. However, it was merely a ruse orchestrated by the scammer.
- Pumping Up the Volume: Another function (0xf029e7cf) came into play, facilitating large-scale trades between WETH cryptocurrency and the GROK token. This artificial inflation created a sense of high demand and value, enticing investors to join in.
- Attracting Buyers: Capitalizing on the perceived attractiveness of the token, users began buying in, unaware of the impending deception.
- Taking the Money: Once the token had sufficiently lured in investors, the scammer executed the final move—withdrawal of liquidity from the token pool, leaving token purchasers with empty hands and depleted funds.
Technical part
The scammer used 2 different smart contracts to trade and pump the token volume. The first contract address he used is 0x2ef3216e95e2b7c8e378ae64534100e69598f955 which contained the simulated trading function (0x521da65d).
The function 0x521da65d is responsible for selling and buying the token for the scammer, this function has been executed 226 times for just this token. The function’s behavior is contingent on the Boolean varg7, which dictates its course, leading to two separate execution routes.
Covered By: NCN MAGAZINE / Check Point
If you have an interesting Article / Report/case study to share, please get in touch with us at editors@roymediative.com roy@roymediative.com, 9811346846/9625243429.