Recently, there have been frequent Rug Pull incidents. In response to the four Rug Pull incidents that happened today and yesterday, the CertiK security team will interpret and analyze the project operations and contracts.
Due to space limitations, we will mainly analyze the NumberSwap Rug Pull event, whose risks stem from typical token distribution issues, and present the implementation process of Rug Pull very clearly.
On July 19, 2022, the CertiK Skynet system detected a transaction that caused the price of NumberSwap tokens to plummet. The event is a typical token distribution problem.
Currently, deployers own more than 98% of the project’s tokens . Also, they sell less than 1% of their supply to attract speculators to buy.
Rug Pull operation steps:
① The deployer minted about 210 million tokens for himself: https://bscscan.com/tx/0x347f524b4a380e1f78f7cf0480e962fb0eda50eff1a178605f98d6062acb9624
② Deployers currently hold about 200 million tokens: https://bscscan.com/token/0xc7e9d15a2dc34d3a9f532b325396b8bf02f44fb8?a=0x916c81571fe022a58688d80d246546587b1ebe24
③ The 800,000 tokens that were not held were sent by deployers to 8 different addresses, which continued to interact with unverified router addresses and sell tokens.
On July 20, 2022, Beijing time, the CertiK Skynet system detected a transaction that caused the price of the RacKiller token to drop by more than 70%.
After analysis by CertiK security experts, it was a Rug Pull transaction , and it can be determined that the project manipulated the RacKiller price to make a profit. The project added liquidity to the RacKiller-BSC-USD pool at an early stage. At the time of writing, approximately 50,000,001 RacKiller tokens were sold across three accounts.
This event is also a token distribution issue . Project deployers have minted ERC20s, own more than 98% of the token supply , and are attracting speculative buyers to buy.
On July 19, 2022, Beijing time, the CertiK Skynet system detected a drop of more than 99% in the price of the ORCHID token .
After analysis by CertiK security experts, it is confirmed that the Orchid project is a Rug Pull project. The malicious wallet sold $50,208 worth of tokens and sent the funds to 0xc5264e7e4ce93f5914b1cdbfd1ac7f55cb5e8204.
At 1:13:04 am Beijing time on July 14, 2022, the CertiK Skynet system detected that an account connected to the contract deployer transferred a large amount of BNB to multiple accounts, creating the illusion of a large number of holders and funds . The deployer funds the bot account to trade tokens and then transfer the assets to the deployer’s wallet.
On July 19, 2022, Beijing time, the deployer wallet began to transfer BNB and LOOP tokens from the script to about 600 accounts, and then a large number of sell-offs caused the token price to plummet .
The four incidents are of the same nature—the projects are highly centralized and all have security audits to uncover relevant risks.
These risks will be categorized as centralization risk or initial token allocation, respectively. The audit report will also indicate where the project’s tokens will be transferred after the function is implemented. The risks of the first two events can be discovered through automatic auditing of ERC20.
Project teams with fraudulent intent often shy away from security audits, and problems that could have been detected through audits are deliberately ignored by malicious actors.
This demonstrates the importance of user research on projects before investing, and also highlights the need for transparency and accountability around Web 3.0 projects .
This is why CertiK advocates KYC team background checks on project teams , and launched a KYC service earlier this year, which can reliably verify the identities and project backgrounds of project team members.
The Web3.0 world has been suffering from Rug Pull for a long time, and there are endless incidents of guarding and running away with stolen money . In the second quarter of 2021 alone, the loss of funds due to fraud is as high as $2.6 billion. Mastering the characteristics of identifying Rug Pull malicious fraud and avoiding Rug Pull is the first step for every user to start self-protection.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/a-scam-that-has-no-gold-content-has-succeeded-again-and-again-analysis-of-four-rug-pull-incidents/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.