On-chain investigator ZachXBT has identified a single address as the hub to numerous rug sweater-like cryptocurrency scams. Let’s take a closer look.
One address serves as hub in cryptocurrency scams
Ethereum blockchain (ETH) data shows that a single address has been used as a hub for receiving cryptocurrencies recovered in rug sweater-like scams. On-chain investigator ZachXBT, who has a certain reputation in the ecosystem, pointed out these anomalies on Twitter yesterday:
Over the past 1.5 months one person has created 114 meme coin scams.
Each time stolen funds from the scam are sent to the exact same deposit address.
0x739c58807B99Cb274f6FD96B10194202b8EEfB47 pic.twitter.com/uwVAiG9WGG
– ZachXBT (@zachxbt) April 26, 2023
The mode of action is more or less the same each time: the person(s) involved group the funds together on a single address, then send everything to a Coinbase address.
As pointed out in the comments to the tweet above, provided that the person owning the Coinbase account has not carried out a false Know Your Customer (KYC) check, this may facilitate the investigation.
These actions began over a month ago now and the illustration below of transactions on one of the addresses involved shows how this is taking place:
The transactions are read from bottom to top in chronological order. First, an address is supplied with ETH and then a smart contract is created for a token that will be used for the scam: the DONUT in this example.
Later, this token will be opened up for trading, in particular by opening a liquidity pool into which funds will be deposited. The address in question then relinquishes ownership of the smart contract, eventually withdrawing all its liquidity over a period of several days and sending everything to the hub address.
123 fraudulent tokens created
As the majority of transactions on the ‘hub address’ are part of a pattern involving a first transaction delivering the funds from rugpull, then a second sending the funds to Coinbase, ZachXBT estimated the total at 114 scams.
However, on closer inspection, we can see that sometimes several incoming transactions are made to the address involved, in order to pool the funds from several scams before sending them to Coinbase. Taking all the incoming transactions into account, we can therefore estimate the total number of scams at our level at 123.
Accounting for stolen funds is much more complicated, for a number of reasons. The main one is that the person or persons behind the scams have committed their own funds, on the one hand to provide the necessary liquidity for the scams and certainly also to create false trading volumes in order to attract potential victims.
In all, more than 318.4 ETH were sent to Coinbase, worth $605,880, but for the reasons given, the ill-gotten gains are hard to estimate. In addition, other addresses could have been used to manipulate the prices of these tokens, as pointed out by :
I think they make some buys from alt wallets when they deploy which complicates calculating what they profit.
– ZachXBT (@zachxbt) April 26, 2023
