Home » Fake cryptocurrency schemes: same address implicated in 123 scams

Fake cryptocurrency schemes: same address implicated in 123 scams

by Tim

On-chain investigator ZachXBT has identified a single address as the hub to numerous rug sweater-like cryptocurrency scams. Let’s take a closer look.

An address serves as a hub in cryptocurrency scams

Data from the Ethereum blockchain (ETH) shows that a single address has been used as a hub for receiving cryptocurrencies recovered in rug sweater-like scams. On-chain investigator ZachXBT, who has some fame in the ecosystem, pointed out these anomalies on Twitter yesterday:

The mode of action is much the same each time: the person(s) involved bundle the funds into one address and then send it all to a Coinbase address.

As pointed out in the comments to the above tweet, provided the person owning the Coinbase account has not performed a false Know Your Customer (KYC) check, this may facilitate the investigation.

These actions started over a month ago now and the illustration below of the transactions on one of the addresses involved shows how this is taking place:

Example of how one of the rug pulls works

Example of how one of the rug pulls works


Transactions are read from bottom to top in chronological order. First, an address is supplied with ETH and then a smart contract is created for a token that will be used for the scam: the DONUT in this example.

Later on, this token will be opened for trading, in particular through the opening of a liquidity pool into which funds will be deposited. The address in question then relinquishes ownership of the smart contract and eventually withdraws all its liquidity after several days and sends it to the hub address.

123 fraudulent tokens created

As the majority of transactions on the ‘hub address’ are in a pattern involving a first transaction delivering the funds from the rugpull, and then a second sending the funds to Coinbase, ZachXBT estimated the total to be 114 scams.

However, on closer inspection, we can see that sometimes multiple incoming transactions are made to the address involved, so that the funds from several scams are combined before being sent to Coinbase. Counting all incoming transactions, we can therefore estimate these scams at a total of 123 at our level.

As for the stolen funds, accounting for them is much more complicated, for several reasons. The main one being that the person(s) behind it all committed their own funds, on the one hand to provide the liquidity for the scams and certainly also to create false trading volumes in order to attract potential victims.

In all, more than 318.4 ETH were sent to Coinbase, worth $605,880, but for the reasons given, the ill-gotten gains are difficult to estimate. In addition, other addresses may have been used to manipulate the prices of these tokens, as pointed out by:

*** Translated with www.DeepL.com/Translator (free version) ***

Related Posts

Leave a Comment