On-chain investigator ZachXBT has identified a single address as the hub to numerous rug sweater-like cryptocurrency scams. Let’s take a closer look.
An address serves as a hub in cryptocurrency scams
Data from the Ethereum blockchain (ETH) shows that a single address has been used as a hub for receiving cryptocurrencies recovered in rug sweater-like scams. On-chain investigator ZachXBT, who has some fame in the ecosystem, pointed out these anomalies on Twitter yesterday:
Over the past 1.5 months one person has created 114 meme coin scams.
Each time stolen funds from the scam are sent to the exact same deposit address.
0x739c58807B99Cb274f6FD96B10194202b8EEfB47 pic.twitter.com/uwVAiG9WGG
– ZachXBT (@zachxbt) April 26, 2023
The mode of action is much the same each time: the person(s) involved bundle the funds into one address and then send it all to a Coinbase address.
As pointed out in the comments to the above tweet, provided the person owning the Coinbase account has not performed a false Know Your Customer (KYC) check, this may facilitate the investigation.
These actions started over a month ago now and the illustration below of the transactions on one of the addresses involved shows how this is taking place:
Example of how one of the rug pulls works
Transactions are read from bottom to top in chronological order. First, an address is supplied with ETH and then a smart contract is created for a token that will be used for the scam: the DONUT in this example.
Later on, this token will be opened for trading, in particular through the opening of a liquidity pool into which funds will be deposited. The address in question then relinquishes ownership of the smart contract and eventually withdraws all its liquidity after several days and sends it to the hub address.
123 fraudulent tokens created
As the majority of transactions on the ‘hub address’ are in a pattern involving a first transaction delivering the funds from the rugpull, and then a second sending the funds to Coinbase, ZachXBT estimated the total to be 114 scams.
However, on closer inspection, we can see that sometimes multiple incoming transactions are made to the address involved, so that the funds from several scams are combined before being sent to Coinbase. Counting all incoming transactions, we can therefore estimate these scams at a total of 123 at our level.
As for the stolen funds, accounting for them is much more complicated, for several reasons. The main one being that the person(s) behind it all committed their own funds, on the one hand to provide the liquidity for the scams and certainly also to create false trading volumes in order to attract potential victims.
In all, more than 318.4 ETH were sent to Coinbase, worth $605,880, but for the reasons given, the ill-gotten gains are difficult to estimate. In addition, other addresses may have been used to manipulate the prices of these tokens, as pointed out by:
I think they make some buys from alt wallets when they deploy which complicates calculating what they profit.
– ZachXBT (@zachxbt) April 26, 2023
*** Translated with www.DeepL.com/Translator (free version) ***
