Suspected crypto ‘rug pull’ scam nets $10 million to actors

    10 Jan 2022

    Arbix Finance, a yield-farming protocol that runs on Binance Smart Chain, has reportedly siphoned user funds in what blockchain security firm CertiK labeled a “rug pull” following its incident analysis. The developments follow a recent report issued by Chainalysis, the blockchain analytics firm, revealing over $7.7 billion was stolen in crypto scams worldwide in 2021, including over $2.8 billion stolen via “rug pulls” in the DeFi ecosystem.

    In the latest suspected scheme, the yield-farming project Arbix, a protocol that functions by locking cryptocurrency in exchange for interest, was flagged after 10 million ARBX tokens were minted, or validated, to eight addresses – Including 4.5 million to a single address. The blockchain security firm CertiK says the tokens were later “dumped.”

    CertiK says that $10 million in user-deposited funds were directed to unverified pools, which an actor subsequently drained. Additionally, CertiK’s analysis tool found that a threat actor moved funds to the Ethereum blockchain via decentralized exchange AnySwap USDT.

    CertiK determined the activity was a rug pull, in which administrators heavily market a fake crypto-token, acquire user funds and subsequently take off with the collective sum.

    In one of its initial tweets on the incident, CertiK wrote, “Privileged functionalities appear in the identified smart contracts. … DO NOT interact with the project!”

    And Connie Lam, head of CertiK’s Incident Response Team, tells ISMG that other “exchanges can help disincentivize future attacks by blacklisting and any associated with it, making it more difficult for the attacker to wash their funds or cash them out.”

    “It’s quite likely there’s more to come here,” says Christopher Boyd, lead malware intelligence analyst at the firm Malwarebytes, in a blog post. “More digging is required, and it’s possible one benefit of this service having been audited is it may help with finding out who’s behind this. It’s also possible the project owners may appear at the eleventh hour with an explanation.”

    Boyd points to earlier reports that Arbix had been audited and approved by CertiK in November, affording the project credibility at the time.

    “There’s a lot of angry people on social media in relation to this one,” Boyd says. “We’ve seen a few links being sent claiming to be forms of ‘help’ or support from Arbix which resolve to things like Telegram links. With no way to verify, we’d suggest being very cautious around any links sent to offer assistance.”

    “The decentralized nature of blockchain means any anonymous bad actor can launch a project that was destined to be a rug pull or exit scam from the very start,” CertiK’s Lam says.

    The recent Chainalysis report said that over $7.7 billion was stolen in crypto scams worldwide in 2021, or an 81% rise compared to 2020. Including “rug pulls” in the DeFi ecosystem accounted for over $2.8 billion stolen, or 37% of all cryptocurrency scam revenue, compared to 1% the year before.

    Rug pulls” are most commonly seen in the DeFi ecosystem. More specifically, most “rug pulls” entail developers creating new tokens and promoting them to investors, who trade for the new token in the hopes the token will rise in value, which also provides liquidity to the project – that’s how most DeFi projects start. In “rug pulls,” however, the developers eventually drain the funds from the liquidity pool, sending the token’s value to zero and disappearing.

    “Rug pulls” are prevalent in DeFi because, with the right technical know-how, it’s cheap and easy to create new tokens on the Ethereum blockchain or others and get them listed on decentralized exchanges (DEXes) without a code audit. That last point is crucial – decentralized tokens are meant to be designed so that investors holding governance tokens can vote on things like how assets in the liquidity pool are used, making it impossible for the developers to drain the pool’s funds. While code audits that would catch these vulnerabilities are common in the space, they’re not required to list on most DEXes, hence why we see so many “rug pulls.”

    Leave a Reply

    Your email address will not be published. Required fields are marked *