Rug pull что это
«Rug pull»? Веб-сайт Luna и все ее аккаунты в социальных сетях были отключены
Веб-сайт Luna и все ее аккаунты в социальных сетях были отключены, согласно SolPad, первоначальной цифровой платформе предложения (IDO) для Solana.
Некоторые приписывают переход в автономный режим «Rug pull». Хотя официального подтверждения еще не было дано, этот шаг ознаменует собой первый в своем роде «Rug pull» на Solana. Анонимный источник сообщил, что было взято более 6,7 миллионов долларов США в виде активов. Сумма была проверена через проводник блоков сканирования SOL. Полный список активов, предположительно украденных, будет представлен ниже в конце этой статьи.
«Они перенесли все из SOL в ETH, а затем в децентрализованный Tornado Cash».
Luna была вторым IDO SolPAD, который вышла в прямой эфир во вторник. Пресс-секретарь Solana отказался комментировать. Solana в последнее время стала популярной и является блокчейном для миллиардера Сэма Бэнкмана-Фриеда, который основал криптобиржу FTX и который инвестировал значительные средства в проекты на базе Solana. Solana Labs, ведущая фирма сети, привлекла 314 миллионов долларов в июне.
В Telegram-канале SolPAD цифровая платформа заявила, что «собирает доказательства» Rug pull LUNA, которые смогут оказать «огромное влияние на инвесторов» и ее сообщество. SolPAD позволяет проектам привлекать капитал на децентрализованной платформе на основе Solana. Он также заявил, что делает все возможное, чтобы предоставить доказательства для всех связанных сторон, особенно для более крупных централизованных бирж, чтобы они могли перейти к приостановке и блокированию средств.
Награда предоставляется за любую информацию, которая приведет к нахождению команды Luna.
Defi Scams — Rug pull Analysis: Wallstreetswap.finance
Feb 26 · 5 min read
Disclaimer: This article only aims to provide basic knowledge to the smart contract fraudulent schemes and prevent scams to grow and hurt the Defi community. This is NOT financial advice.
Addresses
Introduction
Wallstreetswap.finance is another typical Defi protocol that allows you to swap, stake, and farm tokens. At first glance, nothing too out of the ordinary and looks very trustable because it has been audited (but deleted after rugged), has convincing and well-written documentation, and has the most crucial thing, the timelock contract.
The Audit problem
In the audit pdf fi l e, it states that TechRate performs an audit of “smart contracts” but only shows one file — the “Pool” contract.
But in reality, Since the main Github repo is already gone and the pdf file contains nothing about the contract information, We really can’t determine whether the auditor audited the actual backdoored contact or not.
The Rug Pull
At around 11:30 AM UTC, February 15, 2021, Wallstreetswap.finance suddenly close its website and began the rug pull.
When the website has been closed, I thought that it will be another developer dump. Then we’ll have to manually unstake and remove the liquidity, and get our tokens back eventually. But that’s not the case for this time.
In the LP token contract (for now on I’ll use BNB/BUSD for example), you can clearly see that the reserve, the actual balance of BNB and BUSD in the contract, is 0.
We can recheck this by going to the BNB contract and use the balanceOf function to query back the LP contract’s balance. And it resulted in 0.
** Some of the pools reserve fund is not updated because the sync function hasn’t been called, So it has to be manually checked **
Then in the Contract owner wallet, we’ll call him Culprit “C” from now on, we can see various transactions being executed by him, transferring the LPs token to his wallet and swapping all of it to BNB on PCS, then transfer all of the 220370 BNB (Approx 5m$) to an unknown wallet.
After that, the funds are split up and vanish into Binance hub, where we can’t track it anymore.
Now we know that our funds are actually stolen this time. It’s time to trace back to the root cause.
Tracing Back To The Root
Transfering token
We’ll start our progress by answering the question “How the duck can C withdraw our token!?”.
Then we seek the function that emits Transfer in the BNB contract.
Liquidity Pool Contract (LP Contract)
Let me explain how adding liquidity normally works
This means both of the tokens that you use to create LP token are not yours anymore and is now owned by the contract instead. Most of the time it’ll be fine, but not for this contract.
From the clue we have, we’ll skim the LP contract for abnormality about Approval first.
Пройди викторину и заработай Aurox «Learn & Earn» от coinmarketcap
Пользователи CoinMarketCap могут узнать об Aurox ( URUS ) и пройти короткую викторину, чтобы получить вознаграждение! Жетоны вознаграждения Aurox будут распределены случайным образом среди пользователей, успешно завершивших викторину, до завершения кампании.
Пул призов этой кампании Aurox «Learn & Earn» состоит из токенов Aurox ( URUS ) на сумму 200 000 долларов. Успешные пользователи получат жетоны Aurox ( URUS ) на сумму 10 долларов, а также 50 бриллиантов в качестве награды!
Кампания Aurox «Учись и зарабатывай» продлится с 2021.10.26 (12:00 PM UTC) по 2021.11.24 (23:59:59 PM UTC). Обязательно возьмите следующие уроки, чтобы пройти тест!
Aurox — это бесплатный универсальный торговый терминал для криптовалют, работающий на токене Aurox. Терминал имеет собственные индикаторы, оповещения и настраиваемые рабочие области, которые помогают новым и опытным трейдерам принимать более обоснованные и уверенные торговые решения.
Экосистема Aurox сделает торговлю и кредитование проще и доступнее для всех. Это обеспечит одни из самых высоких процентных ставок на рынке. Aurox Trade будет самым простым агрегатором CEX и DEX на рынке. Принимая во внимание, что Aurox Lend будет обеспечивать работу трейдеров с кредитным плечом на Aurox Trade децентрализованным образом.
Ответы на викторину Aurox «Learn & Earn»
Q1. What is Aurox terminal?
Answer: A beginner-friendly crypto trading terminal
Q2. Why is Aurox terminal different from other cryptocurrency platforms?
Answer: All of the above
Q3. On Aurox terminal, you can instantly access
Answer: All of the above
Q4. With Aurox, you can…
Answer: All of the above
Q5. On Aurox Trade you can…
Answer: Use one simple form to trade from dozens of DEX and CEX exchanges
Q6. What leverage size can Aurox Lend provide to Aurox Traders?
Answer: 4X
Q7. How much APY can Aurox Token (URUS) earn by staking?
Answer: More than 20%
Надеюсь, эта информация поможет вам в планировании викторины Aurox CoinMarketCap и у вас появится шанс выиграть криптовалюту
Токен Aurox — это служебный токен, стоящий за экосистемой Aurox. Размещая или удерживая токен Aurox, пользователи получают доступ к расширенным функциям и индикаторам, которые помогают упростить торговлю. Держатели токенов также могут зарабатывать до 80% годовых, предоставляя ликвидность для листинга Aurox Token Uniswap, более 20% за счет ставок и экономить до 50% на торговых сборах через Aurox Trade.
What Is a Rug Pull?
Beginner Jun 28, 2021 · 3 min read
| Key Takeaways: |
| — DeFi provides people with financial freedom, it protects your privacy. It’s non-discriminatory and offers the ability to bank the unbanked. — Great freedom entails some kind of risk. A rug pull is a malicious maneuver in the cryptocurrency industry where crypto developers abandon a project and run away with investors’ funds. — While scams are prevalent in the cryptocurrency space, don’t let that deter you. There are various ways to protect yourself – all you need is a little research. |
A rug pull is a type of crypto scam where developers raise funds from investors and then ditch the project they used to create the buzz. Here, we explain the manoeuvre – and how to avoid one yourself.
DeFi – are you paying attention?
Financial freedom is something of a mantra in the cryptocurrency space, doubly so in decentralized finance (DeFi.) DeFi promises ultimate financial freedom, bringing traditional finance options to the blockchain. Bitcoin aspires to “bank the unbanked.” DeFi is actually doing it.
The DeFi world is entirely user-run, thanks to the autonomous nature of blockchain networks. Here, anyone can create a project with a promised use case, and if you think it has value, you can buy-in.
But remember – here, there are no restrictions. Anyone can list any asset and there is no regulatory authority in place to insure the project is real. So while there are far lower barriers to entry for regular people like you and me, there’s also no one to tell you if a project is looking to scam you.
How a rug pull works
Bad actors look at DeFi as a perfect access point to take advantage of the “get-rich-quick” crowd.
They create a project, promise a particular result (a future NFT, for example) and begin to generate hype – and crypto – from investors who want to get involved. The crypto starts flowing, and the project’s value shoots up. You want to get involved due to fear of missing out (FOMO) hoping to buy in at a low before selling later on.
However, the developers aren’t what they say they are. Once they’ve pocketed your cash, the project mysteriously comes to a stand-still. pulling the rug out from you, its hopeful investor – you may also know this as a pump and dump scheme, or shilling.
But that’s no reason not to get involved. DeFi can and is quite rewarding for many users, assuming they pick the right projects. Ledger is here to help.
Here are a few things to look out for when scoping out your next purchase to protect yourself from the next big scam.
Tips to prevent falling for a rug pull
Of course, when you find a legitimate asset to acquire, you can use Ledger to store and protect it. The best way to store your hard-earned crypto is a hardware wallet, like us! We give you complete control of your digital assets, allowing offline storage for the ultimate security.
Concerned about crypto scams, but not sure how to detect them? What better place to start than Inside The Head of a Scammer! Check out our School of Block episode for the inside scoop on everything to watch out for.
Rug Pulls
For todays article, we are going to take a look at one of the darker parts of crypto, how they work, and what you can look for in order to help prevent yourself from falling victim to one of these scams.
Please note I am on vacation the week of August 8-13 and no articles will be coming out that week.
For the usual disclosure, I am not a financial advisor, I don’t even work in finance at all. My day job is as a telecommunications software engineer. Treat everything you read here as some educational resources and not financial advice.
What Are Rug Pulls
Rug pulls are a type of crypto scam, where the developer team will create a token, get’s it’s value pumped up, and then walk away with all of the money, leaving nothing for the people that bought into the token. With how easy and inexpensive it is to create and launch a crypto token, this is a pretty common scam tactic, so it’s worth knowing about and knowing what some of the warning signs of an impending rug pull are.
There are three main ways that a scammer can conduct a rug pull, and we’ll talk a walk through each to see what you can watch for to help you avoid getting rekt.
Pulling Liquidity
This is one of the more common types of rug pull scams, but also one of the easiest for you to watch out for. In previous articles I talked about how liquidity pools work, but we’ll do a little refresher here using an example of how they can be used in a rug pull.
Let’s say I create a token and mint out 1,000,000,000 of them, and I go create a pair on PancakeSwap and I put in all of the tokens plus 1 BNB. I do a little advertising and people buy some of the tokens and now there is say 500,000,000 tokens, and 20 BNB (obviously made up numbers, but I don’t want to do the math on it). I can then go and use my LP tokens, and yank the entire think out, gaining myself 19 BNB, and making all of the tokens that everyone bough worthless, as there is no liquidity for them to trade against.
This one is relatively straight forward to watch out for, basically any development team that is not trying to rug pull you, should be willing to either lock up the LP tokens into a 3rd party time lock vault, or straight up burn them. I personally think the time lock option is the better one, simple because it gives the team the option in the future to move liquidity to another protocol, but either one of them at least protect the users from having the liquidity pulled out from under them.
Pump and Dump
After the initial allocations are all handed out, the rest of the tokens are added to a liquidity pool and the team will start advertising and getting people to buy the tokens and start making the price rise up quickly. Once the price hits a good level where all the early holders are going to make money, they start selling off their positions and pulling out all the value that other people added when they bought into the project.
This of course will crash the price out and make it so everybody else loses money, while the developers and early investors tend to make off like bandits.
One good way to help look for these possibilities is to use a tool like Etherscan and look at the holders list, see how many large wallets are holding large positions. People holding 2% or more, could very easily crash the price just by selling off their positions, so look for how many there are, and if they purchased their tokens from the exchange pair, or if they were allocated it from the deployer account.
It’s also important to factor in the burn address. Some developers will mint an exceptionally large supply of the tokens, and burn most of them, to hide the actual percentage of circulating supply that the large wallets hold. If you see a burn address that holds a significant portion of a premined token, you have to ask yourself why? If they wanted a lower supply of tokens, why not just mint less of them?
This can also be combatted by the developers themselves by implementing things like time locked balances, where the team allocations can be locked up and prevented from being sold off early on after launch, or code that prevents someone that holds a very large percentage of the tokens from being able to sell them off in a short period of time, so if a team is including features like this, and you can validate the code is actually good and works, and is being utilized, this can help alleviate some of the fears the team may rug pull you.
Sell Locking
This third one is a little harder to detect, and that is the developer team can add code to the smart contract, that makes it impossible for anyone but themselves to be able to sell the token. Or they will say that you need to pay X amount to unlock the ability to sell the tokens. This one is worse because then you’ll pay them the money and they won’t unlock the tokens, and often times these ones are just airdropped to you, with huge amounts of value, and try and trick you with that into handing over what looks like a small amount in comparison.
Since this one involves the code itself, it can be a little harder for non-developers to spot. But, a lot of people out there are developers, and they are taking a look at these projects and making posts about what they find, so if a project is a scam, there is a high probability someone has already figured it out.
One big red flag on this one would be if the project does not release the source code for their smart contract, or they do release the code on say Github, but they do not validate that code on say Etherscan. If it’s not validated on the blockchain explorer, I would be highly skeptical that whatever code they put into the repo would be what was actually deployed to the network.
The other big thing to look for in this one is security audits, especially in larger projects. This is actually good for a couple of reasons. First, it means the code was reviewed and tested by a reputable source, so you can be more assured that there is nothing nefarious in there. It can also help the developers spot a defect in their code. It does not necessarily need to be a scam, a developer can make a simple mistake that could lead to problems as well. This is not foolproof of course, everyone makes mistakes, so a security audit does not necessarily mean no risk.
Conclusion
As you can see, there are a number of ways that a rug pull can be done in a number of ways, but there are red flags that can tip you off to them, and there are things you can look for in order to help mitigate the risk a bit. Crypto is a risky game, so it’s important to keep your wits about you, and do your own research into any projects you’re considering throwing some money into.
Socials And Other Links
If you enjoyed this content, you can check me out every weekday. My posts start at my website, but you can also find them cross posted at Publish0x, LeoFinancial, Hive, and read.cash.
You can also sign up for my newsletter which I send out every Friday with news and whatnot from the crypto space, delivered right to your inbox!
You can also find links to resources such as research and news sites over at this link.
Want some more content right now? Check out some of my previous posts:
A few referral links, in case you are interested in the service, and it also helps me out.
Binance – large centralized exchange – referral link saves you 10% on trading fees
Coinbase – basic crypto exchange – referral link gets you bonus crypto on first deposit
Cointiply – very good crypto faucet and earning site – no bonus for you on this referral unfortunately