What if $VUSD was created as exit liquidity for exploiters?
On Sep-26-2024 06:28:23 PM UTC, a vulnerability in the uniBTC smart contract was exploited.
Here are some of reported addresses:
As we see they are smart enough not to expose all of their wallets onchain. So let's piece together some facts.
On Aug-20-2024 $VUSD was minted.
On Sep-26-2024 $VUSD & @OnyxDAO got exploited.
Wallets that bought $VUSD on the market just got blacklisted. Do they have to pay for this?
Main figures:
The interesting thing is that $VUSD top2 and top3 traders are «OnyxDAO Exploiter 1» and «uniBTC Exploiter 3».
And the top1 trader is
Etherscan, Bedrock_DeFi, pay attention to these wallets.
I see that you've already asked the exploiters to return $uniBTC in several IDMs. And they returned about 5 $uniBTC (photo 4) - good job!
P.S.
Do not trust such beautiful addresses:
Suckers:
On Sep-26-2024 06:28:23 PM UTC, a vulnerability in the uniBTC smart contract was exploited.
Here are some of reported addresses:
0x0000000000004F3D8AAf9175fD824CB00aD4bf80- uniBTC Exploiter 30x680910cf5Fc9969A25Fd57e7896A14fF1E55F36B- OnyxDAO Exploiter 10x7d522f67268F1C46D888fe083aAa86f784B9d082- uniBTC Exploiter 16
...
As we see they are smart enough not to expose all of their wallets onchain. So let's piece together some facts.
On Aug-20-2024 $VUSD was minted.
On Sep-26-2024 $VUSD & @OnyxDAO got exploited.
Wallets that bought $VUSD on the market just got blacklisted. Do they have to pay for this?
Main figures:
0x0BFFDD787C83235f6F0afa0Faed42061a4619B7a- VUSD CA.0xeE894c051c402301bC19bE46c231D2a8E38b0451- oVUSD CA.0xfD47f6879ccBAe84009F367E3e0c54dc2D435500- VUSD manipulator.0x3546502606e0e9B70636CCe43E1844288C6D44aA- VUSD manipulator.0x4e1266c7A132DdEd71c9A4Ee74f4CA79C75c125d- oVUSD deployer - funded by 0x35…44aA.
The interesting thing is that $VUSD top2 and top3 traders are «OnyxDAO Exploiter 1» and «uniBTC Exploiter 3».
And the top1 trader is
0xfD47f6879ccBAe84009F367E3e0c54dc2D435500 - sold 1M$. This wallet is also funded by «OnyxDAO Exploiter 1» and still isn’t reported by anyone. Etherscan, Bedrock_DeFi, pay attention to these wallets.
I see that you've already asked the exploiters to return $uniBTC in several IDMs. And they returned about 5 $uniBTC (photo 4) - good job!
P.S.
Do not trust such beautiful addresses:
0x0000000000004F3D8AAf9175fD824CB00aD4bf800x666666665931f8739817e22A0B7CE7F9EFf53f3E0xffffFffff5862f0229585e548973E0E556EFf0030x00000000009e560932B2D1B4161c7ccD7F5c1FAb0x00000000009819dbAA100eD113b04B1B256B70d70x000000000050E65abd53CD9a4D9b9500e209A3bC0x0000000000429ea06331427cdEEB4884ae0432450x000000000029A517b824E91d083B7ac864cf0C5E0x000000000023599274812F77725FbE7a8b4bdd47
Suckers:
0x39b19E50A59b9739DfD2C4F259E8ee1b8E6d6BEC- Match Systems0x6fA35c5b8661041e6360f385a5CffB7ADE6fFc8a0x04655832bcb0a9a0bE8c5AB71E4D311464c97AF50x7C099f625208a5A7C7fAc328e71b871350A763a0- fake OnyxDao0xfdE1cB0c3522451705d9c64A74994801Fe8aF4Cd- fake OnyxDao
5🔥15👍7👏2🤯2🤔1
«Address Poisoning Attack» - a scammer sends a small transaction from a lookalike address, "poisoning" the victim’s transaction history hoping they’ll later confuse the scam address with a legitimate one and mistakenly send funds to it.
An illustrative example in the photo 1 and 2.
I found a team of attackers.
Just look at the graph (photo 4) - how they transfer crypto through their beautiful (generated for fun) addresses. Looks like they wanna play with investigators by doing this.
One of this team’s victims mistakenly sent 120k$. (photo 5)
They swapped this amount to another address and then just spent this amount on gas!
They continue scamming people and freely withdraw crypto through centralised exchanges. I think AML companies should not ignore such type of scammers.
Please be careful and always verify addresses before sending❤️
An illustrative example in the photo 1 and 2.
I found a team of attackers.
TNHVbnChAbF9eBo6KEH1rEnKDHu7ubYUno - this wallet spreads dust via generated wallets for poisoning. You can see its behaviour in the photo 3. TERdzps2cNDodTbHw8jLGEYMpWgKJyVggo - this address accumulates crypto and funds main attacker. Just look at the graph (photo 4) - how they transfer crypto through their beautiful (generated for fun) addresses. Looks like they wanna play with investigators by doing this.
TJS9sePdyCtdqbKrxbtcJVmi3333333333TRMRb39hmJpXmVREhi7JYz3eWWWWWWWWWWTNjRaJ4SY3Srupr2fwWc6PXp7777777777TReKoU2hLbsiCUQ6q2SQi22RR555555555TArHkKaQUMxok9mYr7RaRTA8UUUUUUUUUUTTTU7epiomWB2CUKxwsEYRQSafffffffffTHPfn4MYx3XXNG16SddicBxGVVVVVVVVVVTNMXH7rbpaR3cPzCfr4DaAQg6QQQQQQQQQ
One of this team’s victims mistakenly sent 120k$. (photo 5)
They swapped this amount to another address and then just spent this amount on gas!
They continue scamming people and freely withdraw crypto through centralised exchanges. I think AML companies should not ignore such type of scammers.
Please be careful and always verify addresses before sending❤️
2🔥16👍5👏4❤1😱1
- How to keep a 100% win rate in trading memes on Solana?
- There’s no way, but…
Launch pattern:
1 - deploy 10B tokens.
2 - add liq 10B tokens + 0.1 $SOL.
3 - buy 99.98% of supply.
4 - spread supply to 200 wallets.
5 - attract purchases by manipulating volume, burning LP…
6 - rug.
They create new wallets for each project, but they do not change these 3 addresses:
They always buy 99.98% of supply for 500 $SOL from these wallets. (Sometimes 100+160+240, sometimes 1+210+290.)
The victims are swing trading bots, narrative bots, copytrading bots and just traders.
According to gmgn.ai data, they managed to earn about 60M$ dollars, but in fact, they are withdrawing their own money through sales (+ victims’ money).
So if they earn about 200-250 $SOL per project (after tx fees), thier total PNL from about 100 projects = 5M$
Moreover, this team keeps reinvesting scammed money to their launches. Good job!
I have only 3 questions now:
- Where is AML in solana blockchain?
- Should Jito Labs permanently ban all addresses associated with this team?
- Have you missed my investigations these 2 months?❤️
- There’s no way, but…
CRBYGyfcRSiwcpUr4qxbVeR7MDNb32mkhxxzFAN7iinS - here is a team found a way to attract organic purchases for their scam tokens on #solana blockchain. Launch pattern:
1 - deploy 10B tokens.
2 - add liq 10B tokens + 0.1 $SOL.
3 - buy 99.98% of supply.
4 - spread supply to 200 wallets.
5 - attract purchases by manipulating volume, burning LP…
6 - rug.
They create new wallets for each project, but they do not change these 3 addresses:
CRBYGyfcRSiwcpUr4qxbVeR7MDNb32mkhxxzFAN7iinS- main team wallet.dQSv6D61bxtUTd6oqSzsUgydxwCCQpGuRgQgsN59WVBHQP6MYaRDU4st131yaZFDR3x9N58ka4TCAUjcvSSpuQw
They always buy 99.98% of supply for 500 $SOL from these wallets. (Sometimes 100+160+240, sometimes 1+210+290.)
The victims are swing trading bots, narrative bots, copytrading bots and just traders.
According to gmgn.ai data, they managed to earn about 60M$ dollars, but in fact, they are withdrawing their own money through sales (+ victims’ money).
So if they earn about 200-250 $SOL per project (after tx fees), thier total PNL from about 100 projects = 5M$
Moreover, this team keeps reinvesting scammed money to their launches. Good job!
I have only 3 questions now:
- Where is AML in solana blockchain?
- Should Jito Labs permanently ban all addresses associated with this team?
- Have you missed my investigations these 2 months?❤️
2🔥21👍6❤2🐳1🦄1