CertiK Profile picture
Mar 15, 2023 9 tweets 4 min read Read on X
1/ The Rug Pull Report

Exit scams, more popularly known as rug pulls, are the most common type of #Web3 scam. A rug pull involves fraudsters robbing a crypto project by liquidating their holdings without warning and leaving investors holding worthless tokens. 🧵👇🏼 Image
2/ 3️⃣1️⃣6️⃣rug pulls stole $207 million of value from #Web3 investors in 2022. 💰👎🏼The prevalence of this type of #scam is an ongoing blight on the image of the industry. 👇🏼
3/ In this report, we analyzed the common characteristics of rug pulls, from the domain registrars scammers prefer to the average length of projects designed to exit #scam. 👇🏼
4/ Teams accounted for nearly two-thirds of all rug pulls analyzed. Founders working alone represented 15% of exit scams, and rogue developers 10%. 👇🏼 Image
5/ We found that the average project that rug pulled existed for 9️⃣2️⃣ days from inception to the #scam. The median lifespan, or most common, was 5️⃣7️⃣ days from start to finish. 👇🏼
6/ Scammers employ tactics that exploit the emotional and physiological triggers in order to maximize investment into their project. 👇🏼 Image
7/ Of the 3️⃣1️⃣ projects analyzed, only seven had roadmaps and only four published whitepapers. When they are available, these documents are often of poor quality, with grammatical errors, missing information, and even explicitly fraudulent messaging. 👇🏼
8/ The majority of rug pulls are executed by completely anonymous teams. 👇🏼 Image
9/ Check out the full report below.

certik.com/resources/blog…

#CertiK #Web3 #scam

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with CertiK

CertiK Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @CertiK

Jun 19
CertiK recently identified a series of critical vulnerabilities in @krakenfx exchange which could potentially lead to hundreds of millions of dollars in losses.

Starting from a finding in @krakenfx's deposit system where it may fail to differentiate between different internal transfer statuses, we conducted a thorough investigation with three key questions:

1/ Can a malicious actor fabricate a deposit transaction to a Kraken account?
2/ Can a malicious actor withdraw fabricated funds?
3/ What risk controls and asset protection might be triggered by a large withdrawal request?

According to our testing result: The Kraken exchange failed all these tests, indicating that Kraken’s defense in-depth-system is compromised on multiple fronts. Millions of dollars can be deposited to ANY Kraken account. A huge amount of fabricated crypto (worth more than 1M+ USD) can be withdrawn from the account and converted into valid cryptos. Worse yet, no alerts were triggered during the multi-day testing period. Kraken only responded and locked the test accounts days after we officially reported the incident.

Upon discovery, we informed Kraken, whose security team classified it as Critical: the most serious classification level at Kraken.

After initial successful conversions on identifying and fixing the vulnerability, Kraken’s security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses.

In the spirit of transparency and our commitment to the Web3 community, we are going public to protect all users' security. We urge @krakenfx to cease any threats against whitehat hackers.

Together, we can face risks and safeguard the future of Web3. #Web3 #Security #TransparencyImage
Transparency is important to the community. We are disclosing all testing deposit transactions here: Image
Since Kraken has not provided repayment addresses and the requested amount was mismatched, we are transferring the funds based on our records to an account that Kraken will be able to access.
Read 5 tweets
Jan 28, 2023
Exposing Scammers 🚨

CertiK investigators uncovered two scammers, Zentoh and Kai, behind the Monkey Drainer kit 🐒

This kit is sold to prospective scammers who are looking to steal user funds using Ice Phishing

Who was involved and how? Let's see 👇🧵
The Monkey Drainer kit and similar phishing tools utilize “ice phishing” to trick users into giving the scammers unlimited power to spend their tokens.

If you don't know what Ice Phishing is, see this thread 👇

Our investigation has determined with a high degree of confidence "Zentoh" and "Kai" were behind a fake Porsche NFT website.

This site, which utilized the Monkey Drainer tool, was active for approximately two weeks through mid to late November 2022.
Read 16 tweets
Dec 16, 2022
1/ #CertiK recently participated in the @AptosLabs CTF MOVEment 2022 contest

Faced with the challenge of quickly understanding and summarizing the semantics of complex code snippets, we turned to #ChatGPT @OpenAI

Let's see how it worked 👇🧵 #OpenAI #Aptos
2/ By interacting with #ChatGPT through natural language, we were able to ask it questions about the code and receive clear and concise answers.

ChatGPT is able to provide a summary of the code's semantics and explain what the code does in simple, natural language, saving time
3/ Example 1: Summarizing code functionality

ChatGPT can summarize the functionality of this code snippet provided in the CTF challenge and provide its meaning

Even though #MOVE is a relatively new language, ChatGPT was able to provide us with useful information.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(