Open in app

Sign in

Write

Sign in

The Weekly Rug #2

Rug Zombie
3 min readAug 26, 2022

--

Introduction

Welcome back to the second edition of The Weekly Rug! Surprisingly, this week has been relatively quiet in terms of rugs as compared to recent weeks, but there are still some events to cover. As always, if there are any recent rugs that you would like to see made into a RugZombie Grave, let us know!

SudoRare

The most overt rug pull of the week comes from SudoRare, a NFT AMM that claimed to be a mix of SudoSwap features with LooksRare tokenomics. Prior to launch, users could stake XMON, LOOKS, or WETH to earn the new SR token. The smart contract code was initially legitimate, but within 24 hours of deployment, the code was updated to allow an “operator” address (which was the deployment wallet) to transfer any tokens held on the protocol.

In total, SudoRare rugged about 1.15 million LOOKS ($314k), 6 XMON ($210k), and 200 WETH ($320k) for a total of over $800k. These tokens were immediately converted to ETH and split equally between three separate wallets. Currently, those 3 wallets still hold 173.1 ETH each (links to etherscan provided below). Presumably, they are attempting to figure out how to launder these funds, which is a bit harder now with the Tornado Cash sanction.

Wallets to Watch:

SudoRare had multiple red flags to suggest that the project was not legitimate. The name itself (make sure to tune into our Twitter space on “nameology”) blatantly rides off the coattails of two successful projects. Using such a name suggests that the project may simply be a cash grab looking to capitalize upon the hype of other, legitimate projects. If the project was truly doing something revolutionary, why not choose a unique name? Also, in their now deleted Medium post, they state “The team is 100% anon, we will never dox.” Even though some legitimate projects have anonymous team members, you should always be weary of these projects’ rug potential. Being able to know the people behind a project is a crucial part of the due diligence process, so it’s best to avoid fully anonymous teams unless they are established in the space.

NEAR Hack Attempt

Last weekend, hackers attempted to attack the Near Rainbow bridge by submitting a fabricated Near block to the Rainbow bridge contract. This transaction required a “safe deposit” of 5 ETH. As seen with the Nomad bridge hack, fake transactions can be used to trick smart contracts into releasing locked funds from the bridge. Since anyone can submit block data (as long as they pay the safe deposit), the Rainbow bridge relies on independent “watchdogs” to track the Near blockchain and flag incorrect transactions. When the attacker submitted the malicious transaction, automated watchdogs challenged and blocked the transaction within 31 seconds (or 4 Ethereum blocks). As a result, the attacker lost 5 ETH and all users’ funds remained safe.

A similar attack occurred in May and also resulted in no loss of users’ funds. Going forward, hackers will likely continue targeting bridges like Rainbow. Despite this, Rainbow’s security measures have countered two separate attacks, which is a good sign going forward.

Nft
Crypto
Bitcoin

--

--

Rug Zombie
Rug Zombie

Written by Rug Zombie

149 Followers
2 Following

Bringing your rugged tokens back from the dead. https://linktr.ee/rugzombie

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams