Attack Deep Dive: Soft Rug Pull

Community Spotlight: This article was guest authored by an anonymous Forta community member and participant in Forta’s Threat Research Initiative (TRi).

 Forta is a real-time detection network for security monitoring of blockchain activity. The decentralized Forta Network scans all transactions and block-by-block state changes, leveraging machine learning to detect threats and anomalies on DeFi, NFTs, bridges, governance and other Web3 systems. When an issue is detected, alerts are sent to subscribers of potential risks, which enables them to take action.

Soft rug pulls are a common type of scam in the cryptocurrency space. Unlike hard rug pulls, which involve malicious code or exploits, soft rug pulls are solely social engineering attacks. Scammers create a token and persuade users to buy it, often using hype and false promises of high returns. Once the price of the token has increased sufficiently, the scammer withdraws all the liquidity, leaving the token worthless and the investors at a loss.

In the past, soft rug pulls were relatively easy to identify due to their blatant tactics. However, as the crypto space evolves, so do the techniques employed by scammers. The campaign we’re discussing in this blog post is a prime example of this evolution. The scammer used advanced techniques and significant funds to make the scam less obvious, making it harder for users to spot the danger. This highlights the importance of real-time threat intelligence in assessing the risk associated with a particular address or token.

The Forta Network is the leading source of this type of threat intelligence. It monitors on-chain activity in real-time across seven EVM compatible chains, covering a broad range of scam techniques, including soft rug pulls. The network uses machine learning to identify potential scammers with high precision and recall. Additionally, the Forta community continuously monitors the threat landscape, ensuring that the network’s capabilities evolve alongside the changing tactics of scammers.

The DZOO campaign is a recent example of a sophisticated soft rug pull. The scammer deployed a fake DZOO token just hours before the launch of the real DZOO gaming token. They created a liquidity pool on Uniswap and attracted 20 victims, who collectively lost 4.4313ETH (or 8757.14 USD). The scammer then withdrew all liquidity from Uniswap, leaving the token worthless. The Forta Network identified the scam on the day it was launched, generating timely threat intelligence to protect users.

The scammer behind the DZOO campaign, however, used advanced techniques that made the scam harder to spot:

1. The scammer timed the creation of the DZOO token just a few hours before the real DZOO token was created.
2. The scammer utilized significant amounts of funds (at least 724ETH or 1.3M USD) to execute the scam! This illustrates we are dealing with sophisticated groups with significant resources.
3. Funds were distributed to bot EOAs using the disperse.app to generate trading activity on the created pool resulting in upward price movement:

4. The scammer airdropped tokens to a broad range of accounts to inflate the holder count using the disperse.app

The scammer around DZOO has been active for most of 2023 and has been involved in deployment of several soft rug pull tokens. The technique of utilizing bots to generate trading activity was deployed for several tokens DZOO, oSHIB, oDOGE, GPT, and SHIBP.

To protect oneself from such scams, users should check the Forta Threat Intelligence using before interacting with an unknown EOA/contract. This can be done by personalizing the linked query via Forta Explorer. Alternatively, one can also use a security plugin or wallet, like Blockfence or Zengo wallet, which integrate with Forta Threat Intelligence natively.

Soft rug pulls are a growing threat in the crypto space. As scammers become more sophisticated, it’s becoming harder for users to spot these scams. Access to real-time threat intelligence, like that provided by the Forta Network, is crucial for users to protect themselves.

Appendix 1: Campaign Visualization March 2023

• Share post