Investors lose $815k after NFT Marketplace and developers disappear
An entire NFT marketplace known as SudoRare stole about $815,000 worth of cryptocurrencies, mainly LOOKS and ETH today. The “rug pull” marketplace took scammers just six hours after SudoRare was published early Tuesday to carry out the rug pull.
Yield Farming: The Fruitful Hook
Typically, fraudsters use phishing websites to impersonate legitimate NFT projects, luring unsuspecting traders to link their wallets. This time they made more of an effort by forking a decentralized NFT marketplace SudoSwap. This new NFT marketplace has become very popular because people can add liquidity to NFT collections and earn returns.
So far, SudoSwap has over 14,600 NFT pools and over 2,300 token pools. Furthermore, the fake SudoRare was created to resemble LooksRare (LOOKs), the upcoming NFT marketplace, which currently occupies nearly 30% of the total NFT marketplace volume.
Just like with SudoSwap, SudoRare’s enticing feature was the ability to stake cryptocurrencies – LOOKs and ETH – into liquidity pools to receive returns in return. This was the coup de grace that drained people’s wallets, which started early Tuesday. On-chain data shows that most of the funds were in ETH, LOOKS and USDC stablecoin.
Blockchain security firm, PeckShield, traced the funds to three new wallet addresses, totaling ~$815,000 stolen, all of which were exchanged on Uniswap.
In turn, these three wallet addresses were linked to one Kraken account. The crypto exchange has not yet made an official announcement about the measures it took against the user. Because the know-your-customer (KYC) rule legally obliges Kraken to collect ID user data, the exchange will be able to identify the culprit linked to the account.
Predictably, the SudoRare scammers deleted their social media presence immediately after the successful heist.
Red flag missed
A couple of hours before the carpet, a Twitter user named Adam warned that SudoRare was using a suspiciously unnecessary smart contract.
“MasterChef” is a reference to a smart contract responsible for farm crops. When traders add cryptocurrencies to liquidity pools on DEXs, MasterChef runs it. Like other DEXs on Ethereum, SudoSwap operates an Automated Market Maker (AMM).
The SudoSwap team developed their own version – sudoAMM – which matches users’ trades with liquidity pools. SudoAMM was specifically designed for decentralized NFT marketplaces to be maximally gas efficient.
When SudoRare scammers gave SudoSwap, it appears they made a MasterChef tweak so that staked funds from liquidity pools can be drained. Although MasterChef itself cannot be upgraded, the smart contract can reference another contract for return logic.
Join our Telegram group and never miss a story about digital values.
Which NFT scams are the most popular?
Web3 security analyst who goes by the Twitter handle Serpent has done an excellent deep dive into both crypto and NFT scams plaguing Twitter as the dominant social media platform.
This breakdown points to a pattern of using bots to create false legitimacy around NFT projects. In addition, robots automatically send deposited funds from the fake links to the criminals’ wallets. Faking legitimacy can even extend to impersonating the CEO of OpenSea, as well as launching classic fake airdrops.
Is the NFT market recovering?
To no one’s surprise, after the Federal Reserve collapsed the crypto market with interest rate hikes, the NFT market has shared the same fate. Already at the end of June, it was clear that the wider interest was ending.
Inherently speculative and risky, people are less inclined to trade NFTs amid economic uncertainty. Correspondingly, August’s transactions fell well below the level of a year ago.
The market downturn is also affecting blue-chip NFTs. From all-time highs, most of them have lost more than half their value, measured as median base price:
- BAYC: from 150 ETH to 67 ETH
- MAYC: from 40 ETH to 12 ETH
- CryptoPunks: from 125 ETH to 66.5 ETH
- Azuki: from 33 ETH to 6 ETH
- Moonbirds: from 35 ETH to 12.5 ETH
- CoolCats: from 19 ETH to 2.3 ETH
That said, corporate NFTs are still in the game. Nike generated $185 million in total NFT sales, thanks to partnerships and entrenched sportswear position. On the non-corporate side of the equation, we see consolidation and exits.
For example, the NFT lending platform BendDAO is facing a liquidity crisis amid depleted reserves. With Europe heading into a likely deep recession, following the disastrously boomeranged sanctions against Russia, the decline in the NFT market should persist for some time.
Economy is changing.
Find out how, with Five Minute Finance.
A weekly newsletter covering the major trends in FinTech and decentralized finance.
What preventative measures do you suggest taking against crypto scammers? Let us know in the comments below.
About the author
Tim Fries is the co-founder of The Tokenist. He has a B. Sc. in mechanical engineering from the University of Michigan, and an MBA from the University of Chicago Booth School of Business. Tim served as a Senior Associate in the investment team at RW Baird’s US Private Equity division and is also the co-founder of Protective Technologies Capital, an investment firm specializing in sensing, protection and control solutions.