Investors Lose $815k after NFT Marketplace and Developers Disappear
An entire NFT marketplace known as SudoRare, pilfered around $815,000 worth of cryptocurrencies, mainly LOOKS and ETH today. The marketplace “rug pull” took scammers just six hours after SudoRare went live early Tuesday to conduct the rug-pulling operation.
Yield Farming: The Fruitful Hook
Typically, scammers use phishing sites to mimic legit NFT projects, luring unsuspecting traders to connect their wallets. This time, they exerted more effort by forking a decentralized NFT marketplace SudoSwap. This novel NFT marketplace has become highly popular because people can add liquidity to NFT collections and earn yields.
So far, SudoSwap has over 14,600 NFT pools and over 2,300 token pools. Furthermore, the fraudulent SudoRare was made to resemble LooksRare (LOOKs), the up-and-coming NFT marketplace, presently occupying nearly 30% of the total NFT marketplace volume.
Just like with SudoSwap, SudoRare’s enticing feature was the ability to stake cryptocurrencies – LOOKs and ETH – into liquidity pools to receive yields in return. This was the coup de grace that drained people’s wallets, starting early Tuesday. On-chain data shows that most funds were in ETH, LOOKS, and USDC stablecoin.
Blockchain security firm, PeckShield, traced the funds to three new wallet addresses, amounting to a total of ~$815,000 stolen, all of which were exchanged on Uniswap.
In turn, these three wallet addresses were linked to a Kraken account. The crypto exchange has yet to make an official announcement on what measures it took against the user. Because the know-your-customer (KYC) rule legally obligates Kraken to gather ID user data, the exchange would be able to identify the culprit associated with the account.
Predictably, the SudoRare fraudsters deleted their presence from social media immediately after the successful heist.
Red Flag Missed
A couple of hours before the rug pull, a Twitter user going by the name Adam warned that SudoRare was using a suspiciously unnecessary smart contract.
“MasterChef” is a reference to a smart contract in charge of farm yielding. When traders add cryptocurrencies to liquidity pools on DEXes, it is MasterChef that runs it. Like other DEXes on Ethereum, SudoSwap runs an automated market maker (AMM).
SudoSwap team developed its own version – sudoAMM – which matches users’ trades with liquidity pools. SudoAMM was specifically designed for decentralized NFT marketplaces to be maximally gas efficient.
When SudoRare scammers forked SudoSwap, it appears they made a MasterChef tweak so the staked funds from liquidity pools can be drained. Although MasterChef itself is not upgradeable, the smart contract can reference another contract for yield logic.
Join our Telegram group and never miss a breaking digital asset story.
Which NFT Scams are the Most Popular?
Web3 security analyst going by the Twitter handle Serpent has made an excellent deep dive on both crypto and NFT scams plaguing Twitter as the dominant social media platform.
This breakdown points to a pattern of using bots to create false legitimacy around NFT projects. Additionally, bots automatically send deposited funds from the fraudulent links to the criminals’ wallets. Faking legitimacy can even extend to impersonating the CEO of OpenSea, in addition to launching classic fake airdrops.
Is the NFT Market Recovering?
To no one’s surprise, after the Federal Reserve collapsed the crypto market with interest rate hikes, the NFT market has shared the same fate. At the end of June, it was already apparent that the wider interest fizzled out.
Inherently speculative and risky, people are less inclined to trade NFTs amid economic uncertainty. Correspondingly, August’s transactions fell well under the level a year ago.
The market downturn is also affecting blue-chip NFTs. From all-time-highs, most of them have lost over half of their value, measured as median floor price:
- BAYC: from 150 ETH to 67 ETH
- MAYC: from 40 ETH to 12 ETH
- CryptoPunks: from 125 ETH to 66.5 ETH
- Azuki: from 33 ETH to 6 ETH
- Moonbirds: from 35 ETH to 12.5 ETH
- CoolCats: from 19 ETH to 2.3 ETH
With that said, corporate NFTs are still in the game. Nike generated $185 million in total NFT sales, thanks to its partnerships and entrenched sportswear position. On the non-corporate side of the equation, we are seeing consolidation and exits.
Case in point, NFT lending platform BendDAO is facing a liquidity crisis amid depleted reserves. As Europe heads into a likely deep recession, following the catastrophically boomeranged sanctions against Russia, the NFT market downturn should persist for some time.
What preventive measures do you suggest taking against crypto scammers? Let us know in the comments below.