🧻Classic Rug-Pull

A deep dive into the classic rug and how these scumbags do it.

So let’s break down what happens in brief before looking in more detail:

  1. Scammer creates a token.

  2. They then renounce and verify the contract, so initial scan on dextools says its not a honeypot.

  3. They then create and then lock the liquidity pool (adding big amounts $50k+, sometimes 200k+)

  4. After that they start buying with their other accounts so that volume and price goes up on dextools.

  5. People/bots go crazy and start FOMOing in and buying up the supply.

  6. They then blacklist all accounts but their own (they have a hidden blacklist function)

  7. They then call a function which creates (or mints) a lot more of the supply of their token.

  8. They then empty liquidity pool.

  9. You’ve been fisted.

Now let's take a look at that in a little more detail.

Here we have the aptly named… $SLUTS (I mean we are called BLF) So the address that created the coin is 0x8fe1B935f76972E2BA017fe10bD173539B3d9493

Our scammer creates a coin https://bscscan.com/tx/0xa5275958b2bbf7fe3eef0dfd4f0d4eb9992fd5c50bc5189810cc0527cd169ee9

They renounce and verify the contract https://bscscan.com/tx/0xc49b967cdf9484d8e9413321e207fb7928e4e48daf63cddf00ccf15620dc9dd9

They create and lock liquidity (adding big amounts 20k+) Adding LP: https://bscscan.com/tx/0x27ab60aff2251c13557ff99f7395e2f4b4a3bf66cb8a1808c69a1f365fbe27f4 Locking LP: https://bscscan.com/tx/0x37307eef095f6e93419829193d79b95910f43ee0feb158a46b52fa7387d37a3f

They then start buying with their other accounts so that volume and price goes up, other people start to FOMO and buy in.

They then blacklist other accounts (hidden blacklist function - see screenshot)

They then simply increase their own balance by 33000x the total supply (see screenshot)

The scammer then empties the liquidity pool, moves the funds to another wallet and/or exchange and it’s game over πŸ’€

This is one of the worst types of scams to be subjected to, there is no way to get your funds out once the blacklist is in place, and you are left with nothing.

Many of these functions can be found using CA scanners, but these dodgey devs keep finding new ways to get these hidden functions past the checks, properly auditing a CA is time consuming and a steep learning curve. However there are people in the space who can help.

If you are ever unsure of anything in a contract, either avoid completely, ask for help from someone in the know, or if you are feeling lucky, ape small, only play with what you can afford to lose.

Make sure to do your due diligence before jumping in, not losing money is just as important as making X's.

Check out our toolkit for useful tools and tips on doing your research.

BLF Team - Albus

Last updated