Cyber vigilante hunts down DeFi scammers running away with $25M rug pull
An exclusive Cointelegraph interview on tracking down a group of DeFi scammers responsible for the $25 million StableMagnet rug pull.
In the world of digital finance, where the weapon of choice for a heist is a computer rather than a semi-automatic firearm, tracking down scams and frauds from across the world becomes a near-impossible feat for centralized police forces.
However, in an interview with Cointelegraph, an anonymous cyber vigilante shares insights into how he went about tracking down a group of decentralized finance (DeFi) scammers responsible for the $25 million StableMagnet rug pull, coordinating with police authorities and eventually having the stolen money returned back to the investors.
The StableMagnet platform lured unwary investors under the pretext of high returns against stablecoin deposits. In a typical rug pull event, StableMagnet managed to run away with the $25 million that was invested by over 1000 users.
##StableMagnet #rugpull $22m and growing. Its SwapUtils library code is NOT verified and *DIFFERENT* from main Swap contract: https://t.co/Ls5XNA5UXf. @bscscan There is a need to verify the library code!
— PeckShield Inc. (@peckshield) June 23, 2021
Right before the rug pull, the cyber vigilante (anonymous for obvious reasons) examined the code to ensure the legitimacy of the project prior to investing himself. However, what he missed out on were a number of messages on Twitter alerting him on the possible exploits and vulnerabilities in the system.
Taking things personally, the vigilante — an active ethical hacker — set out to track the scammers and bring justice to the investors. He told Cointelegraph:
“I just felt like this was the only opportunity in my life — to have a very meaningful impact in a situation where most people are not going to have the time and the gusto to do that kind of thing.”
Starting from tracking down a GitHub account to identifying all family members of the scammers through social media accounts, our vigilante’s investigation pinpointed a group of Chinese locals from Hong Kong.
Eventually, the anonymous vigilante tracked down the scammers’ travel to a Chinatown in Manchester — a temporary move until the commotion died down:
“I didn’t want them to go to jail. I don’t like the centralized forces to come into the decentralized world as much as we possibly can.”
Taking the matter into his own hands, he booked a one-way flight ticket to Manchester while contacting local police authorities citing the narrow timeline before the scammers move to a different location. To the vigilante’s surprise, the Greater Manchester Police reacted swiftly and arrested a few of the scammers.
The police retrieved different pieces of a single USB device from the scammers, which contained roughly $9 million:
“Once that occurred, it was believable to the other project people (scammers) that I wasn’t BSing about finding them and knowing where they were and being able to get them taught if that’s what we wanted.”
Following the arrests, other members of StableMagnet cooperated with the cyber vigilante and returned the majority of the loot. Ever since the development, his message has been heard loud and clear, “maybe it’s not a good idea to scam, at least not on the Binance Smart Chain.”
Related: Crypto YouTubers fall victim to hacking and scamming attempt
On Jan. 23, numerous popular crypto YouTuber accounts were hacked and posted unauthorized videos with text directing viewers to send money to an unknown (hacker’s) wallet.
BREAKING: Dozens of Crypto YouTubers have had their accounts hijacked by hackers promoting a fake crypto giveaway scam. Hacked accounts include:@IvanOnTech@boxmining@aantonop@themooncarl@Bitboy_Crypto@mmcrypto@Altcoinbuzzio@FloydMayweather@crypto_banter@CoinMarketCap pic.twitter.com/ykXkZUh9cO
— Mr. Whale (@CryptoWhale) January 23, 2022
YouTuber Michael Gu told Cointelegraph that his YouTube channel Boxmining posted a video without his permission. “Luckily, we caught it within two mins of the video going live and managed to delete it,” he said.