CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Reports
Incident Analysis
Revisiting The Day of Defeat Rugpull
7/3/2022
Revisiting The Day of Defeat Rugpull

TL;DR

On May-05-2022 +UTC, approximately $1.35M worth of assets were stolen from the DoD token. The involved addresses are: 0x2cbf... and 0x404b...

Event Summary

Day of Defeat (DOD) claimed on their website that they were a "radical social experiment token" and that it was "mathematically designed to give holders a 10,000,000X" price increase. The roadmap had plans in place up until 2024. According to their website every transaction was taxed 19% with 4% going to "marketing" and 15% to the "transitional wallet" and to the "prize fund". DOD’s whitepaper said that everything sent there was going to be sold for BUSD or BUSID and when the prize fund hit $100 million, one of the token holders would win that money.

On 5 May 2022, the Day of Defeat wallet was emptied leading to a loss of ~$1.35 million. The money was transferred from the project into other wallets causing the NFT to crash in value by 96%. On social media, DOD denied that this was a rugpull, and claimed that they were a victim of an exploit: "The private keys of the (2) contract related wallets were compromised".

~$1.35 million worth of DOD tokens were sent to 2 wallet addresses - 0x2cbf... and 0x404b... All of the tokens were then swapped for BNBs via pancakeswap. After being swapped for BNBs, the funds were then distributed to other hot wallets.

Day of Defeat(DOD) Token address: https://bscscan.com/token/0xc709878167ed069aea15fd0bd4e9758ceb4da193

Attack Technical Analysis

DoD token Rugpull Addresses:

Rugpull Address 1: 0x2cbf...

DoD token source (M Address): 0xe054...

Rugpull Address 2: 0x404b...

DoD Token source (A address): 0xd9b8...

The tax address “M” and “A” of the DoD token provided large amount of DoD tokens to addresses (0x2cbf... and 0x404b...) and those DoD tokens were further swapped for BNBs. The tax address (M address) sent 8,881,133,116,766 DoD tokens to the 0x2cbf... in the transaction: 0x8e20...

The address 0x2cbf swapped the DoD token to BNB in the DoD-BNB pool

Contract Vulnerability Analysis

Address A and M are prebuilt tax addresses in DOD token

ef303e65-6201-4ad4-af8e-1b9684a5fb27

For each _transfer, the tax was transferred to address A and M:

59200b01-19cf-4e70-89f7-ea6a81fe94b4

A large amount of DOD token was accumulated in both A and M accounts and both tax addresses were EOA.

Profit and Assets Tracing

Pair Loss

  • The BNB amount in the DoD-BNB pool decrease from 3,982 to 666. Around ~ $ 1,248,971K (3,316 BNB) is rugged.

  • The BSC-USD amount in the BSC-USD-DoD pool decrease from 1,004 to 170. Around $310K (824 BSU-USD) is rugged

Profit from Rugpull

  • Rugpull Address 1: 0x2cbf... received ~ 3190.9 BNB = 1,202,969.3 USD

  • Rugpull Address 2: 0x404b... received ~151,344.7616 USDT

For a total loss of ~$1.35M USD

Related Stories
The Vanishing Act: How Exit Scammers Mint New Tokens Undetected
Blogs
Security
In this post, we detail a certain type of rug pull wherein scammers apparently create tokens out of thin air before dumping them on unsuspecting investors.
3/19/2024
OrdiZK Incident Analysis
Blogs
Incident Analysis
On the 5th March, CertiK confirmed OrdiZK orchestrated an exit scam that over a period of time stole approximately $1.4 million. In this incident the scammers used a verity of tactics to steal from investors including hoarding taxes from sales, dumping a large amount of tokens and abusing privileged roles to empty project contracts. This incident is the 6th exit scam of 2024 where losses have exceeded $1 million, contributing to the over $64 million lost to exit scams in 2024 so far.
3/8/2024
Narwhal Incident
Reports
Incident Analysis
Narwhal’s token experienced two considerable drops within a two day period leading to an overall slippage of approximately 99%. The project’s official X account @Narwhal_fyi, announced that they had experienced an exploit, but did not give any specific details. Initial indications pointed to a private key compromise, however on-chain links suggest this incident was an exit scam. Approximately $1 million worth of funds were deposited into Tornado Cash with a further $410,000 sitting in two wallets. In this blog, we will outline the suspicious links that indicate that this incident is an exit scam.
1/10/2024
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;