CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Reports
Incident Analysis
Jump Satoshi Exit Scam
11/20/2022
Jump Satoshi Exit Scam

TL;DR

On 09 October 2022 JUMPN aka Jump Satoshi, withdrew $1.1 million from their JST token by which point all the projects socials, including their website had been taken down. Two days later, all contracts associated with Jump Satoshi were drained of assets in an exit scam totalling $3.9m.

Event Summary

JUMPN claimed to be a fitness focussed Web3 project that allowed investors to earn whilst they moved. The project had a total of four tokens, all of which had been drained of investor assets. All social media presence has disappeared as well as the removal of the website. Jump Satoshi was highly likely a scam from the onset.

The flow for withdrawing tokens on all four contracts followed a similar pattern. For example, the EOAs identified as the “rugpull” wallets are initially funded by 0x80Ca. For example, the JAC rugpull wallet receives 1 BNB on 18 April 2022.

9494c15e-2972-4b78-b2bc-8dd7bd0d345c

This wallet also initially funds the JET, JAC and JUT contract creators on the 18 April 2022. Interestingly, the time difference between funding the contract creators and the malicious wallets is extremely small. For example, the JET dumping wallet was funded 3 minutes after the deployer from 0x80Ca. Below we can see a further breakdown.

Screenshot 2022-11-20 at 16.21.30

Additionally, the JST dumping addresses were funded by 0x80Ca on 18th April at 8:59:54 UTC which is just ~14 minutes before the JET Deployer was funded. From this, we can infer connections between the contract creating wallets and the rug pulling wallets demonstrating a pre-mediation from the beginning of the project.

The Warning Signs

There were plenty of warning signs around the project that led us to alert our community on two separate occasions. On 25th May 2022, we tweeted that JST is showing signs of being a honey pot with many users complaining that they are unable to sell their tokens.

f131ee47-8dbe-4190-bb8b-17d8ffed886f

JET (V2) 0xE6CB2963e9da6E9A50C77b2354d47e664a1Ca8dD

The Jump Energy Token was drained of liquidity on the 10 October 2022 by 0x5c377. The incident began by the malicious wallet creating an unverified contract. 0x5c377 then calls 0x53676fe3 function which withdraws JET tokens and swaps for WBNB.

fd513f61-1648-43f6-b6a4-82f0d59ab341

This function is called twice before 0x5c377 withdraws ~573.83 WBNB from the malicious contract created.

0bf6b19c-8c67-491e-a74e-b2891e924fe1

On the 31st October, the stolen funds were deposited into Tornado Cash.

JAC 0xa7573991D44E7128e2831DAA5e9722678Ff020Ca

The JUMPN Activation Code token was also drained of funds on 10 October 2022 using the exact same method as the example above. EOA 0xAF7b9 creates a contract and calls 0x53676fe3 function to withdraw funds from JAC contract. This function is called three times and swaps JAC tokens for WBNB and 0xAF7b9 withdraws ~1,278.05 WNB from the contract they created. The WBNB is then swapped for BNB and deposits 1,200 BNB into Tornado Cash.

Screenshot 2022-10-16 at 10.44.30

1,300 BNB was deposited into Tornado Cash, with 1,200 BNB deposited on 10th October and a further 100 on 31st October.

JUT 0x0e61b4AeC4d8FE53fB2dE64e268Bf20B5E6b0E07

The JUMPN Unstake Token again was drained of assets in the same way as the above two tokens on 10 October 2022. EOA 0x8d41 created a contract and called Sq function seven times, which swapped JUT for WBNB. EOA 0x8d41 then withdraws WBNB which is swapped for 350.51 BNB, of which 300 BNB is deposited into Tornado Cash.

Screenshot 2022-10-16 at 11.19.33

JST 0xee6cacddd3a9370d87db581ee6728226883578e5

The JST token resulted in the highest losses for investors. The first malicious transactions took place on 31 August 2022 when 0x11137D swapped JST tokens for 1,109 BNB. The wallet then deposited 100 BNB into Tornado Cash and transferred 1,001 BNB to 0x2F29. From there, 1,000 BNB was deposited into Tornado Cash.

Screenshot 2022-10-16 at 11.40.19

From this incident, $299,454.19 was stolen from investors. Fast forward to 09 October, 0xD3De… withdraws ~$1.1m worth of tokens in two transactions that call 0x6b1d9018 twice (one transaction was reverted). All the withdrawn BEP-20 tokens were then swapped for BNB. Between 09-10 October, 4,100 BNB worth $1,107,164 was deposited into Tornado Cash with a further ~58.2 BNB being transferred to 0x692c. At the time of writing, those funds remain in the wallet.

On 11 October 2022, the JUMPN exit scam concluded with EOA 0x4693 creating an unverified contract and calling 0x53676fe3 five times. These transactions swapped JST tokens for WBNB which amounted to ~7,153.78 WBNB ($1,941,106.66). EOA 0x4693 deposits 4,600 BNB ($1,240,896) into Tornado Cash and transfers 2,554.52 BNB to EOA 0x55186 with which 2,500 BNB is deposited into the mixer.

In total, the JUMPN exit scam has lead to total losses of $3,962,366.80.

Updates

Since attention has been focused on the FTX collapse, the individuals behind this exit scam have become active again. For example, 0x4693f known as (JST Rugger 2) created two unverified contracts on the 8th of November to extract what value remains in the JumpN contracts.

In fact, multiple wallets involved in the exit scam have consolidated a further ~12.37 BNB in 0x2E52fD worth ~$4k at the time of transfer. These funds were then transferred to 0x63530.

4b59eb40-a98e-42e9-82f1-8685609adfe0

Conclusion

Unfortunately, Jump Satoshi was almost certainly designed to be an exit scam from the beginning. This incident comes in as the 8th largest exit scam observed this year. However, there were warning signs that go back to May where we alerted the CertiK community on the possibility that JumpN was a honeypot. Not surprisingly, the contract didn’t have an audit which would’ve helped investors understand some of the critical (and purposely placed) vulnerabilities.

Protect yourself and your assets by following @CertiKAlert on Twitter to stay up to date on all the latest Web3 security news, and visiting certik.com as part of your due diligence.

Related Stories
Risk On Blast Incident Analysis
Blogs
Incident Analysis
On 24 February, GambleFi project RiskOnBlast is thought to have become the first confirmed exit scam to occur on the Blast ecosystem, a layer-2 project on Ethereum.
3/29/2024
The Vanishing Act: How Exit Scammers Mint New Tokens Undetected
Blogs
Security
In this post, we detail a certain type of rug pull wherein scammers apparently create tokens out of thin air before dumping them on unsuspecting investors.
3/19/2024
OrdiZK Incident Analysis
Blogs
Incident Analysis
On the 5th March, CertiK confirmed OrdiZK orchestrated an exit scam that over a period of time stole approximately $1.4 million. In this incident the scammers used a verity of tactics to steal from investors including hoarding taxes from sales, dumping a large amount of tokens and abusing privileged roles to empty project contracts. This incident is the 6th exit scam of 2024 where losses have exceeded $1 million, contributing to the over $64 million lost to exit scams in 2024 so far.
3/8/2024
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;