Introduction

On the 5th March, CertiK confirmed OrdiZK orchestrated an exit scam that over a period of time stole approximately $1.4 million. In this incident the scammers used a verity of tactics to steal from investors including hoarding taxes from sales, dumping a large amount of tokens and abusing privileged roles to empty project contracts. This incident is the 6th exit scam of 2024 where losses have exceeded $1 million, contributing to the over $64 million lost to exit scams in 2024 so far.

The Build Up

OrdiZK advertized themselves as a privacy bridge between the Ethereum network and Bitcoin. Based on deleted X posts, they claimed to be able to bridge between additional chains such as Solana and Avalanche. Throughout the lifespan of the project, the deployer created two OZK tokens as well as a number of staking contracts. The deployer, and treasury wallets were initially funded via ChangeNOW and the deployer received and deposited funds to FixedFloat. Currently, we have not been able to concretely identify the sending address.

The OrdiZK project enticed users into engaging with the project by offering large returns on staked OZK. We can see in a now deleted X post from OrdiZK that users could expect an unrealistic 321.8% APR return on their staked OZK tokens.

On 21 Feb, OrdiZK claimed via their now deleted account on X, that they would be migrating their contract to V2. The new contract was created on 26 Feb with user’s able to migrate until 4 March.

Users began to migrate OZK V1 tokens on the 26th February. The migration mechanics meant that when users called 'migrate' they would transfer V1 OZK tokens to the deployer (later labelled Fake_Phishing323133) and mint V2 OZK tokens to the users wallet. We can see an example of this in the following transaction.

The consequence of this is that the deployer begins to accumulate a large amount of OZK tokens that were backed by a large amount of liquidity. It is also noteworthy that the OrdiZK project was not long into its lifespan before it announced a migration. OrdiZK’s X account posted that the migration was to address a minor bug found in an audit.

Immediately after the migration deadline, at 23:00:23 UTC on 4 March, the OrdiZK deployer sold 489m OZK tokens from the old contract for 35.65 ETH (~$134k) causing a 98% slippage. From the victims point of view, this wouldn’t necessarily be an issue since liquidity backing the old token would presumably be added to the new token contract.

The Exit Scam

Rather than the liquidity recovered from the V1 token contract being added to the pool backing V2, the funds remained in the deployers wallet. On 5 March, less than 12 hours after selling tokens from the V1 contract, the deployer sold 454m OZK tokens from the new contract for 57.64 ETH (~$214k) causing a 98% slippage on OZK V2.

After dumping tokens on both contracts the deployer then called an emergencyWithdraw function twice, on the OZK staking contract, withdrawing a further 57.68 ETH and 0.90 ETH respectively.

As well as the token dumps and staking withdrawal, the deployer was also actively receiving tax funds during the token’s trading period.

CertiK values the exit scam on OrdiZK at $1.4 million due to the combined value extracted from participants in the form of token dumps, liquidity removals and taxes throughout the project’s lifespan.

Fund Movements

OrdiZK also had two additional project wallets, a marketing wallet and a treasury wallet. On 12 January the marketing wallet was funded with 70.5 ETH of which it still holds 46.66 ETH. The treasury wallet was funded with 75 ETH on 15 January and used to create a staking contract. The wallet still holds 70 ETH.

In total the project currently have approximately $1.47 million of assets sitting in project wallets, which breaks down as follows:

• ozk deployer: 277.89 ETH (~$1,037,125)
• ozk-treasury.eth: 70.59 ETH (~$263,482)
• ozk-marketing.eth: 46.66 ETH (~$173,899)

Conclusion

When we discount the BitForex incident which saw approximately $56.5m lost, the OrdiZK exit scam is the largest incident we’ve seen. With the introduction of new experimental token standards such as ERC-404 and the excitement of Bitcoin reaching a new all time high, we will likely continue to see major exit scams impacting investors throughout 2024. CertiK will continue to monitor the wallets associated with this exit scam. You can view the risks associated with the OrdiZK exit scam in SkyInsights and the other unique addresses that CertiK collects throughout our investigations.