Introduction

On 24 February, GambleFi project RiskOnBlast is thought to have become the first confirmed exit scam to occur on the Blast ecosystem, a layer-2 project on Ethereum. RiskOnBlast had launched an uncapped Initial DEX Offering (IDO), declaring to X user @mooncat2878, an early investor of the project, that the aim was to raise $1 million.

The exact reason is unknown but the IDO was later capped at 420 ETH, approximately $1.3 million, before funds were withdrawn and sent to centralized exchanges such as MEXC, ByBit and Binance. As funds were being withdrawn, the projects X account and website was also deleted. This incident brings the total lost to exit scams to ~$65 million in 2024.

RiskonBlast

Background

RiskonBlast was in the early phases of project development having only recently launched an IDO with a fully diluted valuation (FDV) of $625k for their GambleFi project. GambleFi projects are akin to web2 gambling sites, users bet their crypto on a variety of games for a chance to win more crypto. The screenshot below is from a test version of the project’s roulette game in which users bet on yellow, green or black.

The project had also signed up to Blast’s BIG BANG competition for project developers in which 50% of the upcoming Blast airdrop will be distributed amongst the winners. Part of the competition’s registration requires that a video is uploaded of a project member introducing themself and the project, whether RiskOnBlast submitted a genuine video or not is unknown.

The project’s submission though, was sufficient enough for Blast to give the project an ‘Undeniable’ rating for potential which many investors saw as a green light to invest.

IDO Contract

RiskOnBlast’s IDO contract, 0x25f8c342e430c85829ef5021c0720f0c60969840, was created on 22 Feb and was initially said to be an uncapped public sale, stating that the community could decide on their value. Though the timing and reason is unclear this was later capped to 420 ETH which was reached just two days later. The final IDO deposit was made at 14:18 UTC then at 14:35 UTC the funds were withdrawn and RiskOnBlast disappeared, deleting their social media account and website.

Stolen Fund Movement

IDO Withdrawal

After the IDO reached 420 ETH on 24 Feb, the IDO creator 0x1eeb963133f657ed3228d04b8cd9a13280efc558 called the contracts withdraw() function to withdraw the contract’s balance.

Asset Distribution

The withdrawn ETH was swapped for WETH and DAI and split into multiple wallets which was then distributed as per the summary below.

$24.8k of the funds were bridged via ThorChain to a Cosmos wallet. The receiving wallet can be identified within the memo field of a ThorChain transaction.

Similarly, for funds bridged with Rango, the destination chain and wallet can be identified within the transaction logs.

Summary of stolen funds:

• 420.50 ETH (~$1.3m) withdrawn from the presale contract then laundered via multiple routes.
  • $494,912 via ChangeNow
  • $385,743 via MEXC
  • $193,055 via ByBit
  • $125,000 via Railgun
  • $24.8k to cosmos12alg6yvhz9ympry4h2zhsy0547t6llx8grnprd via ThorChain
  • $20,000 via SideShift
    • 15k to 0x883b3e906d3659b986bd5fb542fcdd00a8f0dae5 on BSC then to ByBit
    • 5k to 0x56475365CDFA0DAD210b99e1B218E2e1D82138B0 on Arbitrum then to ByBit
  • Approximately $50k was lost to MEV during token swaps
  • Below, $24,759 was bridged via RangoBridge to Arbitrum 0x09c366e8ec6cc5c53454ac16d237cf7fa719783e which aggregated $129.1k before sending the funds to a Binance account. The funds received at 11:13 and 11:15 were transferred via deBridge.

Conclusion

RiskOnBlast became the first project to be a confirmed exit scam on the Blast network taking approximately $1.3 million from their IDO contract and is in the top 3 largest exit scams on token projects in 2024. A combination of market conditions and Blast having just launched their mainnet in February likely led to increased hype for the project amongst early adopters. As favourable market conditions continue to return it’s important to not let hype and fear of missing out prevent due diligence on a project. Many projects can be researched on CertiK’s Skynet, which provides valuable insight into many web3 projects. CertiK Skynet - Web3 Security, Due Diligence and Insights