Back to all stories
Blogs
Incident Analysis
Risk On Blast Incident Analysis
3/29/2024
Risk On Blast Incident Analysis

Introduction

On 24 February, GambleFi project RiskOnBlast is thought to have become the first confirmed exit scam to occur on the Blast ecosystem, a layer-2 project on Ethereum. RiskOnBlast had launched an uncapped Initial DEX Offering (IDO), declaring to X user @mooncat2878, an early investor of the project, that the aim was to raise $1 million.

RoB2

The exact reason is unknown but the IDO was later capped at 420 ETH, approximately $1.3 million, before funds were withdrawn and sent to centralized exchanges such as MEXC, ByBit and Binance. As funds were being withdrawn, the projects X account and website was also deleted. This incident brings the total lost to exit scams to ~$65 million in 2024.

RiskonBlast

Background

RiskonBlast was in the early phases of project development having only recently launched an IDO with a fully diluted valuation (FDV) of $625k for their GambleFi project. GambleFi projects are akin to web2 gambling sites, users bet their crypto on a variety of games for a chance to win more crypto. The screenshot below is from a test version of the project’s roulette game in which users bet on yellow, green or black.

RoB1

The project had also signed up to Blast’s BIG BANG competition for project developers in which 50% of the upcoming Blast airdrop will be distributed amongst the winners. Part of the competition’s registration requires that a video is uploaded of a project member introducing themself and the project, whether RiskOnBlast submitted a genuine video or not is unknown.

RoB3

The project’s submission though, was sufficient enough for Blast to give the project an ‘Undeniable’ rating for potential which many investors saw as a green light to invest.

RoB4

IDO Contract

RiskOnBlast’s IDO contract, 0x25f8c342e430c85829ef5021c0720f0c60969840, was created on 22 Feb and was initially said to be an uncapped public sale, stating that the community could decide on their value. Though the timing and reason is unclear this was later capped to 420 ETH which was reached just two days later. The final IDO deposit was made at 14:18 UTC then at 14:35 UTC the funds were withdrawn and RiskOnBlast disappeared, deleting their social media account and website.

Stolen Fund Movement

IDO Withdrawal

After the IDO reached 420 ETH on 24 Feb, the IDO creator 0x1eeb963133f657ed3228d04b8cd9a13280efc558 called the contracts withdraw() function to withdraw the contract’s balance.

RoB5

Asset Distribution

The withdrawn ETH was swapped for WETH and DAI and split into multiple wallets which was then distributed as per the summary below.

RoB6

$24.8k of the funds were bridged via ThorChain to a Cosmos wallet. The receiving wallet can be identified within the memo field of a ThorChain transaction.

RoB7

Similarly, for funds bridged with Rango, the destination chain and wallet can be identified within the transaction logs.

RoB8

Summary of stolen funds:

  • 420.50 ETH (~$1.3m) withdrawn from the presale contract then laundered via multiple routes.

RoB9

Conclusion

RiskOnBlast became the first project to be a confirmed exit scam on the Blast network taking approximately $1.3 million from their IDO contract and is in the top 3 largest exit scams on token projects in 2024. A combination of market conditions and Blast having just launched their mainnet in February likely led to increased hype for the project amongst early adopters. As favourable market conditions continue to return it’s important to not let hype and fear of missing out prevent due diligence on a project. Many projects can be researched on CertiK’s Skynet, which provides valuable insight into many web3 projects. CertiK Skynet - Web3 Security, Due Diligence and Insights