On October 24, 2022, the Santa Coin team conducted an exit scam on $SANTA token and stole 765 BNB (~$209K) from $SANTA holders. The deployer has been slowly draining liquidity over a long period of time; however, our analysis explicitly focuses on the funds drained on October 24, 2022.
Santa Coin was originally launched as a meme coin in November 2021. The Santa Coin team claimed to be expanding with the addition of experienced developers and crypto marketers that will “carry on with the vision of creating a rewarding ecosystem focused on Defi & NFT P2E gaming”.
On August 15, the Santa Coin moderator posted an announcement in the Official Santa Coin Telegram that was later edited by the team. It is unclear what the announcement from the Santa Coin team originally said. It appears that the Santa Coin team planted the message on August 15 2022, so that the moderator could go back and make it appear to holders that this incident was a migration rather than an exit scam while taking additional funds from holders who attempted to migrate through the fake migration phishing link.
Image: Santa Coin moderator Telegram migration announcement Image: Phishing Link from Santa Coin moderator Telegram announcement
The link provided in the Santa Coin Telegram announcement led $SANTA holders to phishing website Coin Trading Solution (hxxps://vnxymiigrattiiontechliveweb.homes). According to who.is, Coin Trading Solution was registered on November 1st, eight days after the incident. Image: Coin Trading Solution website
Users were then prompted to select the option to migrate (various other functions were also available); the website then asked holders to provide their private keys (pictured below). Image: Coin Trading Solution prompt for private keys
The Santa Coin deployer called the removeLiquidity() function to drain the liquidity from the Pancakeswap pool, removing approximately 600 BNB in multiple transitions.
The deployer then sent 39,535,213,129,140 $SANTA tokens to the second actor 0xc80... in the following transaction: 0x35b97e72048419c7fc056e255af27aa36523031e1b7be7000e644a5d6845f2f6
Finally, the second rugpuller then sold these tokens for 165 BNB.
Deployer (first rugpuller): https://bscscan.com/address/0x1a97098b09b8be6b457fab6f14f9cbe42c19a2f5
Second rugpuller: https://bscscan.com/address/0xc80d7eb1526364e6734c9a35ea56471ea91fae60
Pancakeswap pool: https://bscscan.com/address/0xfdf3b6a027839a30a5de3e355708fd45c323f7ec
In this exit scam, there are many token sales and remove liquidity transactions:
Deployer (first rugpuller): https://bscscan.com/tx/0xdd3bb66b981cd13d0f8c4bbc5caf0c26d402b823c6998595c1292e6958a9e280 https://bscscan.com/tx/0x28e4d7b7ab53b993f139c7aa24c93bd050e09ba6235163b1425757a889746161
See DeBank | Your DeFi wallet for a complete list
Total funds lost from holders in this exit scam was around 765 BNB (~$209K). The 595 BNB has been transferred from the deployer wallet (first rugpuller) to 0xc94. Funds were then transferred to wallet 0xc40. The other 165 BNB from the second rugpuller has been sent to account 0xc40. Since the incident, 0xc40 distributed the tokens to Pancakeswap, BUSD-T Stable coin, and 0xb2E.
It is almost certain that this token was designed to be an exit scam from the beginning. The issue lies in intentional poor contract design and the initial token distribution created by the actors. Since the incident, Santa Coin’s Twitter is still up and has been stripped of previous promotional tweets of Santa Coin. Is this in preparation for a promotion of a new coin this year?
Do your own research and beware of scam tokens this holiday season!