Check Point Research Unraveling the Rug Pull: a Million-Dollar Scam with a  Fake Token Factory – Check Point Research

By Oded Vanunu, Dikla Barda, Roman Zaikin


  •  Blockchain Vigilance Unveils Million-Dollar Heist: Our Threat Intel Blockchain system uncovered an ongoing Rug Pull event, and traced the actor behind this scheme   
  • The Scammer’s Tactics: Exploiting Hype for Ill-Gotten Gains, The perpetrator lured unsuspecting victims into investing.
  • Unraveling the Scam: A Step-by-Step Deception The scam operated in several stages, including the creation of fake tokens, the manipulation of liquidity pools, simulated trading activities, and the extraction of funds.
  • Check Point Researchers calls out investors to understand the details of this step-by-step process, crucial to protect themselves from falling victim to similar schemes.


In the dynamic realm of cryptocurrency, recent events have highlighted the ever-present threat of Rug Pulls—deceptive maneuvers that leave investors empty-handed. Our Threat Intel Blockchain system, developed by Check Point, recently sounded the alarm on a sophisticated scheme that managed to pilfer nearly $1 million. Let’s delve into the details of this elaborate crypto con and understand how it unfolded.

Check Point’s Threat Intel blockchain system identified and alerted the following address 0x6b140e79db4d9bbd80e5b688f42d1fcf8ef97798

This address involves in blacklisted activities, our system has begun monitoring the activities associated with the wallet address:

This is the balance of the scammer’s wallet (15/11/23), This address operated 40 distinct rug pulls and has been stolen almost 1 million dollars!

The scammer (0x6b140e79db4d9bbd80e5b688f42d1fcf8ef97798) tactic is to create tokens based on the latest hypes to lure victims to buy his tokens, for example, the token name GROK 2.0 (0xd4b726c5b5e6f63d16a2050ee3ac4a0f0f81f1d4), possibly derived from a well-known AI system (X GROK), is intended to attract buyers.

The Anatomy of the Scam:

How did this elaborate scam work, and how did it manage to siphon off a substantial sum? Here’s a breakdown:

  1. Creating Fake Tokens: The scam commenced with the creation of deceptive tokens, exemplified by the token GROK 2.0. The choice of names often mirrored trending topics to attract unsuspecting buyers.
  2. Adding Money to the Liquidity Pool: To create a façade of legitimacy, the scammer injected funds into the token pool, creating the illusion of a vibrant and active token.
  3. orchestrated Trading Activities: Leveraging a specialized function (0x521da65d) in the contract, the scammer executed simulated trades, making it appear as if genuine buying and selling were occurring. However, it was merely a ruse orchestrated by the scammer.
  4. Pumping Up the Volume: Another function (0xf029e7cf) came into play, facilitating large-scale trades between WETH cryptocurrency and the GROK token. This artificial inflation created a sense of high demand and value, enticing investors to join in.
  5. Attracting Buyers: Capitalizing on the perceived attractiveness of the token, users began buying in, unaware of the impending deception.
  6. Taking the Money: Once the token had sufficiently lured in investors, the scammer executed the final move—withdrawal of liquidity from the token pool, leaving token purchasers with empty hands and depleted funds.

Technical part

The scammer used 2 different smart contracts to trade and pump the token volume. The first contract address he used is 0x2ef3216e95e2b7c8e378ae64534100e69598f955 which contained the simulated trading function (0x521da65d).

function [email protected]

Source: Original Post

“An interesting youtube video that may be related to the article above”