Investors have lost circa $60,000,000 worth of ETH in the latest DeFi scam AnubisDao that occurred on October 29th, 2021, approximately 30 hours after the project was launched on discord.
AnubisDAO developers marketed the project as a fork of OlympusDAO, a decentralized reserve currency that aims to bring more financial stability and transparency by building a decentralized financial infrastructure. OlympusDAO is backed by bond sales and LP fees.
It also featured five developers from PebbleDAO, the individual behind prominent Twitter account Sisyphus, and other developers who all converged on a Telegram group to work on the project.
Rug pull occurs even before Liquidity pool launches
The project raised roughly 13,256 ETH, through Copper, the AlchemistCoin’s Liquidity bootstrapping protocol (LPB). Sisyphus explained on Medium how the events went down from the launch of the project on 27th October to the rug pull on the 29th of October and the transfer of funds to Tornado.cash and Coinbase.
With the LBP still running in the background, one of the developers Beerus, who allegedly controlled the LBP deposit contract claimed to have suffered a phishing attack on Friday morning. Beerus said that he opened an email with a pdf attachment that he thought was from Sisyphus. According to Sisyphus, developers made a mistake giving Beerus sole access to the LBP seed phrase.
“This was a mistake, this should have been done from the original multisig wallet.”
The first rug pull withdrew around 13,556 ETH four hours before the completion of the LBP on the same morning, Etherscan shows that Beerus personal funds remain intact, but the LBP funds got completely drained and were immediately transferred to another wallet.
However, both wallets were confirmed to be derived from the same seed phrase. Then an hour later, Beerus interestingly sent the seed phrase of the LBP wallet to the working group on Telegram.
While Sisyphus and the rest of the team were busy reaching out to exchanges to blacklist the addresses and running communications, Beerus allegedly deleted his account on Twitter.
The second pull rug address transferred funds to a third address. Meanwhile, security researchers including Chainalysis said there was no evidence on Sendgrid that Beerus had received a phishing email.
After the rug pull went public, people compiled real information about the identity of Beerus, which seemingly spooked him, causing him to go to the police in Hong Kong, file a report and turn over a computer.
“Over the course of Saturday midday EST, several US law enforcement agencies (the same group who resolved the recent Stablemagnet situation) are made aware of the attack/rug.”
On Saturday, around 11 am, a wallet affiliated with the attacker transferred 13 ETH to the privacy wallet Tornado.Cash, making three transactions for 1 ETH and 1 transaction for 10 ETH. Furthermore, the wallet received two more deposits from Coinbase. From this point onwards, the wallets went on a wild transfer of funds, with much of the activity being funneled through Coinbase.
Sisyphus vs Beerus
As part of damage control, Sisyphus also took to Twitter on Friday, offering (the tweet has since been deleted) a 1000 ETH bounty to anyone who could identify the person whose address received the stolen funds.
In response, a crypto brand designer named @lolef quoted an 18th March Tweet by an account named @Beerus which mentioned the address in question. It’s at this point that Beerus deleted his account.
However, Beerus allegedly reappeared twenty minutes later under the account name @cryptofan777 in an attempt to clear his name. The account provided the screenshot of the email with the potential malicious pdf attachment and further proof in screenshots that Beerus had neither ghosted Sisyphus for 12 hours since the first rug pull occurred (as previously claimed) or volunteered to handle the LBP funds.
This development raised community uproar with investors taking sides on who was innocent or guilty. One investor, Brian Nguyen, told CNBC that he lost nearly $470,000 to the rug pull. He added that his confidence in the project was spurred by the recent popularity of dog-themed coins like Shiba Inu and endorsement from Sisyphus. AnubisDAO was branded after the Egyptian deity Anubis, an ancient god featuring the body of a man and the head of a dog.
“I expect the path forward from here will be driven by law enforcement given that the attacker has not yet returned funds despite ETH bounty.”