Yet another cryptocurrency was targeted by an attack known as rug pull – BabyMuskCoin (BABYMUSK), which had $600,000 stolen from its investors.
The cryptocurrency-meme used the surname of Elon Musk, CEO of Tesla, as bait to attract investors. In this way, it followed the same path as other projects that applied the same type of scam.
Understand now how the BABYMUSK scam happened and how to protect your money from this type of attack.
The BabyMuskCoin Rug Puller
In the words of the project itself, its aim was to “catch Elon’s attention so that he joins”. That’s why BABYMUSK used the billionaire’s name.
Musk didn’t take the bait, but unfortunately many small investors did. According to blockchain security firm CertiK, the team behind the cryptocurrency transferred 1,571 Binance Coin (BNB) to the popular Tornado Cash mixing service.
This transfer is often the first indication that a coup is being applied. At first the developers of BABYDOGE said they were victims of a scam on Telegram. However, the project’s profile on Twitter and the website went down, which is yet another indication of scam.
#CommunityAlert🚨— CertiK Security Leaderboard (@CertiKCommunity) February 9, 2022
The project #BabyMuskCoin has dropped 99% and appears to be a #rugpull
1,571 $BNB (~$66K) was dumped and the funds were moved to Tornado cash.
The project team CLAIMS to have been scammed via Telegram, but the Twitter and website are down
Do not interact! pic.twitter.com/SUeLnrf4Gn
The indications that something was wrong started on January 31, when the developers made two transactions of 10 BNB each to Tornado Cash. Eventually, they started exchanging BABYMUSK tokens for BNB, causing the price to drop.
Finally, the attack was concluded on Wednesday (9), when the price of BABYMUSK collapsed by 99%. At this point all tokens were sold in exchange for BNB, which were already in Tornado Cash.
How to avoid rug pulls
Rug pull is a type of attack in which the founders/developers of a given project sell all the coins they control in the market. This sale is typically done in exchange for more valuable cryptocurrencies, such as BTC or BNB in this case.
In this way, the price of the original token collapses and the project is abandoned. The creators “pull the rug out” from small investors – hence the name of the scam – leaving them with a worthless token. The most famous of these recent scams was Squid Token, whose application of the scam was even broadcast live on the Twitch streaming service.
Rongui Gu, founder of CertiK and an assistant professor at Columbia University, commented on the case. He highlighted that rug pulls were one of the fastest growing scams in 2021.
“There has been an explosion of rug pulls over the last 18 months, scams where the founders have abandoned the project altogether and made off with as much money as they could extract from investors. In January of this year alone, CertiK discovered that $16.56 million was lost in nine such scams.”
Gu pointed out some warning signs that might indicate a rug pull. The first of these is a “relentless” promotion of its own token, along with a focus on upside potential at the expense of growth and fundamentals.
Another alert concerns the way codes are created. Gu points out that the best designs seek to avoid vulnerabilities that can be exploited later. If a project’s code is very confusing or full of flaws, it might be a tool for a rug pull.
“The only way to accurately assess a smart contract or blockchain protocol for security risks is to understand each line of code and how that code is supposed to perform as per its design specification. This may sound scary, and in fact it is. That’s why teams of professionals are dedicated to auditing smart contracts,” Gu said.