ETHTrustFund - Rekt
Another day, another rug pull. This time on Coinbase's pet project Base Network.
ETHTrustFund rug pulls on Base, leading to $2.1 million in investor losses.
Every ponzi needs a catchy name and what better way to inspire trust than by including "ETH" and "Fund" in your project title?
It turned out to be anything but trustworthy.
Users deposited their hard-earned ETH directly into the project's treasury without realizing they were funding an exit scam.
The dev, known only as Peng, spent months building trust and raising capital, before ghosting investors for three months and finally pulling the rug.
Doesn’t this look like it was a personal trust fund for the developer?
Credit: Ogle, Octoshi, Coin Telegraph
With a well-funded treasury of over $2 million, ETHTrustFund aka ETF, positioned itself as an OHM fork on Base.
Investors believed the founder to be a seasoned dev, willing to build a legitimate project on the new chain.
To outsiders, it looked like a token that pumped and dumped back in March, after pumping shortly after launching, it was down over 90% less than a week later.
After months of inactivity, the price stagnated. Then came the inevitable.
Crypto crime fighter Ogle from glue.net called out the project for rugging over this past weekend and reported it to Chainabuse.
The fraudulent project abruptly moved funds from its treasury to a new wallet.
Crypto community figure Octoshi disclosed a series of suspicious funds transfers and the project’s sudden inactivity.
The founder, Peng, had deleted his Telegram, Twitter, the official Telegram of the project itself and was ignoring all messages and DMs.
Tracing the stolen funds:
All $BRETT tokens were swapped to $ETH and bridged from the treasury on Base to a fresh wallet on Ethereum.
ETHTrustFund deployer address: 0xF259F01C40C211D63Ab75A6d2B108B364EFaB780
Treasury address: 0xbfDB66a6783a6Dc757f539139c68BED75EB491c8
Bad actor’s address: 0x374f4BD39aD211e67e0f8Cb8Ebf1b4F6Ac3059aD
Theft Transactions:
3.2 million BRETT ($453k stolen on July 20): Theft Transaction 1
9.5 hours later…
477 ETH ($1.65 million stolen on July 21): Theft Transaction 2
The bad actor’s address moved 200 ETH to Railgun:
0x77fd5bba5ab71c7d79d5eb852a44c37213d6684d37f249efd4719aab6b5944c0
Shortly after, this address transferred another 200 ETH to Tornado Cash in two separate transactions:
0xfabb100940c9dc35f0393c895e068904fb6ed0f5955e04380f6edcc44f0fd0c2
0x15d8d620334eae734e2f1891005616802506940b38ede85cb628133dd9027edc
An additional 56.9 ETH was then funneled back to Railgun:
0xa9087c7458c66b0334c1dcc991503d70a0662f7043f8b95217e7cf75ec14369f
As the dust settled, users started looking for someone to blame. But "Peng" had already vanished into the crypto ether…
Social media accounts deleted, website down, only the ghostly remains of project docs were left behind, at least briefly, as those have been taken down too.
All evidence pointed towards a classic rug pull/exit scam, with Base as the unwitting stage for this financial theater.
ETHTrustFund positioned itself as a DAO with rebasing features, following the OHM playbook.
They issued blockchain-based bonds and implemented a "rebasing" mechanism for stakers.
They bragged to be the “Highest Return Yielding ETF On Earth”.
The fund promised to eventually "debase" or destroy its own ETF tokens, supposedly pushing up remaining token prices. All invested assets would allegedly generate yield for token holders.
Turns out that was all a smokescreen and the dev may have been the only one who profited through this web of ponzinomics.
0ctoshi urges those who were affected to contact him on X and his DMs are open, all info and help is welcome.
Shortly after Base launched, a project named BALD pulled the rug for $23 million, 3 weeks later, Magnate Finance rugged for $6.5 million.
As Base continues attracting projects and capital, it seems the L2 is speed running through some classic crypto scams.
Will Base ever shake off its reputation as a playground for rug pulls?
While Coinbase continues to tout Base as the future of DeFi, it seems the only thing truly decentralized is the distribution of scams across the network.
From BALD to ETHTrustFund, Base is building a reputation as a haven for digital highwaymen.
As investors lick their wounds and Peng presumably sips Mai Tais on a beach somewhere, we're reminded that in crypto, trust is as volatile as the markets themselves.
As the L2 wars heat up, it seems Base is content to let its users serve as cannon fodder in the battle for adoption.
In the race to crown the next big L2, have we forgotten that true innovation doesn't come at the cost of user security or is this just the price of admission to the future of finance?
With crypto crime fighter Ogle and others on the hunt, the scammer has a target painted on their back.
Hopefully they will paint themself into a corner and get caught.
In this high-stakes game of cat and mouse, with scammers abound, is this turning into an expensive game of whack-a-mole?
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
disclaimer:
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
Tapioca DAO - Rekt
Another day, another private key theft, another protocol rekt. Tapioca DAO on Arbitrum suffers a roughly $4.4 million loss in a private key compromise. Some funds have been recovered, though the full extent of the damage remains to be seen.
Radiant Capital - Rekt II
Radiant Capital gets a $53M haircut. Thought multi-sigs were safe? Think again. Radiant's "robust" 3/11 setup crumbled like a house of cards. Exploited twice in 2024, the future of Radiant looks about as bright as a black hole.
Surviving Digital Danger
Think you've mastered the crypto minefield? Think again. Surviving Digital Danger - The rekt guide to turning paranoia into an art form. It's time to level up your crypto survival skills.