How pump and dumps are perpetuated: The age of social media and easily fork-able meme-coin code bases

Learn through example as to how projects use social media and false promises to trick investors into buying

Note: This article includes a lot of technical jargon, in order to better understand the concepts discussed, it’s recommended you have our “Cryptocurrency List of Terms and Definitions” open to maximise understanding.

The past 6 months have been insanely crazy for the altcoin market. We have had literal meme coins reach insane heights simply through the power of social media. Most (not all) of these coins have 0 use cases, almost all being forked from similar codebases.

However, arguably, what makes these coins “pump” in price is the strategies used by the individuals that mint them. Hiring e-celebs to promote them, spamming every social media available that will allow posts, hiring armies of people to spread the word, botting upvotes/likes etc. It takes about 10 minutes to fork and deploy a coin on BSC; the difficult part is marketing the project enough so that the creators can bait buyers in, to dump token on them for BNB or whatever coin native to the network the token was minted on.

In fact, there is a clear, identifiable system on how these scams operate, making it easy to repeatedly do and making it easy for investors to identify these projects early on as potential scams. 

Step 1: Find a coin with an open-source code base that already does everything needed. Most coins have some burn/distribution system to artificially reduce supply (laws of supply and demand here to attract buyers) and fork the codebase.

Step 2: Now that the coin is deployed, a website and some nice graphics are needed to help the project look legitimate. Nothing 50 USD and 10 minutes on Fiverr can’t solve.

Step 3: It’s important to obfuscate holdings by separating them between multiple wallet addresses. Also, locking LP and renouncing ownership of the contract is important, so the project looks less likely to be a rug pull or scam.

Step 4: Now that the website is deployed and the token is minted with LP locked and the contract being renounced, It’s time to set up a Telegram, buy a Reddit account with enough Karma to post on every Cryptocurrency forum possible, and manipulate the price and holders to bait new buyers into selling BNB for the worthless token minted.  

Step 5: Paying celebrities or social media users to share the project is important, as it will help increase the initial volume and buy orders coming in.

Step 6: New buyers enter the fray. As the coin starts moving up, start slowly draining the wallet holding the funds for the network's native token (BNB or ETH). Eventually, when interest is being lost, and the price can’t make new all-time highs, it’s time to dump the rest of the tokens, stealing all the liquidity from the pool.

Step 7: Repeat steps 1-6 for more profit.

Now let’s take a look at what this looks like in practice:

First, here is a token the team came across recently; let’s see how it fits into our criteria.

Let’s start with the token contract.

Running the contract code through a sdiff or text comparison tool shows us that the contract was directly forked from SafeMoon, bar a few changes made to the taxFee and liquidityFee functions, reducing the amount of token redistributed to holders, and added into the liquidity pool.

Running the contract through token sniffer also shows that the token has similarities with 724 other token contracts, many of these tokens being rug pulls or exit scams.

More disturbingly, however, the token contract was only minted 15 days ago (as of 06/06/2021), and looking at the chart, it seems to have gone through a pump and dump cycle.

Looking through the token’s website and analysing the team and roadmap also gives us insight into the project's legitimacy.

Starting with the team and the descriptions they use to describe their technical capacity, allowing investors to gain insight into if the project can execute at a high level, or like the many other thousands of tokens minted on BSC, the token is just another money grab.

Looking at the team’s technical skill set, there is no mention of whether any of them can program in Solidity, have experience in smart contract auditing or b2b payment solutions, including cryptocurrencies. Dozens of cryptocurrency contracts are exploited monthly, so having a team with a strong engineering background is important to prevent any potential exploits from being used to either steal liquidity from the pool or rug token holders.

The road map does not look promising as well.

The project has big dreams; however, the whitepaper nor the website indicates how the project will expand into these segments, with zero mentions of technical specifications or any technical documentation at all. This seems, on the outset, to be a “hype” based project, making many big promises.

Digging further into the team, only two members have LinkedIn accounts to try and verify work experience.

One founder ran a fishing and outdoors store before creating the project.

The other worked at a radio station and then a digital marketing agency.

The only other founder with any credentials on the website is a “social media influencer” with hundreds of thousands of followers. Employing/paying “influencers” seems to be a common trend among many scam projects to increase visibility and help create FOMO. A perfect example of this was when Soulja Boy accidentally copied the promotion email he was sent into his tweet to promote a project similar to this one.

A Reddit post was made about the token, on a popular subreddit used to shill tokens. The subreddit is notorious for having many scams and rug pulls promoted on it. Even though the thread had no comments, it had over 100 upvotes. Furthermore, the projects Twitter profile again mentions no plans or technical documentation of the logistics, architecture or design of future features they plan to implement. Unlike many other highly technical cryptocurrency-based projects, it’s mostly filled with memes and jokes concerning “Karen”. Although the project has a disclaimer on its website stating, “cryptocurrency can be very volatile, so please invest at your own risk,” they don’t shy away from consistently stating that it’s the next “billion-dollar meme coin”. Unfortunately, trading these tokens is like playing a game of financial hot potato, someone always gets burned.

Now, let’s do some blockchain analysis, to try to learn more about the project.

As stated by the tokens team, half the liquidity was burned, which can be seen in this burn address, with 52.9060% of the supply being burned currently. This is a common social engineering type tactic used by many cryptocurrency projects to give the allure to investors that the supply has been reduced and make it hard to quantify the size of the holders.

These projects will mint a massive supply, then burn a majority of the supply. They will then add a portion of the supply to the liquidity pool and distribute the rest. This makes it hard to understand what % of the supply people own in relation to the pool and circulating supply.

Not a really difficult tactic to deploy; however, it is enough to sometimes trick holders into thinking the circulating supply is a lot smaller than it actually is and makes whales look smaller than they actually are.

Furthermore, with some basic blockchain analysis, we can identify transactions that look suspect. The contract was created at this transaction hash. One of the top holders, specifically this address, approximately an hour and fifteen minutes after the token was minted, purchased 8,699,126,063,214.752234031 tokens for 1 BNB at this transaction hash. The current market value (as of 06/06/2021) is approximately USD 125,000, at the peak being well over USD 300,000. The cost of the 1 BNB at this time was $261.63. This is an increase of approximately 47,677.40%.

What makes the transaction suspect was the time in which it occurred. The token was minted on May-23 -2021 at 10:45:47 AM +UTC, and the transaction mentioned above was completed on May-23, -2021, at 12:02:23 PM +UTC. This transaction took place approximately an hour and fifteen minutes after 50% of the supply was burned at this transaction. A similar story can be found with the second-largest holder of the token. This address made multiple purchases, the first being at May-23-2021 12:01:47 PM +UTC, at this transaction hash, also buying into the token an hour and fifteen minutes after the token was minted and supply burned.

There are two possible scenarios explaining how someone could buy into a token so early after launch.

The first potential scenario is that the creators of the token purchased the coins. To prevent any on-chain links to the wallet that created the token and wallets used to purchase the token, it’s possible to obfuscate transactions by simply using separate wallets which hold BNB to conduct the purchases, routing funds between different network bridges and exchanges. This makes linking the wallet used to create the token and the wallets used to initially purchase the token virtually impossible.

The next possible scenario was that these addresses are managed by bots that are programmed to buy extremely low market cap coins that have locked LP and renounced ownership. This could be possible because the token creator used the exact same address to mint multiple “test” tokens instead of using the actual BSC testnet to test contract code on. A testnet is “an instance of a blockchain-powered by the same version of the underlying software, to be used for testing and experimentation without risk to real capital or the main chain”. For example, in the below screenshot, it can be seen that the address that created the token also created many other test tokens before creating the main token to be deployed.

This goes back to an earlier point made, at how the team does not directly state if they have any experience in Solidity or contract auditing and testing. By creating multiple test tokens like this, it opens up the token to potentially being exploited by bots, which will detect and track addresses minting these tokens and buy small amounts really early on, in order to potentially generate large returns by either immediately dumping as new buyers join, or waiting until a downtrend is detected.

However, these bots tend to trade dozens, up to hundreds of tokens. Still, the two whale wallets mentioned above combined only have a total of 12 tokens in the addresses, including the one being analysed.

A developer experienced in writing complex smart contracts and testing them will have used the token networks testnet in order to be able to thoroughly test edge cases and check for exploits, instead of deploying multiple “tests” on the mainnet, then using the exact same wallet to deploy the project. This is not standard practice in the industry.

Furthermore, the project does not seem to be open source. The project website does not have any links to a Git repository. After extensive searching, the team could not find any links to a codebase on any of the social media accounts of the project.

The project also has a “community marketing fund”, with funds being sent to this address. Although, as stated by the team, this is a community fund, the funds are not managed by a DAO (Decentralised Autonomous Organisation); instead, the funds managed by two of the founders, as stated on the token’s website.

Although the tokens team does directly state,

We will only ever pay influencers and release funds once we have a majority vote in the community as to what we spend marketing on. This will be done through our various social channels where the total tally will be totalled from each to decide on the next marketing projects we work on

The funds are still at risk of being stolen, as only the two founders have access to the wallet and control access to the funds. Placing the funds into a community-managed DAO would solve this issue and prevent the founders from potentially taken the funds in the wallet for themselves.

So, in summary, our analysis has shown:

  1. The team seems to not have the technical capacity to execute the stated plans in the project road map.

  2. Multiple large transactions made right after the token was minted, both of which holding a large majority of the supply.

  3. The teams “community marketing fund” not being controlled by a DAO; instead, it is controlled by the founders, making the project not completely decentralised and adding the additional risk of the community funds being potentially stolen.

  4. The use of memes and obvious shilling on various forums famous for hosting many past rug pulls and exit scams to promote the token.

  5. There is no public or open-source code base to verify the team's claims about building various features, including a native blockchain for the token, instead of being hosted on BSC.

  6. The extreme similarities between the tokens contract and SafeMoon’s contract, bringing nothing unique to the market except changing the amount burned and added to LP after every transaction, instead of being a simple fork of an already existing project.

  7. The token contract having extreme similarities to other projects which have rugged or exit scammed on token holders.

  8. A lack of technical documentation or specifications that explain how the team intends on implementing all the features, functions and use cases mentioned on the website and road map.

    Share

The token meets many of the defined criteria mentioned above. Although both LP is locked and ownership of the contract renounced, there is still the risk of the two largest wallets selling, draining all the liquidity out of the pool, crashing the price and draining liquidity.

From a review of our investigations and information linked to this article, it does not appear that the team has the capacity to execute on its promises. Although the Qluster team cannot state directly that the project is a scam, there are definitely many red flags, as pointed out, which should be a caution to the tokens holders and investors. Furthermore, this exact criterion can be applied to many other similar projects, with a similar outcome being reached.

See you again for future analysis.

- q

Leave a comment

Follow us for more detailed analysis on all markets, including Decentralised technology.

Check out the links below

Subscribe to our newsletter, with daily content free for a limited time only:

https://research.qluster.co/

Join our Facebook group and speak with likeminded traders:

https://www.facebook.com/groups/156981244915722

Like our Facebook page for future updates:

https://www.facebook.com/qlusterco


The information on this website is for general information purposes only. It is not intended as legal, financial and/or investment advice and should not be construed and/or relied on as such. Before making any commitment of a legal and/or financial nature you should seek advice from a qualified and registered legal practitioner and/or financial and/or investment adviser. No material contained within this website should be construed or relied upon as providing recommendations in relation to any legal and/or financial product. Qluster does not recommend and/or endorse products and does not receive remuneration based upon investment and/or other decisions by our email recipients, publications, newsletter or website users.