# Pump Scammer Analysis

{% hint style="info" %}
He might not operate on your favorite chain, but we can extract some valuable knowledge and see how some of these automated scammers work.
{% endhint %}

## Preamble: Finding the gem

After a few hours of tinkering with filters and digging around the newest tokens, you finally find what looks like a future gem. The price action is great, and you are in. [DOGS is the token](https://blokiments.com/detailedView/arbitrum?pairAddress=0xf3ea5b9c204597fb43e3ce568c9d3548cb5d1e05) that will get you to the moon.

<figure><img src="/files/F3I0kE2eSY5SmmEiwM3f" alt=""><figcaption><p>0xf3ea5b9c204597fb43e3ce568c9d3548cb5d1e05 price action before scam</p></figcaption></figure>

You wait a little bit, and the price keeps going up. You want to sell after reaching your Lambo-sell threshold, but the transaction keeps failing. And inevitably, the crash comes, and your money is gone.

<figure><img src="/files/WKo0WVhvjxuPoB0QsGaY" alt=""><figcaption><p>0xf3ea5b9c204597fb43e3ce568c9d3548cb5d1e05 price action after crash</p></figcaption></figure>

But what exactly happened?

Let's look at it through the scammer's eyes.

## Setting the stage

### Meet the cast

Today’s main actor is called SHADY SLIM ([0x5E2d9aEEECFb564886934a25dAFA342B83a7F92b](https://arbiscan.io/address/0x5E2d9aEEECFb564886934a25dAFA342B83a7F92b)). And we can see him funding three distinct addresses:

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdUsUU3fRYeAOmZzErxBb2Sb8G01vZ2ZmP2lfOjuiwJdSdeJNega_bacyE-hfPUcwnTZyHeICsLSJT6noYl-mstEUVBoSIrmMNAM2H22omdZgEm_ZIPkVGyWFErqQyqultPxFljL-WkihNasIS6dstNu3n_?key=Ys0fo91C0H1vK-jw4bByIQ" alt=""><figcaption><p>Founding addresses</p></figcaption></figure>

* [TxHs](https://arbiscan.io/tx/0x1346159cdb931cf00af48ac4f2dac42ac05d9acd78cd9da7dd60c61f551140ed): Aug-20, 04:42 UTC: SHADY SLIM sends 0.1ETH to wallet we will call OCTAVIUS ([0xF34C8bFD4807A01Ed0b84476FC0F96E9F7F32dB7](https://arbiscan.io/address/0xf34c8bfd4807a01ed0b84476fc0f96e9f7f32db7))
* [TxHs](https://arbiscan.io/tx/0x0c782208d51ce79130d548d7b136b880c5c1710a8cc057c38806fb903b8b42c6): Aug-20, 04:40 UTC; SHADY SLIM sends 0.022ETH to a wallet we will call DOGS TRACKER ([0x0Dff20B5e844F262036703b7931C946376a5f58C](https://arbiscan.io/address/0x0dff20b5e844f262036703b7931c946376a5f58c))
* [TxHs](https://arbiscan.io/tx/0x9e4ad58927b5f2bffade431c1fcf27b769a3a5925166fd2ab9d1d08cc2675537): Aug-20, 04:41 UTC: SHADY SLIM sends 0.022ETH to a wallet we will call DOGS DEPLOYER ([0x5409CD38F77884dFFa63D354F8E99d748f9fd736](https://arbiscan.io/address/0x5409cd38f77884dffa63d354f8e99d748f9fd736))

### A role for everyone

Each actor in our cast has been funded for a specific task.

**DOGS DEPLOYER**

* [TxHs](https://arbiscan.io/tx/0x678a97d0881c8437d81d0681cc31fdd630804f88e758ee12d5b9a4a0c5d083e9): Aug-20, 04:41 UTC: DOGS DEPLOYER creates the new (scam) token. This time, it goes by the symbol DOGS ([0x9E5828bB60582bc3575025bdc5E495C0ae1807ca](https://arbiscan.io/address/0x9e5828bb60582bc3575025bdc5e495c0ae1807ca)). Upon creation, he gives himself 1e21 amount of DOGS tokens.
* [TxHs](https://arbiscan.io/tx/0x9a69de494e78dbdd1512a75377bf5309e2c786db9d3a57c554df4e27c079586c): Aug-20, 04:42 UTC: Next, he burns 1e20 (10%) of the tokens. This is most likely to get around some basic token scanners. He is pretending this is a legit token with some of its supply burned.
* [TxHs](https://arbiscan.io/tx/0xc01eed8e8ab480acb9615cc97c0f94221a3c1ac84a7c136a2611dc145b6177e6): Aug-20, 04:43 UTC: Next, he transfers the remainder 9e20 (90%) to another smart contract we will call PUMP ENGINE ([0x15eBa2c56B0De4b1665a7280DcD62384b8597175](https://arbiscan.io/address/0x15eBa2c56B0De4b1665a7280DcD62384b8597175))
* [TxHs](https://arbiscan.io/tx/0xc63bada9d63d9477f982b8cde8caa06cf9b10d052d34b45142e2f808eb5a7194): Aug-20, 04:43 UTC: As a final move, he renounces his ownership. Another move aimed to make the scam token appear more legitimate to basic scanners.

**DOGS TRACKER**

* [TxHs](https://arbiscan.io/tx/0xcdf82028413ac746451e6f16cacc0bb04d19f14d4946c8a3552937eb46598759): Aug-20, 04:40 UTC: After his initial funding round, DOGS TRACKER deploys a smart contract ([0xf3AF2ecbD1241279F344B5B922094d5757F1AD31](https://arbiscan.io/address/0xf3af2ecbd1241279f344b5b922094d5757f1ad31)). The contract is not open-sourced, and we could not completely decipher it. But, to our understanding (spoiler alert), it is a blacklisting smart contract that makes sure victims can’t sell or move the scam tokens.
* [TxHs](https://arbiscan.io/tx/0xd35edc456400f4803fb7fbc3b9a52f54d1a17a63ec1b728cd08b4348b4775092): Aug-20, 04:44 UTC: Next, DOGS TRACKER tells this smart contract about all the relevant wallets and players (DOGS Pool, DOGS Token, PUMP ENGINE)
* After that, DOGS TRACKER lays dormant until a victim buys the scam token

**OCTAVIUS**

* [TxHs](https://arbiscan.io/tx/0x2b8e3ba64d5daaaeaaccb9f60dbacd8b24c97909bc18c26ee038db8b94cdf70c): Aug-20, 04:44 UTC: OCTAVIUS, the man who will be pulling the strings now, firstly creates the DOGS Pool ([0xF3EA5b9C204597fB43E3CE568C9d3548CB5D1E05](https://arbiscan.io/address/0xF3EA5b9C204597fB43E3CE568C9d3548CB5D1E05)) on SushiSwap. He does this by calling the PUMP ENGINE.

The stage is set, and the scam is up and operational. Now, let's see what is happening in the pool.

## Price and Pool manipulation tactics

There are three tactics that the scammer is using to manipulate the pool metrics and price action.

### Volume pump

The PUMP ENGINE makes a lot of back-and-forth trades in the pool. You are effectively making 0 profit but pumping the volume number very high. It is similar to me selling you 1 ETH for $3k. And the next second, you are selling me 1 ETH for $3k. And then I'm selling it to you again, 1 ETH for $3k. And then you are selling it back to me again, 1 ETH for $3k. Neither of us made any profit through these four trades, BUT we did make $12k of volume.

The only cost of this tactic is the transactions, but since this happens on an L2, such costs are minimal. This scam is hard to happen on Ethereum because the trading fees are too high.

An example of such a volume pump can be seen in this TxHs, where OCTAVIUS called a specific function in the PUMP ENGINE that makes the pump happen.

Usually, one or two such pumps occur at the very beginning (to attract the trading bots), and then maybe a few more pumps during the token's lifetime.

### Simple price pumping

Another tactic the scammer is using is a simple price pumping. Here, the PUMP ENGINE buys the token from the pool. It keeps making ($300 - $1500) buys, which increases prices. There are occasional sells, probably to fool some basic token scanners. But for the most part, the price action keeps increasing linearly.

### Airdrop

The third tactic is an airdrop.

Again, OCTAVIUS calls a function of the PUMP ENGINE that gets this process going. An example can be seen in this TxHs, where the PUMP engine spends a very small amount of WETH to distribute pennies of DOGS to a lot of different and random addresses (130+).

The effect of this tactic can be twofold. On the one hand, it pumps the number of holders of the DOGS token. On the other hand, it might attract some random people to check the token out. Hey, you just got a random token; I wonder what it is. You check it out, and the price action looks amazing. So you buy it—hook, line, and sinker.

## Victims

The pool is deployed, and the tactics are being executed. The price is increasing, and now the scammer is waiting. Hopefully, token scanners will pick up this token and land it in front of potential victims' eyes.

### DOGS first victim

Sadly, the first victim arrives.&#x20;

[TxHs](https://arbiscan.io/tx/0x3421474d4079d2b46bd3d6cc70e2c01f6ddbfa9cbab763a57688735485b2e30f): Aug-20, 05:19 UTC: A wallet (0x453282cF8d285e193f9693D4f8BacCC477f3bF0E) buys DOGS token for around $33. Ain’t no shame; we’ve all been scammed.

Buying the token triggers the scammer's next move.

[TxHs](https://arbiscan.io/tx/0x63e432f982aca26542ac6c30429a7e55b3bed5875112a63bac2bb69d32d352d6): Aug-20, 05:20 UTC: DOGS TRACKER awakes and calls the DOGS TRACKER Smart Contract. What exactly this does, I don’t know. But, we can see that the victim’s address can be found inside the call parameters. I believe this call blacklists the victim's address from interacting with the DOGS token.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXepzapZymhGTEL-LS1Ew8T4uzVl_ImqrWr4xJUxtgVMToApvZ9TvO9lYBrQSIduEcfbavVBQ5ULblggNdN4sQ0_RdvzAWUY40ZIltRHnkUj05oweAzLSMW0yjU2P3AJM3QyVk7Sd96QrLhC2uQ5bJEK2Xs?key=Ys0fo91C0H1vK-jw4bByIQ" alt=""><figcaption></figcaption></figure>

The same pattern appears for any other victim.

### Coup de Grâce

After some days (usually 2-4), the signal comes, and the dumping begins.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfio-gqRL-iPwaVQXnY6iOdKrnnRH_3mXjerQPlCfRz1e8pxoGTDJv5OYPQqyP8wYyXBG3yYUqa097bPtQDmqEpFLtc5O-XULqXPbdll9RkiDXzHLMBcJ5WyFIeXKm1-YQOcp2EZ3Xi0NgCMQZ_8iwpGx8B?key=Ys0fo91C0H1vK-jw4bByIQ" alt=""><figcaption></figcaption></figure>

PUMP ENGINE dumps all accumulated DOGS tokens within a few minutes (cca 5min).

[TxHs](https://arbiscan.io/tx/0x56ba5379ce0f88b27ddebd441d59d1b3ddc77d2bcd71e57668f370972155dd15): Before the final trade, DOGS TRACKER calls the DOGS TRACKER Smart Contract one last time. I believe this triggers a hidden mint function, which allows OCTAVIUS to collate every last bit of profit from the pool.

With this, the scam is finished. He might not have made much profit, but I found an example where he made a profit of a few thousand dollars.

The only real costs are the transaction costs, but these are very small since this is happening on an L2.

Any remaining funds inside the DOGS DEPLOYER, DOGS TRACKER, and PUMP ENGINE are returned to SHADY SLIM.

And the cycle begins anew.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdoXNBOvzdWRah5TMGBqOLX2jNh1ZSBCdlzkvQV9wnsrFWfCVyNsV-C9MyvQJwAgSfLtyeOBJoaqbeUJuvh7pThO1QRiC5R4lf2XaCLmcj2tAGR3Ym8L-KWayXxnaU7-iwYBGmFscOpgOYQc_0P_WjVT6Rl?key=Ys0fo91C0H1vK-jw4bByIQ" alt=""><figcaption></figcaption></figure>

## Final thoughts

Thank you for reading this deeper dive into the modus operandi of this specific Arbitrum scammer.

If anyone has any questions, feel free to message us.

And if anyone wants to take this inquiry further, here are some of the questions we were left with:

* Who is the founder of SHADY SLIM? He started the scams, but someone also funded him.&#x20;
* Has this SUGGAR DADDY funded other shady slims?
* Where does the final profit end up? We did not find the final wallet, which would aggregate all the profits.
* Is there a way to spot these bad token contracts? Can we compare normal ERC20 smart contracts with these falsified and rotten scam ERC20 tokens and say which ones are scams?


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.blokiments.com/guides/blog/security/pump-scammer-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.