Pump Scammer Analysis

In today's post, we will look deeper at a specific Arbitrum scammer.

He might not operate on your favorite chain, but we can extract some valuable knowledge and see how some of these automated scammers work.

Preamble: Finding the gem

After a few hours of tinkering with filters and digging around the newest tokens, you finally find what looks like a future gem. The price action is great, and you are in. DOGS is the token that will get you to the moon.

You wait a little bit, and the price keeps going up. You want to sell after reaching your Lambo-sell threshold, but the transaction keeps failing. And inevitably, the crash comes, and your money is gone.

But what exactly happened?

Let's look at it through the scammer's eyes.

Setting the stage

Meet the cast

Today’s main actor is called SHADY SLIM (0x5E2d9aEEECFb564886934a25dAFA342B83a7F92b). And we can see him funding three distinct addresses:

TxHs: Aug-20, 04:42 UTC: SHADY SLIM sends 0.1ETH to wallet we will call OCTAVIUS (0xF34C8bFD4807A01Ed0b84476FC0F96E9F7F32dB7)
TxHs: Aug-20, 04:40 UTC; SHADY SLIM sends 0.022ETH to a wallet we will call DOGS TRACKER (0x0Dff20B5e844F262036703b7931C946376a5f58C)
TxHs: Aug-20, 04:41 UTC: SHADY SLIM sends 0.022ETH to a wallet we will call DOGS DEPLOYER (0x5409CD38F77884dFFa63D354F8E99d748f9fd736)

A role for everyone

Each actor in our cast has been funded for a specific task.

DOGS DEPLOYER

TxHs: Aug-20, 04:41 UTC: DOGS DEPLOYER creates the new (scam) token. This time, it goes by the symbol DOGS (0x9E5828bB60582bc3575025bdc5E495C0ae1807ca). Upon creation, he gives himself 1e21 amount of DOGS tokens.
TxHs: Aug-20, 04:42 UTC: Next, he burns 1e20 (10%) of the tokens. This is most likely to get around some basic token scanners. He is pretending this is a legit token with some of its supply burned.
TxHs: Aug-20, 04:43 UTC: Next, he transfers the remainder 9e20 (90%) to another smart contract we will call PUMP ENGINE (0x15eBa2c56B0De4b1665a7280DcD62384b8597175)
TxHs: Aug-20, 04:43 UTC: As a final move, he renounces his ownership. Another move aimed to make the scam token appear more legitimate to basic scanners.

DOGS TRACKER

TxHs: Aug-20, 04:40 UTC: After his initial funding round, DOGS TRACKER deploys a smart contract (0xf3AF2ecbD1241279F344B5B922094d5757F1AD31). The contract is not open-sourced, and we could not completely decipher it. But, to our understanding (spoiler alert), it is a blacklisting smart contract that makes sure victims can’t sell or move the scam tokens.
TxHs: Aug-20, 04:44 UTC: Next, DOGS TRACKER tells this smart contract about all the relevant wallets and players (DOGS Pool, DOGS Token, PUMP ENGINE)
After that, DOGS TRACKER lays dormant until a victim buys the scam token

OCTAVIUS

TxHs: Aug-20, 04:44 UTC: OCTAVIUS, the man who will be pulling the strings now, firstly creates the DOGS Pool (0xF3EA5b9C204597fB43E3CE568C9d3548CB5D1E05) on SushiSwap. He does this by calling the PUMP ENGINE.

The stage is set, and the scam is up and operational. Now, let's see what is happening in the pool.

Price and Pool manipulation tactics

There are three tactics that the scammer is using to manipulate the pool metrics and price action.

Volume pump

The PUMP ENGINE makes a lot of back-and-forth trades in the pool. You are effectively making 0 profit but pumping the volume number very high. It is similar to me selling you 1 ETH for $3k. And the next second, you are selling me 1 ETH for $3k. And then I'm selling it to you again, 1 ETH for $3k. And then you are selling it back to me again, 1 ETH for $3k. Neither of us made any profit through these four trades, BUT we did make $12k of volume.

The only cost of this tactic is the transactions, but since this happens on an L2, such costs are minimal. This scam is hard to happen on Ethereum because the trading fees are too high.

An example of such a volume pump can be seen in this TxHs, where OCTAVIUS called a specific function in the PUMP ENGINE that makes the pump happen.

Usually, one or two such pumps occur at the very beginning (to attract the trading bots), and then maybe a few more pumps during the token's lifetime.

Simple price pumping

Another tactic the scammer is using is a simple price pumping. Here, the PUMP ENGINE buys the token from the pool. It keeps making ($300 - $1500) buys, which increases prices. There are occasional sells, probably to fool some basic token scanners. But for the most part, the price action keeps increasing linearly.

Airdrop

The third tactic is an airdrop.

Again, OCTAVIUS calls a function of the PUMP ENGINE that gets this process going. An example can be seen in this TxHs, where the PUMP engine spends a very small amount of WETH to distribute pennies of DOGS to a lot of different and random addresses (130+).

The effect of this tactic can be twofold. On the one hand, it pumps the number of holders of the DOGS token. On the other hand, it might attract some random people to check the token out. Hey, you just got a random token; I wonder what it is. You check it out, and the price action looks amazing. So you buy it—hook, line, and sinker.

Victims

The pool is deployed, and the tactics are being executed. The price is increasing, and now the scammer is waiting. Hopefully, token scanners will pick up this token and land it in front of potential victims' eyes.

DOGS first victim

Sadly, the first victim arrives.

TxHs: Aug-20, 05:19 UTC: A wallet (0x453282cF8d285e193f9693D4f8BacCC477f3bF0E) buys DOGS token for around $33. Ain’t no shame; we’ve all been scammed.

Buying the token triggers the scammer's next move.

TxHs: Aug-20, 05:20 UTC: DOGS TRACKER awakes and calls the DOGS TRACKER Smart Contract. What exactly this does, I don’t know. But, we can see that the victim’s address can be found inside the call parameters. I believe this call blacklists the victim's address from interacting with the DOGS token.

The same pattern appears for any other victim.

Coup de Grâce

After some days (usually 2-4), the signal comes, and the dumping begins.

PUMP ENGINE dumps all accumulated DOGS tokens within a few minutes (cca 5min).

TxHs: Before the final trade, DOGS TRACKER calls the DOGS TRACKER Smart Contract one last time. I believe this triggers a hidden mint function, which allows OCTAVIUS to collate every last bit of profit from the pool.

With this, the scam is finished. He might not have made much profit, but I found an example where he made a profit of a few thousand dollars.

The only real costs are the transaction costs, but these are very small since this is happening on an L2.

Any remaining funds inside the DOGS DEPLOYER, DOGS TRACKER, and PUMP ENGINE are returned to SHADY SLIM.

And the cycle begins anew.

Final thoughts

Thank you for reading this deeper dive into the modus operandi of this specific Arbitrum scammer.

If anyone has any questions, feel free to message us.

And if anyone wants to take this inquiry further, here are some of the questions we were left with:

Who is the founder of SHADY SLIM? He started the scams, but someone also funded him.
Has this SUGGAR DADDY funded other shady slims?
Where does the final profit end up? We did not find the final wallet, which would aggregate all the profits.
Is there a way to spot these bad token contracts? Can we compare normal ERC20 smart contracts with these falsified and rotten scam ERC20 tokens and say which ones are scams?

PreviousRug pullls NextSmart money scammer

Last updated 10 months ago

Was this helpful?