SudoRare has shut down its website and social media accounts after reportedly stealing 519 ETH worth around $815,000 from scammed consumers.
An on-chain data showed that the stolen coins were sent to three different addresses, each receiving 173 ETH. The transfer occurred on Tuesday, around six hours after the service went live.
Peckshield, a blockchain security company, traced the transaction and found links to Kraken, a centralized exchange. Kraken adheres to the U.S. “Know Your Customer” regulation to enforce identification checks on its users and, therefore, should know a person involved in the SudoRare rug pull.
The actor behind @SudoRare rugpull seems a @krakenfx user: https://t.co/fvpulzG2Ea https://t.co/tBErYewidB https://t.co/WLCEXsnvVp pic.twitter.com/zRZqfsvlli
— PeckShield Inc. (@peckshield) August 23, 2022
SudoRare advertised itself as an NFT marketplace that used an automated-market protocol (AMM) to swap ERC-721 to ERC-20. The platform was established by an anonymous team. The project offered opportunities to make liquidity pools for NFT products and gain money by staking its native token, SR. Users could also stake tokens like wETH, LOOKS, and XMON.
Prior to this incident, a crypto user pointed out a questionable transaction that drained a large number of funds from the project. The transaction reportedly used USDC and LOOKS.
On Monday, Twitter user 2shabby wrote, “Don’t participate unless you want to take the risk of losing your money. This team is [anonymous], won’t dox [disclose their identities], and the possibility of this being a scam is high.”
sudo rare is live but ppl staking into an upgradeable contract that points to a fork of master chef.
— Adam (@surfcoderepeat) August 23, 2022
Can't see any reason to need an upgradeable version of Masterchef as it's really battle tested already
stay safe as could be a scam.
Awaiting Kraken’s response
It remains unclear how Kraken will respond to the demand to disclose information about the scam. Customarily, a company conducts an internal investigation before deciding to work with the authority. However, Kraken CEO Jesse Powell earlier said that everyone had “a right to financial privacy”. He has also repeatedly criticized strict regulations against the crypto industry.
On the other hand, the U.S. government has implemented harsher measures to deal with crypto crimes. For example, it recently imposed a ban on virtual mixer Tornado Cash and its related smart contracts due to alleged criminal activities linked to the protocol. This move received protests from many people in the crypto community.
Several NFT marketplaces started to implement security measures to protect their investors after the move. Solana’s Magic Eden now requires users to disclose their identity to the NFT platform.
Another large NFT marketplace, OpenSea, also started to implement a new stolen item policy by incorporating police reports in their system. This policy prevents transactions of confirmed stolen items while protecting users from false claims.
Before the SudoRare case, there had been some high-profile rug pulls that endangered the NFT community. Frosties, for example, managed to steal $1.2 million from its 40,000 users.
Bored Bunny earlier gained public attention due to endorsements from celebrities such as Jake Paul. The creators managed to steal $21 million from their users, despite reported warning signals prior to its launch.
Blockverse also disappeared after stealing $1.9 million in trading volume from users. Like SudoRare, they deleted their website and social media.
The SudoRare incident has prompted NFT companies to urge their users to exercise caution upon making investments and transactions.
“This sucks. Do your own research and hold teams to high security and transparency standards,” SeaCows NFT said.