Rug Pull Or Phishing Attack? AnubisDAO Investors Lose 58 Million USD

Are Cryptocurrency Exchanges Laundering Money For Criminals?
Are Cryptocurrency Exchanges Laundering Money For Criminals?

The dog-themed OlympusDAO fork AnubisDAO was rug-pulled shortly after launch, leaving investors at a total damage of 58 million USD.

First food, now dogs

History doesn’t repeat itself, but it rhymes. During the DeFi frenzy of 2020, we have seen numerous food-themed DeFi protocols spring up, ranging from actually useful projects, over honest but uncreative forks, to outright scams. 

After the Elon-Musk-powered pump of Dogecoin and the emergence of the similarly silly memecoin Shiba Inu (now ranked #9 and #10 on CoinMarketCap), dogs are now the talk of the town. This also seems to be one of the factors behind investors pouring a whopping 13,256.4 ETH, worth roughly 58 million USD, into AnubisDAO. Anubis is the ancient Egyptian god of death, typically depicted as a half-breed between a man and a dog.

Rug Pull Or Phishing Attack? Anubisdao Investors Lose 58 Million Usd

CNBC spoke with one of the investors, Bryan Nguyen, who lost 470,000 USD in the incident. Nguyen states that the dog theme did have an influence on his decision to invest, adding that he was under a “buy first, do research later mentality”.

Who’s to blame?

AnubisDAO is the brainchild of a working group of six developers from PebbleDAO. One of the developers, Sisyphus, has posted a medium article detailing this timeline of AnubisDAO.

The plan was to create a liquidity bootstrapping pool (LBP) on Copper for the initial distribution of AnubisDAO’s ANKH tokens. The developer Beerus was tasked with creating the LBP and had full control of the pool’s private key. Sisyphus notes that this was a critical mistake, as a multisig-wallet should have been used for this purpose.

According to Beerus, his computer was compromised after the LBP launch, exposing his private key. He claims to have clicked a malicious link in a PDF sent to him, but his claim does not seem credible. So far, security researchers have not found any malicious content in the PDF. His personal wallets are also intact.

Beerus has since filed a police report and turned his computer in to Hong Kong authorities. Also, Coinbase has been notified about the incident, since the exchange received a deposit from an address affiliated with the rug pull. 

Sisyphus does not believe in the phishing story either, suspecting an inside job by one of the developers. He offers the attacker a free pass for 1,000 ETH out of his own pocket for returning the funds.