Original author: CertiK
On the evening of May 13, 2024, the CertiK team detected a suspicious address on the Solana chain: 9ZmcRsXnoqE47NfGxBrWKSXtpy8zzKR847BWz6EswEaU (hereinafter referred to as Xiaojiu)
From May 12 to 13, Xiaojiu initiated about 64 rug pulls on the chain, one every few minutes. In less than 24 hours, Xiaojiu lost a total of 272 SOL, worth about $45,900.
01 High investment and low return: Uncovering Xiaojiu’s operating methods
So how did Xiaojiu do it? Let’s take the last meme TWS deployed by Xiaojiu as an example. At 4:05 UTC on May 13, Xiaojiu minted 99,999,999 TWS. At 13:18, Xiaojiu deployed a TWS/SOL liquidity pool on Raydium, injecting 98,999,999.99 TWS and 1 SOL; then, he immediately used 4 SOLs to pull the market.
At 13:22, 4 minutes later, Xiaojiu exchanged 80, 160, 319.64 TWS for 0.018 SOL and left the market. Such transactions occurred every few minutes, and Xiaojiu had always been high investment and low return, investing 5 to 10 SOL in each pool, and finally getting back SOL far less than the cost, and the loss rate of nearly half of the transactions was over 90%.
From the transaction records, it is not difficult to see that Xiaojiu did it on purpose, because every operation, even the number of tokens operated, was exactly the same.
02 Funding puzzle: Who is profiting from it?
If Xiaojiu is losing money, then who is making money?
Tracking Xiaojius Transaction Flow
In order to find the answer, we first counted and analyzed all of Xiaojius transfers and obtained a transaction flow. In this flow, we found the address where Xiaojius funds mainly flowed:
6kt6xT6nZGGmPzJPrQtKPqNrdj5CoiVCuD2xuGQvxJ5Q (Sixth grade)
A1bQt2v8NUi3DghZRu8cC6LcpdXHPURDKkrV6v9mCtVC (A 1)
Operating account: Xiaoliu
Xiaoliu is the main address of Xiaojius funds, and has received about 272 SOL from Xiaojiu. However, Xiaoliu is Xiaojius sub-account (SOL Token Account). Xiaojiu uses Xiaoliu to add liquidity to the meme pool and speculate on trading volume.
The following figure shows a transaction between Xiaoliu and Xiaojiu. Xiaojiu initiated the transaction (adding liquidity to the pool), paid through Xiaoliu, and minted the LP token to another address (5eHgh9QnFTnRQYnCHoc3fzfW6rztkq5GjsuLYpDvDBSa). According to the chain analysis, this 5 eHgh was also created by Xiaojiu and was only used to temporarily hold LP tokens. After the corresponding meme was rug pulled, 5 eHgh was also destroyed.
Successor: A 1
A1 is the second largest address for capital inflow, and is also quite special. A1 is Xiaojius successor, and Xiaojius last transaction on the chain was sent to A1. A1 not only inherited Xiaojius 6.4 SOL, but also inherited Xiaojius career. From May 13 to 15, A1 continued to create rug pulls on the chain (a total of 83).
Similarly, through repeated transaction analysis, we found the sub-account of A 1, its next successor, and its next successor…the next successor.
03 Relay game: We are all in the same group
According to CertiK’s tracking, the relay order of rug pullers is as follows:
By comparing the counterparties and fund flows of the above addresses, we found more interesting things. There are 70 addresses that have fund transactions with multiple rug puller addresses at the same time. Among them, we have locked two major addresses:
EZBbaxg7YqWo3XMAsTThZJEmTC9Dv78F5aB9srvsCtJg(E)
D3s8Zf1zh8R98JBU9Fw4K8fViv1DDzCmoPbNTmJwXKbD (D 3)
Behind the scenes winner: E
E is the second largest address in terms of transaction volume, with 110.88 SOL in funds exchanged with the rug puller mentioned above. According to on-chain data analysis, E has participated in a large number of rug puller meme scams and profited from transactions. One of the memes E recently participated in was Pepe Trump, making a profit of $48 (source: dexscreener). Similarly, E has conducted about 50,000 meme transactions recently. According to its transaction volume, E has made a profit of about $10,000.
How does E ensure its profits? Every time the rug puller deploys new coins, it mints a portion of the initial tokens to E, who then distributes them. Through frequent transactions, these addresses that receive the money and E together increase the transaction volume of the meme in a short period of time, and then collectively dump the market.
After E made money, he returned the money to the rug puller. According to statistics, as of the time of writing, E transferred a total of 41 SOL (about $7000) to the rug puller address.
There are at least 70 transaction addresses like E. They are still trading the newly launched meme scam and building momentum for it until today and just now.
Fund collection: D 3
In addition, the address with the most transactions with rug pullers is D 3, and the transfer amount between it and the rug puller address mentioned above exceeds 140 SOL. According to the on-chain data analysis, we found that D 3 is the fund collection address of rug pullers.
After receiving the money, D 3 transferred it to the following three addresses in batches:
GGMcDYzUKFDsXGba6K6S2NoKdD8S4a6QDoEY47DSx65X (OKX)
HCR8ZrgDCVFQhoaFXR7PKpn9tPABa4rKscpMwoJTF9be(Bybit)
J97QXy94SfwzgWfi8Y625wkAANVqSwxyD7dzw9bd8X5Z (Pledge + Investment)
Among them, G and H are both exchange addresses, and the money transferred to J is used for on-chain staking and investment.
It turns out that they are all in the same group, so Xiaojius address keeps creating liquidity, pulling the price, and then selling. In the end, they just put the money from the left pocket into the right pocket (all earned by their own people). In the end, everyone took the money away through the collection address. The specific flow of funds is shown in the figure below:
Victims: Meme Hunters
I wonder if you have noticed that among the addresses we mentioned earlier, there is one address that is continuously making money, that is E. Whose money is it making? It is the money of new IPO investors (especially new IPO robots). Take Pepe Trump mentioned above as an example: Pepe Trump’s third largest (DaKf…9 A 9 R) and fourth largest holder (6 Md 4…AKnW) bought 1.3 SOL and 0.5 SOL tokens at 10:50 on May 29, respectively, but they were rugged before they could sell them. Of course, there are definitely more victims than these two, but their losses are more obvious.
About 10 seconds after they bought in, the address controlled by the rug puller began to sell in large quantities, and the price almost dropped to zero:
Through the analysis of on-chain data, we found that both victims frequently participated in the meme new transactions on the Solana chain, that is, buying memes in the early stage of the meme pool creation and then selling them at a high price. Among them, Da has made a profit of about 86 SOL through new listings in the past three months, and Pepe Trump is one of the few traps that he has been trapped in. Given that the rug pull of the address of Xiaojiu Yihang in this article occurs very quickly, usually within 5 minutes, we reasonably suspect that this is a scam specially customized for new listing robots.
04 Conclusion
With the analysis of the on-chain behavior and fund flows of Xiaojiu and other addresses, we discovered a well-planned and very targeted rug puller system. It has to be said that rug pullers also keep up with the trend and target the increasingly prosperous robot trading in the Solana ecosystem. From Xiaojius frequent losses, to the complex operations of related addresses, to fund collection and transfer, these addresses continue to create market illusions through mutual fund transfers to attract more investors to join.
To this day, Xiaojiu is still active. According to CertiKs continuous tracking, we continue to find new addresses associated with Xiaojiu. As of May 31, 2024, the gang has transferred a total of about 863 SOLs, about $146,000, through the D3 address.
This article is sourced from the internet: Solana Funding Vortex: Why Rug Puller Is Losing Money?
Speaking of blockchain games, I believe many old Web 3 OGs will think that this is a useless track. You say its okay, it has been developed for so many years, but there hasnt been a competitive one so far. Finally, a competitive one came out, but it was held down as soon as it came out… But if you say its not okay, the capital sides money is blowing in like a strong wind, nourishing a number of AAA-level blockchain games, and the key games have also been made, and there is a certain degree of playability, but the coin price just cant be pulled up… In the first half of the year, our team also began to focus on the research of the blockchain game track. I and…