Executive Summary

CloudSEK’s TRIAD team created this report based on an analysis of the increasing trend of cryptocurrency counterfeiting, in which tokens impersonate government organizations to provide some legitimacy to their “rug pull” scams. An example of this scam is covered in this report where threat actors have created a counterfeit token named “BRICS”. This token is aimed at exploiting the focus on the BRICS Summit held in Kazan, Russia, and the increased interest in investments and expansion of the BRICS government organization which comprises different countries (Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates)

Analysis

Threat researchers discovered a telegram channel aimed at promoting a cryptocurrency named BRICS which was using the logo of the BRICS government organization to provide legitimacy to the token and lure investors.

‍

‍

Figure 1 shows a Telegram using the logo of the BRICS organization to promote a newly made Token called “BRICS.” A closer analysis revealed that this channel is promoting a “rug pull” scam

What is a “rug pull” scam?

Rug pull is a specific type of exit scam that happens in the cryptocurrency and decentralized finance (DeFi) space. Here’s a more detailed breakdown of how it works, the tactics used, and how to spot them:

How Rug Pulls Work

1. Creation of a Project: Scammers create a new cryptocurrency or DeFi project, often with attractive features like high returns, innovative technology, or unique use cases. They may launch a token with a catchy name and a slick website.
2. Building Hype: The scammers promote the project heavily on social media, forums, and cryptocurrency platforms. They may use influencers, promising high returns and creating a sense of urgency among potential investors.
3. Liquidity Pool Setup: To enable trading, the developers set up a liquidity pool (LP) on decentralized exchanges like Uniswap or PancakeSwap. They provide initial liquidity by depositing a certain amount of tokens and a corresponding amount of cryptocurrency (e.g., ETH or BNB).
4. Investment Surge: As the project gains traction, more investors buy in, increasing the liquidity in the pool and raising the price of the token.
5. The Pull: Once the developers feel they've attracted enough investment and built up a significant amount of liquidity, they execute the rug pull. They may:some text
   • Withdraw all or most of the liquidity from the pool, which drastically reduces the token's value.
   • Sell their own holdings, creating additional downward pressure on the price.
   • Disable trading or use smart contract exploits to make it impossible for others to sell their tokens.
6. Disappearance: After pulling the funds, the scammers often disappear, sometimes even shutting down communication channels, leaving investors unable to recover their investments.

Common Tactics Used in Rug Pulls

• Fake Roadmaps and Whitepapers: Scammers often create elaborate roadmaps and whitepapers that outline grand plans that may never be realized.
• High APY Offers: Promising extremely high annual percentage yields (APYs) can entice investors, but these are often unsustainable and designed to attract quick capital.
• Anonymous Teams: Many rug pulls involve anonymous or pseudonymous teams, making it difficult to track them down after the scam.
• Social Media Manipulation: Scammers often create hype through social media campaigns, using bots or paid promotions to spread the word rapidly.

‍

‍

The token has an associated website (https://tokenbrics.me/) which was created using WordPress and highlights various aspects of the token. Figure 2 shows the roadmap for the token which involves purchasing the token and then the intended “BURN” or removal of a large number of the token to increase the price of the token. 

‍

‍

‍

‍

As per the website, the token can be purchased using either USDT or BNB which is a common tactic used by scammers in the rug pull schemes.

‍

‍

The Admin of the telegram channel posted how to purchase the token while it is currently on “pre-sale”.

Conclusion

Rug pulls pose a serious threat in the crypto landscape, especially with the growth of DeFi and emerging projects. In some cases, scammers even leverage the credibility of established organizations like BRICS to lend legitimacy to their schemes. Recognizing how these scams operate and identifying potential red flags is crucial for safeguarding your investments. Thorough research and a healthy dose of skepticism are essential when evaluating new projects, particularly those that promise extraordinary returns with minimal risk. Always stay vigilant and informed to protect yourself from falling victim to these deceptive practices.

Recommendations

1. Conduct Thorough Research (DYOR):
   • Investigate the project's team and their backgrounds. Look for prior experience in the crypto space and check their reputations.
   • Read the whitepaper and roadmap carefully. Ensure that the project has a clear vision and realistic goals.
2. Verify Legitimacy:
   • Be cautious of projects that use the names of reputable organizations, like BRICS, to gain credibility. Check for official partnerships or endorsements.
   • Look for independent articles or reviews about the project from reputable sources.
3. Analyze the Smart Contract:
   • If possible, review the smart contract code or seek out audit reports from credible firms. This can help identify vulnerabilities or malicious code.
   • Consider projects that have undergone audits by recognized security firms.
4. Check Liquidity Locking:
   • Look for information about liquidity being locked for a specified period. This adds a layer of security, as developers can’t just pull the funds immediately.
   • Use tools that track liquidity lock status.
5. Community Engagement:
   • Assess the project's community on platforms like Telegram, Discord, and Twitter. An active, engaged community can indicate legitimacy.
   • Participate in discussions to gauge sentiment and uncover potential concerns from other investors.
6. Monitor Tokenomics:
   • Analyze the distribution of tokens. If a disproportionate amount is held by the developers or a small group, it may increase the risk of manipulation.
   • Look for mechanisms that promote decentralization.
7. Be Wary of Promises:
   • Stay cautious of projects promising high returns with little risk. If it sounds too good to be true, it probably is.
   • Understand the risks associated with yield farming and staking.
8. Diversify Investments:
   • Avoid putting all your funds into a single project. Diversification can help mitigate risks associated with any one investment.

Suggestions

1. Stay Informed:
   • Follow reputable news sources, blogs, and forums dedicated to cryptocurrency to keep up with market trends and potential scams.
   • Subscribe to alerts or newsletters that track suspicious activities in the crypto space.
2. Use Trusted Platforms:
   • Engage with established exchanges and platforms that have a reputation for security and reliability.
   • Avoid trading on platforms that lack transparency or have poor security measures.
3. Report Suspicious Activity:
   • If you encounter a potential rug pull or scam, report it to relevant authorities and community platforms to help protect others.
   • Share your findings in forums or social media to raise awareness.
4. Educate Yourself Continuously:
   • Take the time to learn about blockchain technology, decentralized finance, and market trends. Knowledge is a powerful tool in identifying scams.
   • Consider participating in online courses or webinars focused on cryptocurrency safety.

References

CloudSEK’s flagship digital risk monitoring platform XVigil contains a module called “Underground Intelligence” which provides information about the latest Adversary, Malware, and Vulnerability Intelligence, gathered from a wide range of sources, across the surface web, deep web, and dark web.

• *Intelligence source and information reliability - Wikipedia
• ^#Traffic Light Protocol - Wikipedia

‍