TRM Investigations
October 7, 2021

Two NFT Projects Pull the Rug: IconicsSOL and Baller Ape Club

TRM InsightsTRM Investigations
Two NFT Projects Pull the Rug: IconicsSOL and Baller Ape Club

As a blockchain analytics company focused on monitoring, detecting and investigating crypto fraud and financial crime, TRM routinely alerts our clients — crypto exchanges, financial institutions and government agencies — to new threats that could target their systems and end-users.

Over the last several months, TRM investigators have identified a significant increase in attacks targeting Non-Fungible Token (NFT) consumers. These attacks originate from various access points, including social media direct messages, encrypted chat apps, SMS texts, and solicitation through email to download attachments, or visit a phishing website. In some cases attackers tricked individuals into revealing their private keys.

Last week, we investigated two NFT rug pull incidents that totaled approximately $2.5 million in losses for victims.  A rug pull is a malicious maneuver in the cryptocurrency industry where crypto developers abandon a project and run away with investors’ funds. Here's a summary of the scams:

Scam #1: IconicsSOL

Last week, the IconicsSOL NFT drop opened with a mint price of 0.5 SOL. TRM reviewed on-chain flows associated with the IconicsSOL NFT drop and found that users submitted 0.5 SOL over a period of three minutes before the website refreshed with a sold out message. The NFT mint website launched by IconicsSOL was mini-guys[.]on[.]fleek[.]co, suggesting that IconicsSol was actually a rebrand of the Mini Guys NFT.

A screenshot of the launch site to purchase an iconicsSOL NFT

The above screenshot allegedly confirmed the iconicsSOL NFT public sale was sold out

@SOLBigBrain was first to break news of the scam on Twitter, announcing that the scammers may have collected over 1,000 SOL by minting as many as 2,000 NFTs — worth approximately $156,000 USD at the time of this publication. Shortly after the IconicsSOL scam was uncovered, as many as ten different Solana NFT projects offered to provide free NFTs to victims of the rug pull.

What we know

The above graph shows on-chain Solana flows associated with the attacker. TRM Labs analysis connected a recipient wallet of the IconicsSOL scam to a Degen Lizzy NFT purchase. TRM is collaborating with law enforcement and industry partners to provide additional details on this investigation. Please reach out to investigations@trmlabs.com to inquire.

Scam #2: Baller Ape Club

On October 1, 2021, the highly anticipated Baller Ape Club NFT drop went live with 5,000 apes available for mint at the price of two Solana. Shortly after the mint was sold out, the Baller Ape club admins deleted their Discord, websites, and Twitter accounts. Twitter went viral with investors confirming it was a rug pull.

Screenshot of the Baller Ape Club NFT launch site

What we know

On-chain analysis by TRM has identified approximately $2 million USD worth of Solana stolen by the Baller Ape Club from investors. This is the largest known NFT rug pull to date across any blockchain. TRM is collaborating with law enforcement and industry partners to provide additional details on this investigation. Please reach out to investigations@trmlabs.com to inquire.

What can be done to counteract NFT fraud?

TRM is actively tracking multiple actors and exploits that have occurred over the last several months connected to NFT drops. TRM's blockchain intelligence team quickly spins up attribution reports that automatically notify TRM partners through our risk engine of possible scammers using their platforms. We routinely monitor NFT drops across multiple blockchains and actively investigate any identified or reported scams to ensure our partners are aware of the fraud and the addresses associated with it.

Recently we announced that our Blockchain Intelligence platform is now integrated with Solana. The integration is a key enabler for the investigations outlined above, in which proceeds from illicit activity are being moved across the Solana network. Read more about the integration here.

About TRM Labs

TRM provides blockchain intelligence to help financial institutions, cryptocurrency businesses and public agencies detect, investigate and manage crypto-related fraud and financial crime. TRM's risk management platform includes solutions for transaction monitoring and wallet screening, entity risk scoring including VASP due diligence, and source and destination of funds tracing. These tools enable a rapidly growing cohort of organizations around the world to safely embrace cryptocurrency-related transactions, products, and partnerships.

TRM is based in San Francisco, CA, and is hiring across engineering, product, sales, and data science. To learn more, visit www.trmlabs.com. To report a lead to Global Investigations, email us investigations@trmlabs.com.

This is some text inside of a div block.
TRM Labs, Inc.
Subscribe and stay up to date with our insights
arrow right
September 17, 2021

Former Flashpoint and Recorded Future Cybercrime Lead Joins TRM as Head of Cyberthreat Intelligence

arrow right
August 31, 2021

Hurts the SOL: Security Considerations for NFT Drops

arrow right
September 23, 2021

Solana Integrates with TRM Labs to Offer Enhanced Security and Compliance for Network Members

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.