Scam
6
mins read

The BRICS-Bait Rug Pull – How Scammers Use International Credibility to Deceive Investors

CloudSEK’s TRIAD team created this report based on an analysis of the increasing trend of cryptocurrency counterfeiting, in which tokens impersonate government organizations to provide some legitimacy to their “rug pull” scams. An example of this scam is covered in this report where threat actors have created a counterfeit token named “BRICS”. This token is aimed at exploiting the focus on the BRICS Summit held in Kazan, Russia, and the increased interest in investments and expansion of the BRICS government organization which comprises different countries (Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates)

CloudSEK TRIAD
October 25, 2024
Green Alert
Last Update posted on
October 25, 2024
Proactive Monitoring of the Dark Web for your organization.

Proactively monitor and defend your organization against threats from the dark web with CloudSEK XVigil.

Schedule a Demo
Table of Contents
Author(s)
No items found.

Executive Summary

CloudSEK’s TRIAD team created this report based on an analysis of the increasing trend of cryptocurrency counterfeiting, in which tokens impersonate government organizations to provide some legitimacy to their “rug pull” scams. An example of this scam is covered in this report where threat actors have created a counterfeit token named “BRICS”. This token is aimed at exploiting the focus on the BRICS Summit held in Kazan, Russia, and the increased interest in investments and expansion of the BRICS government organization which comprises different countries (Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates)

Analysis

Threat researchers discovered a telegram channel aimed at promoting a cryptocurrency named BRICS which was using the logo of the BRICS government organization to provide legitimacy to the token and lure investors.

Figure 1: Telegram Channel impersonating BRICS

Figure 1 shows a Telegram using the logo of the BRICS organization to promote a newly made Token called “BRICS.” A closer analysis revealed that this channel is promoting a “rug pull” scam

What is a “rug pull” scam?

Rug pull is a specific type of exit scam that happens in the cryptocurrency and decentralized finance (DeFi) space. Here’s a more detailed breakdown of how it works, the tactics used, and how to spot them:

How Rug Pulls Work

  1. Creation of a Project: Scammers create a new cryptocurrency or DeFi project, often with attractive features like high returns, innovative technology, or unique use cases. They may launch a token with a catchy name and a slick website.
  2. Building Hype: The scammers promote the project heavily on social media, forums, and cryptocurrency platforms. They may use influencers, promising high returns and creating a sense of urgency among potential investors.
  3. Liquidity Pool Setup: To enable trading, the developers set up a liquidity pool (LP) on decentralized exchanges like Uniswap or PancakeSwap. They provide initial liquidity by depositing a certain amount of tokens and a corresponding amount of cryptocurrency (e.g., ETH or BNB).
  4. Investment Surge: As the project gains traction, more investors buy in, increasing the liquidity in the pool and raising the price of the token.
  5. The Pull: Once the developers feel they've attracted enough investment and built up a significant amount of liquidity, they execute the rug pull. They may:some text
    • Withdraw all or most of the liquidity from the pool, which drastically reduces the token's value.
    • Sell their own holdings, creating additional downward pressure on the price.
    • Disable trading or use smart contract exploits to make it impossible for others to sell their tokens.
  6. Disappearance: After pulling the funds, the scammers often disappear, sometimes even shutting down communication channels, leaving investors unable to recover their investments.

Common Tactics Used in Rug Pulls

  • Fake Roadmaps and Whitepapers: Scammers often create elaborate roadmaps and whitepapers that outline grand plans that may never be realized.
  • High APY Offers: Promising extremely high annual percentage yields (APYs) can entice investors, but these are often unsustainable and designed to attract quick capital.
  • Anonymous Teams: Many rug pulls involve anonymous or pseudonymous teams, making it difficult to track them down after the scam.
  • Social Media Manipulation: Scammers often create hype through social media campaigns, using bots or paid promotions to spread the word rapidly.

Figure 2: Roadmap for the token

The token has an associated website (https://tokenbrics.me/) which was created using WordPress and highlights various aspects of the token. Figure 2 shows the roadmap for the token which involves purchasing the token and then the intended “BURN” or removal of a large number of the token to increase the price of the token. 

Figure 3: Screenshot from website to show association with BRICS

Figure 4: Purchase token

As per the website, the token can be purchased using either USDT or BNB which is a common tactic used by scammers in the rug pull schemes.

Figure 5: Message from Admin on how to purchase token

The Admin of the telegram channel posted how to purchase the token while it is currently on “pre-sale”.

Conclusion

Rug pulls pose a serious threat in the crypto landscape, especially with the growth of DeFi and emerging projects. In some cases, scammers even leverage the credibility of established organizations like BRICS to lend legitimacy to their schemes. Recognizing how these scams operate and identifying potential red flags is crucial for safeguarding your investments. Thorough research and a healthy dose of skepticism are essential when evaluating new projects, particularly those that promise extraordinary returns with minimal risk. Always stay vigilant and informed to protect yourself from falling victim to these deceptive practices.

Recommendations

  1. Conduct Thorough Research (DYOR):
    • Investigate the project's team and their backgrounds. Look for prior experience in the crypto space and check their reputations.
    • Read the whitepaper and roadmap carefully. Ensure that the project has a clear vision and realistic goals.
  2. Verify Legitimacy:
    • Be cautious of projects that use the names of reputable organizations, like BRICS, to gain credibility. Check for official partnerships or endorsements.
    • Look for independent articles or reviews about the project from reputable sources.
  3. Analyze the Smart Contract:
    • If possible, review the smart contract code or seek out audit reports from credible firms. This can help identify vulnerabilities or malicious code.
    • Consider projects that have undergone audits by recognized security firms.
  4. Check Liquidity Locking:
    • Look for information about liquidity being locked for a specified period. This adds a layer of security, as developers can’t just pull the funds immediately.
    • Use tools that track liquidity lock status.
  5. Community Engagement:
    • Assess the project's community on platforms like Telegram, Discord, and Twitter. An active, engaged community can indicate legitimacy.
    • Participate in discussions to gauge sentiment and uncover potential concerns from other investors.
  6. Monitor Tokenomics:
    • Analyze the distribution of tokens. If a disproportionate amount is held by the developers or a small group, it may increase the risk of manipulation.
    • Look for mechanisms that promote decentralization.
  7. Be Wary of Promises:
    • Stay cautious of projects promising high returns with little risk. If it sounds too good to be true, it probably is.
    • Understand the risks associated with yield farming and staking.
  8. Diversify Investments:
    • Avoid putting all your funds into a single project. Diversification can help mitigate risks associated with any one investment.

Suggestions

  1. Stay Informed:
    • Follow reputable news sources, blogs, and forums dedicated to cryptocurrency to keep up with market trends and potential scams.
    • Subscribe to alerts or newsletters that track suspicious activities in the crypto space.
  2. Use Trusted Platforms:
    • Engage with established exchanges and platforms that have a reputation for security and reliability.
    • Avoid trading on platforms that lack transparency or have poor security measures.
  3. Report Suspicious Activity:
    • If you encounter a potential rug pull or scam, report it to relevant authorities and community platforms to help protect others.
    • Share your findings in forums or social media to raise awareness.
  4. Educate Yourself Continuously:
    • Take the time to learn about blockchain technology, decentralized finance, and market trends. Knowledge is a powerful tool in identifying scams.
    • Consider participating in online courses or webinars focused on cryptocurrency safety.

References

CloudSEK’s flagship digital risk monitoring platform XVigil contains a module called “Underground Intelligence” which provides information about the latest Adversary, Malware, and Vulnerability Intelligence, gathered from a wide range of sources, across the surface web, deep web, and dark web.

Author

CloudSEK TRIAD

CloudSEK Threat Research and Information Analytics Division

Predict Cyber threats against your organization

Schedule a Demo
Related Posts
Blog Image
Adversary Intelligence
February 3, 2024

From Discussion Forums to Malware Mayhem: The Alarming Rise of Abuse on Google Groups and Usenet

Explore the escalating wave of cyber threats on platforms like Google Groups and Usenet, uncovering the pivotal role of cybersecurity in safeguarding online discussion forums.

Blog Image
General Trends
November 8, 2023

How AI is reshaping the Cyber Threat Landscape

Explore the double-edged sword of AI in cybersecurity. This insightful blog delves into how artificial intelligence is revolutionizing defenses while also empowering cybercriminals. Understand the dual-use dilemma of AI in the ever-evolving cyber threat landscape.

Blog Image
Ransomware
November 4, 2023

Underground Marketplace Unveils New Ransomware Offering QBit with Advanced Encryption & Customization

On 23 October 2023, CloudSEK’s Threat Intelligence Team detected a Ransomware-as-a-Service (RaaS) group, named QBit introducing a newly developed ransomware written in Go, boasting advanced features to optimize its malicious operations.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

Secure your organisation with our Award winning Products

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

CloudSEK XVigil

Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.

Learn more about XVigil
CloudSEK SVigil

Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.

Learn more about SVigil
CloudSEK SVigil

Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.

Learn more about BeVigil Ent
CloudSEK BeVigil

Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.

Learn more about BeVigil
Scam

6

min read

The BRICS-Bait Rug Pull – How Scammers Use International Credibility to Deceive Investors

CloudSEK’s TRIAD team created this report based on an analysis of the increasing trend of cryptocurrency counterfeiting, in which tokens impersonate government organizations to provide some legitimacy to their “rug pull” scams. An example of this scam is covered in this report where threat actors have created a counterfeit token named “BRICS”. This token is aimed at exploiting the focus on the BRICS Summit held in Kazan, Russia, and the increased interest in investments and expansion of the BRICS government organization which comprises different countries (Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates)

Authors
CloudSEK TRIAD
CloudSEK Threat Research and Information Analytics Division
Co-Authors
No items found.

Executive Summary

CloudSEK’s TRIAD team created this report based on an analysis of the increasing trend of cryptocurrency counterfeiting, in which tokens impersonate government organizations to provide some legitimacy to their “rug pull” scams. An example of this scam is covered in this report where threat actors have created a counterfeit token named “BRICS”. This token is aimed at exploiting the focus on the BRICS Summit held in Kazan, Russia, and the increased interest in investments and expansion of the BRICS government organization which comprises different countries (Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates)

Analysis

Threat researchers discovered a telegram channel aimed at promoting a cryptocurrency named BRICS which was using the logo of the BRICS government organization to provide legitimacy to the token and lure investors.

Figure 1: Telegram Channel impersonating BRICS

Figure 1 shows a Telegram using the logo of the BRICS organization to promote a newly made Token called “BRICS.” A closer analysis revealed that this channel is promoting a “rug pull” scam

What is a “rug pull” scam?

Rug pull is a specific type of exit scam that happens in the cryptocurrency and decentralized finance (DeFi) space. Here’s a more detailed breakdown of how it works, the tactics used, and how to spot them:

How Rug Pulls Work

  1. Creation of a Project: Scammers create a new cryptocurrency or DeFi project, often with attractive features like high returns, innovative technology, or unique use cases. They may launch a token with a catchy name and a slick website.
  2. Building Hype: The scammers promote the project heavily on social media, forums, and cryptocurrency platforms. They may use influencers, promising high returns and creating a sense of urgency among potential investors.
  3. Liquidity Pool Setup: To enable trading, the developers set up a liquidity pool (LP) on decentralized exchanges like Uniswap or PancakeSwap. They provide initial liquidity by depositing a certain amount of tokens and a corresponding amount of cryptocurrency (e.g., ETH or BNB).
  4. Investment Surge: As the project gains traction, more investors buy in, increasing the liquidity in the pool and raising the price of the token.
  5. The Pull: Once the developers feel they've attracted enough investment and built up a significant amount of liquidity, they execute the rug pull. They may:some text
    • Withdraw all or most of the liquidity from the pool, which drastically reduces the token's value.
    • Sell their own holdings, creating additional downward pressure on the price.
    • Disable trading or use smart contract exploits to make it impossible for others to sell their tokens.
  6. Disappearance: After pulling the funds, the scammers often disappear, sometimes even shutting down communication channels, leaving investors unable to recover their investments.

Common Tactics Used in Rug Pulls

  • Fake Roadmaps and Whitepapers: Scammers often create elaborate roadmaps and whitepapers that outline grand plans that may never be realized.
  • High APY Offers: Promising extremely high annual percentage yields (APYs) can entice investors, but these are often unsustainable and designed to attract quick capital.
  • Anonymous Teams: Many rug pulls involve anonymous or pseudonymous teams, making it difficult to track them down after the scam.
  • Social Media Manipulation: Scammers often create hype through social media campaigns, using bots or paid promotions to spread the word rapidly.

Figure 2: Roadmap for the token

The token has an associated website (https://tokenbrics.me/) which was created using WordPress and highlights various aspects of the token. Figure 2 shows the roadmap for the token which involves purchasing the token and then the intended “BURN” or removal of a large number of the token to increase the price of the token. 

Figure 3: Screenshot from website to show association with BRICS

Figure 4: Purchase token

As per the website, the token can be purchased using either USDT or BNB which is a common tactic used by scammers in the rug pull schemes.

Figure 5: Message from Admin on how to purchase token

The Admin of the telegram channel posted how to purchase the token while it is currently on “pre-sale”.

Conclusion

Rug pulls pose a serious threat in the crypto landscape, especially with the growth of DeFi and emerging projects. In some cases, scammers even leverage the credibility of established organizations like BRICS to lend legitimacy to their schemes. Recognizing how these scams operate and identifying potential red flags is crucial for safeguarding your investments. Thorough research and a healthy dose of skepticism are essential when evaluating new projects, particularly those that promise extraordinary returns with minimal risk. Always stay vigilant and informed to protect yourself from falling victim to these deceptive practices.

Recommendations

  1. Conduct Thorough Research (DYOR):
    • Investigate the project's team and their backgrounds. Look for prior experience in the crypto space and check their reputations.
    • Read the whitepaper and roadmap carefully. Ensure that the project has a clear vision and realistic goals.
  2. Verify Legitimacy:
    • Be cautious of projects that use the names of reputable organizations, like BRICS, to gain credibility. Check for official partnerships or endorsements.
    • Look for independent articles or reviews about the project from reputable sources.
  3. Analyze the Smart Contract:
    • If possible, review the smart contract code or seek out audit reports from credible firms. This can help identify vulnerabilities or malicious code.
    • Consider projects that have undergone audits by recognized security firms.
  4. Check Liquidity Locking:
    • Look for information about liquidity being locked for a specified period. This adds a layer of security, as developers can’t just pull the funds immediately.
    • Use tools that track liquidity lock status.
  5. Community Engagement:
    • Assess the project's community on platforms like Telegram, Discord, and Twitter. An active, engaged community can indicate legitimacy.
    • Participate in discussions to gauge sentiment and uncover potential concerns from other investors.
  6. Monitor Tokenomics:
    • Analyze the distribution of tokens. If a disproportionate amount is held by the developers or a small group, it may increase the risk of manipulation.
    • Look for mechanisms that promote decentralization.
  7. Be Wary of Promises:
    • Stay cautious of projects promising high returns with little risk. If it sounds too good to be true, it probably is.
    • Understand the risks associated with yield farming and staking.
  8. Diversify Investments:
    • Avoid putting all your funds into a single project. Diversification can help mitigate risks associated with any one investment.

Suggestions

  1. Stay Informed:
    • Follow reputable news sources, blogs, and forums dedicated to cryptocurrency to keep up with market trends and potential scams.
    • Subscribe to alerts or newsletters that track suspicious activities in the crypto space.
  2. Use Trusted Platforms:
    • Engage with established exchanges and platforms that have a reputation for security and reliability.
    • Avoid trading on platforms that lack transparency or have poor security measures.
  3. Report Suspicious Activity:
    • If you encounter a potential rug pull or scam, report it to relevant authorities and community platforms to help protect others.
    • Share your findings in forums or social media to raise awareness.
  4. Educate Yourself Continuously:
    • Take the time to learn about blockchain technology, decentralized finance, and market trends. Knowledge is a powerful tool in identifying scams.
    • Consider participating in online courses or webinars focused on cryptocurrency safety.

References

CloudSEK’s flagship digital risk monitoring platform XVigil contains a module called “Underground Intelligence” which provides information about the latest Adversary, Malware, and Vulnerability Intelligence, gathered from a wide range of sources, across the surface web, deep web, and dark web.