Decoding USEA Token’s $1.1 Million Rug Pull | QuillAudits

--

Summary:

On June 6, 2023, the deployer of USEA token executed an exit scam (rug pull) and stole around $1.1 million in user funds. To do this, they minted a large amount of tokens and removed all liquidity from the USEA token’s trading pair on PancakeSwap. This caused the price of the token to drop by almost 99%.

About Project:

The USEA token is a BEP20 token that was deployed on the Binance Smart Chain. However, there is no official website or social media account for this project.

Vulnerability Analysis & Impact:

On-Chain Details:

Scammer/Deployer Address: 0x11Eb8c55603b9720804dB178B788f69F7B7a5DC7

Scammer’s 2nd Address: 0xc88727cd59f2cb1a079b065c4b60b24e7a99144a

USEA Token Contract: 0xdf7ff95aa3d855a6fb21399432166a92fdcf1b1a

Malicious Mint Transaction: 0xcd1a460944681b8be340f480037b7aa8c2ec1ddfe27cc73a408421beb8302efb

Swapping Transaction: 0x15dea5a7c2f474a9b4ce7c6dafc547d6dd7393fe569582153f70c838471b749d

Exit Scam Steps:

  • The deployer(0x11eb8) started with minting a total of 867,000,000 $USEA via calling mint function in multiple transactions.
  • Then the deployer transferred all the minted token to his another EOA(0xc88727).
  • And finally, the attacker swapped all the USEA tokens for around 1,114,469 BSC-USD in multiple transactions.

Flow of Funds:

The scammer initially transferred the funds from his account 0xc8872 to the following accounts:

0xc5d23b1c03427dc5080f451df320bb12a6e40b3c 1,000,000 USDT

0x360d8221fec883d871a10fd26916ec071fc32aef 60,000 USDT

Then, the scammer transferred funds from the 0x5d23 account to the following addresses:

Attacker’s Wallets:

As of writing this blog, the majority of the funds from the scam remain in the address 0x3c3ea.

Price Impact

The price of the USEA token dropped by 99% immediately following the rug pull. It is currently trading at $$0.00005374 as of the time of writing this blog. See here.

Conclusion:

The recent cryptocurrency rug pull highlights the risks associated with investing in digital assets. Investors should exercise caution when considering any project that promises sky-high returns, as DeFi scammers often target these types of investments.

To protect yourself from rug pulls, it is important to do your research before investing in any cryptocurrency project. Be sure to check the project’s website and social media pages for information about the team behind the project, the project’s roadmap, and the project’s security measures.

Web3 security- Need of the hour

Why QuillAudits For Web3 Security? QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.

Want more Such Security Blogs & Reports?

Connect with QuillAudits on :

Linkedin | Twitter | Website | Newsletter | Discord | Telegram

Partner with QuillAudits :

--

--

QuillAudits - Web3 Security 🛡️

6+ Years Securing #Web3: 1M+ Lines Audited. Trusted by 1K+ Clients including StarkWare, Taiko, ZetaChain & Metis. Next-gen audits, KYC & on-chain monitoring.