ZachXBT Sounds Alarm on Scammers Associated with DeFi Protocol

Blockchain investigator ZachXBT has sounded the alarm on a group of scammers orchestrating a new fraudulent scheme, utilising millions in stolen funds to lure unsuspecting victims.

In a detailed thread on X (previously known as Twitter), ZachXBT shared findings from an investigation into Leaper Finance, a lending protocol operating on Blast.

The group's involvement in several rug pulls, affecting users of Magnate ($6.5 million), Kokomo ($4 million), Solfire ($4.8 million), and Lendora, as well as among others such as Hash DAO, Glori Finance, and ZebraDAO, has raised concerns, with losses exceeding $20 million attributed to their activities.

The crypto sleuth noted that:

"In the past they let the TVL grow to 7 figs before stealing all of users funds deposited to the protocol and falsify KYC documents + use low tier audit firms. They now have launched scams on Base, Solana, Scroll, Optimism, Arbitrum, Ethereum, Avalanche, etc."

The latest scheme involved funneling approximately $1 million laundered from previous scams into a Leaper Finance address on the Blast network, augmenting liquidity to attract victims.

Mapping the Movement of Laundered Money

Researchers have diligently monitored the intricate trail of fund transfers.

Initially, the funds were shifted from an Ethereum address associated with prior scams to a different address on the Polygon network.

Subsequently, these assets underwent conversion into Wrapped ETH (wETH) and traversed multiple blockchain networks utilising diverse bridging services like Orbiter and Bungee.

Ultimately, they were deployed on the Blast platform to acquire LEAP tokens, seemingly amplifying liquidity and setting the stage for yet another potential trap for unsuspecting victims.

Despite efforts to conceal their activities, the group's connection to the scams was uncovered, prompting a response from the scammers themselves, who taunted ZachXBT, "Nice work! My comrades here at Lazarus fear you yet admire you!," while announcing a 'token launch' in reference to the North Korean hacker group Lazarus.

Subsequently, accounts associated with Leaper Finance and Glori Finance on X have been deactivated, and their websites have gone offline.

The group's modus operandi involves launching projects on specific blockchains and absconding with funds once the total value locked (TVL) reaches a certain level.

To appear legitimate, they provide fake know-your-customer (KYC) documents and enlist relatively unknown firms for audits.

With their scams spanning across various blockchains, including Solana, Optimism, and Ethereum, the need for heightened vigilance within the blockchain ecosystem is emphasised.

Importance of Protective Measures

In the wake of these deceitful schemes, there's a rising call for heightened security protocols across blockchain platforms.

Embracing rigorous KYC procedures and undergoing audits from reputable firms are proactive steps aimed at safeguarding investor welfare.

Additionally, platforms must bolster their transaction monitoring mechanisms to detect and thwart the intricate fund maneuvers often linked with laundering endeavours.