RocketSwap

Quick Summary

LoveRCKT token was experienced a rugpull exit scam with 193.45 WETH worth of liquidity removed from UniSwap pool by the deployer.




Details of the Exploit

LoveRCKT is an ERC20 token trading on UniSwap. The deployer of the token conducted a rugpull exit scam by removing liquidity from
the LP pool in two transactions between Aug 15, 2023, and Oct 31, 2023. The deployer initially added liquidity worth 400 WETH to
the UniSwap pool when the token contract was created.

Total loss were approximately 23,439 USD.The stolen funds were transferred to another EOA and then distributed between multiple
addresses.




Block Data Reference

Deployer Address:

https://etherscan.io/address/0x96c0876F573e27636612CF306C9db072d2B13DE8




Scammers Addresses

https://etherscan.io/address/0x8183c8ac89dd31f6853d859e08f182f8e44d1353

https://etherscan.io/address/0x1f4cd0dacf5363deeec7ff96394d35984a4cf733




Funds Holders as Nov of 3, 2023

https://etherscan.io/address/0x26cb90cba4ae30a25854ef78bac1c3a46ceb3b8e

https://etherscan.io/address/0xACCf72F6b216F90fB52ED49bDdA6315761c57A74

https://etherscan.io/address/0xA66e0ed87CCeF7FaA1677A4FCBfC6dE5e1b7d868




Liquidity Removal Transaction:

https://etherscan.io/tx/0x497c91edeb64576e755288e645019a250bfc4d88f4a527fbc4c0e4692c7194b3

Quick Summary

RocketSwap, a DEX on Base chain, suffered an access control exploit on Aug 14, 2023, leading to a loss of 472 ETH, equivalent to
869,000 $USD.




Details of the Exploit

On Aug 14, 2023, RocketSwap, a decentralized exchange operating on the Base chain, fell victim to an access control exploit. The
attacker managed to compromise the RocketSwap: Deployer EOA address, allowing them to seize LP tokens. After acquiring these
tokens, the attacker removed liquidity and converted RCKT, WETH, and axlUSDC tokens to ETH, which were then bridged to the
Ethereum Mainnet via Stargate Bridge.




Once on the Ethereum chain, the attacker used the funds to add liquidity along with a newly created fake token, LoveRCKT. Half of
the liquidity with the fake token was already withdrawn as of August 15, 2023. The attack resulted in a total loss of
approximately 472 ETH, worth around 869,000 $USD. RocketSwap's team confirmed that there was a brute force attack on their server
where the private keys were stored, and subsequently shut down their Telegram and disabled comments.




Block Data Reference

Attacker Address:

https://basescan.org/address/0x96c0876F573e27636612CF306C9db072d2B13DE8




Malicious Transaction:

https://basescan.org/tx/0x25c11d664f89ef9237ecf2e8ff1f067821cb829694b184c7ee74e6d0a3f9bfba




Liquidity Removal Transactions:

https://basescan.org/tx/0x5dce5276d3a1d2286f7bf535634ccd99fa9909b2bf5bc0d6625d2660da50c5b5

https://basescan.org/tx/0x1a1d567e8c4b5db05f8b9ac1dc37cfea350cfd2529a3f5c5c86baa86a3179ada




Bridging Transaction:

https://basescan.org/tx/0x9b384f72d0817c99d2829c1226729de0c2ae29aa8ae7d32f1feaa6fc358de026




Funds Holder as of Aug 15, 2023:

https://etherscan.io/address/0x96c0876F573e27636612CF306C9db072d2B13DE8




Fake Token Address:

https://etherscan.io/address/0xbdacbd348293f7839cc6ea64335d839db4841a39




Liquidity Adding Transaction:

https://etherscan.io/tx/0xbe0b89188b044a3b69702c73fd76cf555b39fa4ad2d609685411b71cfa4f3dba




Liquidity Removal Transaction:

https://etherscan.io/tx/0xf1a95e4db4c4d70fbfbab3d75bae426c6c20783226bd3fad4be32e38f4432220