On January 11, scammers pulled off one of the largest NFT rug pulls in the history of the Solana blockchain. The scammers made off with 9,136 SOL, or around $1.3 million at the time, in funds sent by would-be collectors to mint “Big Daddy Ape Club” NFTs—except there were no NFTs.
And the people behind the Big Daddy Ape Club were able to abscond with the funds despite the NFT drop having been “verified” by decentralized identity verification company Civic.
Civic, a San Francisco-based crypto firm that first burst onto the scene in 2015 as an open-source identity verification protocol on Ethereum, has refashioned itself as an NFT auditing and verification service on competing blockchain network Solana. Civic announced in late December that it had "verified" the Big Daddy Ape Club through its Verified by Civic Pass program. The company says it designed the program as a free service for creators to verify their real-world identities and build trust within their communities.
But it was that trust that the Big Daddy Ape Club exploited. And Civic now says it’s working with law enforcement to track down those responsible for the scam.
"We are aware of the reported Big Daddy Ape Club rug pull and that there are victims involved. We take this attack on the NFT community seriously, and are taking steps to offer all the assistance we can," Civic CEO Chris Hart tweeted on the day of the mint.
What was the Big Daddy Ape Club?
Big Daddy Ape Club was billed as a collection of 2222 ape-themed NFTs to be minted on the Solana blockchain and listed on the Solanart NFT marketplace. But it turned out to be a classic rug pull—a type of exit scam that is all too common in crypto in which developers suddenly leave a project and disappear with investors’ money. Digital artist and NFT blogger Faith Orr, who goes by ToasterFires on Twitter, detailed what happened with this scam on her Substack:
"The one thing I keep hearing from the Big Daddy Ape Club victims is that they locked the Discord a few hours before mint, which to many was bizarre since the mint link usually appears there," Orr wrote. Orr also pointed out that victims of the scam said they did not receive their NFTs after sending SOL.
"This is an especially brutal move on their part," Orr wrote. "Most rugs do the basic courtesy of leaving their victims with NFTs even if they don't ever get listed on secondary markets."
Soon after, the Twitter account, Discord server, and website for Big Daddy Ape Club went dark. Solanart acknowledged the rug pull, pointing out that Civic had verified the project.
"The identity of the individual who held themselves out as the founder of the BDAC project was verified through our program," Hart tells Decrypt. "We are cooperating with law enforcement to assist in their investigation, but do not know how long their investigation will take."
Mert, a software engineer at Coinbase and a Solana researcher, told Decrypt that this is the largest NFT rug pull that he has tracked so far. He said that he tracked the scammer’s Solana wallet and that some of the funds have been transferred to accounts on cryptocurrency exchange Binance. Upon filing a report, the exchange told Mert that it has since blocked the accounts and will likewise work with law enforcement to investigate, he said.
"We are aware of the recent reports and our team is investigating the matter further," a Binance representative told Decrypt. The representative added that the company does not comment on "specific engagements with law enforcement."
DYOR, NFA
Hart says that Civic aims for the highest levels of accuracy but says no verification process is effective 100% of the time. "We do not endorse projects in this program, nor do we perform due diligence on them beyond our identity verification services," he said. But while that’s true, potential investors could be forgiven for confusing a “verification” for an endorsement—and based on the hundreds of responses to Hart’s initial tweet, many of them did.
The Verified by Civic Pass program works by verifying control of the project's Twitter handle, control of the project's domain, and identity verification of the project founders through ID document capture. The verification process also includes a 3D face scan of the person completing verification compared to a 2D photo identification. But it appears being fully doxed wasn't enough to keep the Big Daddy Ape Club developers from scamming collectors.
Some Twitter users following the story questioned the need for auditors. "Why have they been made the arbiters of "good" and "not good" when it comes to projects?” NFT collector Kylienft tweeted. “Moreover, is this criteria they're using to evaluate projects even valid? Does doxxing and being duly active on social media and having a good looking website actually protect investors?"
Civic says the verification process is designed to share information with the appropriate authorities in the event of a rug pull. It says it is in direct contact with U.S.-based authorities and intends to cooperate fully.
Hart tells Decrypt that Civic has partnered with Magic Eden, the leading NFT marketplace on Solana in terms of volume, for trust and safety services and with NFT project ranking site RadRugs to integrate with their security leaderboard.
"Over the past few months, we've expanded our role to help increase trust and safety across the NFT ecosystem,” Hart said. He added that Civic has partnered with Metaplex, the company behind the protocol responsible for creating NFTs on Solana, in an attempt to mitigate the use of bots on the network, which continues to be a significant problem for NFT projects on Solana.
Because transaction fees on Solana are near zero, unlike the gas fees on rival network Ethereum, tech-savvy traders can use bots to spam the network with transactions and scoop up tokens during an IDO or valuable NFTs during a mint in order to resell them on secondary markets at a much higher price.
Last November, Civic announced the launch of Ignite Pass, a free version of its Civic Pass, which was designed to address this problem. Civic says Ignite Pass requires NFT buyers to prove their "liveness" and offers a paid upgrade option for high-value auctions.
But this, too, does not currently appear to be working as intended:
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.