Solana NFT Project Rug Pulls Investors for $1.3M—Despite Civic 'Verification'
Big Daddy Ape Club scammed would-be investors out of 9,136 SOL, even though its devs were purportedly fully doxed through the “Verified by Civic Pass” program.
On January 11, scammers pulled off one of the largest NFT rug pulls in the history of the Solanablockchainblockchain. The scammers made off with 9,136 SOL, or around $1.3 million at the time, in funds sent by would-be collectors to mint “Big Daddy Ape Club” NFTs—except there were no NFTs.
And the people behind the Big Daddy Ape Club were able to abscond with the funds despite the NFT drop having been “verified” by decentralized identity verification company Civic.
Civic, a San Francisco-based crypto firm that first burst onto the scene in 2015 as an open-source identity verification protocol on EthereumEthereum, has refashioned itself as an NFT auditing and verification service on competing blockchain network Solana. Civic announced in late December that it had "verified" the Big Daddy Ape Club through its Verified by Civic Pass program. The company says it designed the program as a free service for creators to verify their real-world identities and build trust within their communities.
But it was that trust that the Big Daddy Ape Club exploited. And Civic now says it’s working with law enforcement to track down those responsible for the scam.
"We are aware of the reported Big Daddy Ape Club rug pull and that there are victims involved. We take this attack on the NFT community seriously, and are taking steps to offer all the assistance we can," Civic CEO Chris Hart tweeted on the day of the mint.
We are aware of the reported Big Daddy Ape Club rug pull and that there are victims involved. We take this attack on the NFT community seriously, and are taking steps to offer all the assistance we can.
Big Daddy Ape Club was billed as a collection of 2222 ape-themed NFTs to be minted on the Solana blockchain and listed on the Solanart NFT marketplace. But it turned out to be a classic rug pull—a type of exit scam that is all too common in crypto in which developers suddenly leave a project and disappear with investors’ money. Digital artist and NFT blogger Faith Orr, who goes by ToasterFires on Twitter, detailed what happened with this scam on her Substack:
"The one thing I keep hearing from the Big Daddy Ape Club victims is that they locked the Discord a few hours before mint, which to many was bizarre since the mint link usually appears there," Orr wrote. Orr also pointed out that victims of the scam said they did not receive their NFTs after sending SOL.
"This is an especially brutal move on their part," Orr wrote. "Most rugs do the basic courtesy of leaving their victims with NFTs even if they don't ever get listed on secondary markets."
Soon after, the Twitter account, Discord server, and website for Big Daddy Ape Club went dark. Solanart acknowledged the rug pull, pointing out that Civic had verified the project.
It has come to our attention that the BDAC mint was a rug, we want to inform the community that we are deleting the collection from @SolanartNFT grid.
This project was successfully approved by @civickey verification but sadly, they decided to scam anyway.
— Solanart - Largest NFT Marketplace on Solana (@SolanartNFT) January 11, 2022
"The identity of the individual who held themselves out as the founder of the BDAC project was verified through our program," Hart tells Decrypt. "We are cooperating with law enforcement to assist in their investigation, but do not know how long their investigation will take."
Mert, a software engineer at Coinbase and a Solana researcher, told Decrypt that this is the largest NFT rug pull that he has tracked so far. He said that he tracked the scammer’s Solana walletwallet and that some of the funds have been transferred to accounts on cryptocurrency exchange Binance. Upon filing a report, the exchange told Mert that it has since blocked the accounts and will likewise work with law enforcement to investigate, he said.
"We are aware of the recent reports and our team is investigating the matter further," a Binance representative told Decrypt. The representative added that the company does not comment on "specific engagements with law enforcement."
DYOR, NFA
Hart says that Civic aims for the highest levels of accuracy but says no verification process is effective 100% of the time. "We do not endorse projects in this program, nor do we perform due diligence on them beyond our identity verification services," he said. But while that’s true, potential investors could be forgiven for confusing a “verification” for an endorsement—and based on the hundreds of responses to Hart’s initial tweet, many of them did.
The Verified by Civic Pass program works by verifying control of the project's Twitter handle, control of the project's domain, and identity verification of the project founders through ID document capture. The verification process also includes a 3D face scan of the person completing verification compared to a 2D photo identification. But it appears being fully doxed wasn't enough to keep the Big Daddy Ape Club developers from scamming collectors.
Some Twitter users following the story questioned the need for auditors. "Why have they been made the arbiters of "good" and "not good" when it comes to projects?” NFT collector Kylienft tweeted. “Moreover, is this criteria they're using to evaluate projects even valid? Does doxxing and being duly active on social media and having a good looking website actually protect investors?"
3/ Why have they been made the arbiters of "good" and "not good" when it come to projects? Moreover, is this criteria they're using to evaluate projects even valid? Does doxxing and being duly active on social media and having a good looking website actually protect investors?
Civic says the verification process is designed to share information with the appropriate authorities in the event of a rug pull. It says it is in direct contact with U.S.-based authorities and intends to cooperate fully.
Hart tells Decrypt that Civic has partnered with Magic Eden, the leading NFT marketplace on Solana in terms of volume, for trust and safety services and with NFT project ranking site RadRugs to integrate with their security leaderboard.
"Over the past few months, we've expanded our role to help increase trust and safety across the NFT ecosystem,” Hart said. He added that Civic has partnered with Metaplex, the company behind the protocol responsible for creating NFTs on Solana, in an attempt to mitigate the use of bots on the network, which continues to be a significant problem for NFT projects on Solana.
On September 14, the Solana network—primed for speedy, low-cost transactions compared to oft-congested Ethereum—went down for 17 hours.
The culprit was a group of bots, software programs that crypto traders use to make automated trades, aping into the GRAPE token sale on decentralized exchange Raydium. The Solana Foundation called it, "in effect, a denial of service attack"—though the bots' intended use was to outmaneuver other traders, not to take down the network.
It’s not just exchanges that...
Because transaction fees on Solana are near zero, unlike the gasgas fees on rival network Ethereum, tech-savvy traders can use bots to spam the network with transactions and scoop up tokens during an IDO or valuable NFTs during a mint in order to resell them on secondary markets at a much higher price.
Last November, Civic announced the launch of Ignite Pass, a free version of its Civic Pass, which was designed to address this problem. Civic says Ignite Pass requires NFT buyers to prove their "liveness" and offers a paid upgrade option for high-value auctions.
But this, too, does not currently appear to be working as intended:
Well, given @MortuaryIncNFT got botted to hell last night (thanks @sainteclectic for the heads up) using @civickey captcha, it looks like the current captcha is useless now. The spy v spy game has escalated. @baalazamon and I are convening a war council to look for a new captcha. pic.twitter.com/Q4XE4YvI9K
LG will shut down its NFT platform, LG Art Lab, on June 17, according to a notice published on its website earlier this month.
The project, launched at the height of the NFT craze in September 2022, allowed users to display NFTs on their TVs and partnered with visual artists to launch digital art collections.
“As the NFT space continues to evolve, we believe it is the right time to shift our focus and explore new opportunities,” the company stated.
Ahead of the closure, all assets currently li...
Two years after they were inscribed on the Bitcoin blockchain, the highly anticipated Taproot Wizards Ordinals collection will go on sale on March 25, the project's creators announced Tuesday.
Taproot Wizards will consist of 2,121 Wizard NFTs, modeled after the iconic Bitcoin Wizard meme that surfaced on Reddit in 2013.
The collection will be sold in two distinct phases, the first of which will offer Wizard NFTs to those on an allowlist for 0.2 BTC, or $16,340 at today’s prices. An eligibility c...
Tech giant Sony is commemorating 25 years since the launch of Aibo, its companion robot dog, with an officially licensed soulbound NFT collection called "Entertainment Robot Aibo” on the Soneium blockchain.
The collection, which cannot be traded or transferred thanks to its soulbound nature, can be minted for free on OpenSea’s NFT marketplace, with users required only to pay a small gas fee to initiate the transaction.
In its official Discord community, Soneium’s team wrote that Aibo’s return a...
