Original text - NFTethics
Organize - Odaily
If you are a Meme coin enthusiast, you must have heard the name of PEPE, the most popular project this year, and you may have also heard the related wealth myths. For example, some so-called Smart Money addresses spent US$100 to buy PEPE since its issuance and never got off, eventually earning tens of thousands of times (on-chain data can confirm).
Why cant ordinary people be among the first to get on the bus and grab the 10,000 times the coin? This is because the most profitable projects of this kind are only traders, who can buy at the bottom and escape at the top of the mountain; even the original intention of the creation of this type of Meme project is just to launder some black money.
Recently, X platform (formerly Twitter) users「NFTethics」Multiple long articles were published, and through careful on-chain analysis and various supporting evidence, the true identity of the trader behind PEPE was determined. To summarize the relevant points of his tweets, they are as follows:
1. The funds of the Rug Pull project AnubisDAO in November 2021 were laundered with the help of this years popular PEPE project, and the anonymous and well-known DeFi investor Sisyphus was behind it.
1. Sisyphus’s real identity is Kevin Pawlak, the head of OpenSea Ventures, and he now lives a luxurious life;
2. Sisyphus (Kevin Pawlak) is the real leader behind the AnubisDAO project. He obtained the private key of the project manager at the time through hacking methods and transferred funds. He successfully found a scapegoat to pass the buck and got away with it.
The latest news is that an OpenSea spokesperson responded to this matter: Kevin Pawlak left his job in June 2023 and had a limited scope of work during his time at OpenSea, holding a non-management position. It is not known whether he was involved in the AnubisDAO Rug incident. In addition, we have related There is no connection or information about the projects as they were conducted before he joined OpenSea.
1. Anubis project Rug funds were laundered with the help of PEPE
Back in November 2021, OlympusDAOs imitating project AnubisDAO (token ANKH) raised 13256.4 ETH (worth approximately US$57 million at the time) after conducting an LBP (liquidity bootstrap pool). But soon, the managers discovered that the funds had been transferred to another new address. At this time, LBP had been going on for 20 hours and had not yet reached the end time.
What role does Sisyphus, the protagonist of our story, play in AnubisDAO? On the surface, he is the publicity ambassador of the project, but secretly he is the leader (will be introduced later).
The day before AnubisDAO funds were taken away, Sisyphus was still vigorously promoting the project in the Discord community, and claimed that he had bought 420,000 US dollars (remember this knowledge point, take the test), and would buy more in the future; and, In order to dispel everyones worries, Sisyphus also stated that this project will never be successful. Even if the development does not go smoothly, everyone will get back their principal in the end.
(Sisyphus Community Marketing Recording)
As a result, the project was really rough the next day. Sisyphus immediately wrote a long essay, clarifying his responsibility. At the same time, he said that he had contacted law enforcement agencies in the United States and Hong Kong, China, and called on the hackers to pay back the money as soon as possible. Since then, Sisyphus has made no progress and no longer updates AnubisDAO-related news. It seems that $420,000 is really just a small amount of money.
Of course, the hackers did not return the AnubisDAO stolen funds. In the past two years, these stolen funds have been continuously transferred to various currency mixers and platforms that do not require KYC for laundering. One of the wallet (Anubis Rug 3) addresses interacts with FixedFloat, a platform in Seychelles that does not require KYC - the wallet gas is sent by FixedFloat. As follows:
(Anubis Rug 3)
Interestingly, the initial funds for early holders of the PEPE project also came from the FixedFloat platform, such as Zach Testa (account: DegenHarambe) and Max Zim (account: SumFattyTuna). Especially Zach Testa, who bought the PEPE token contract just a few minutes after it was released on April 14, and then tweeted about the project; 3 minutes later, Max Zim immediately retweeted the tweet and also bought PEPE. The whole process looked very silky smooth and it seemed like everything was rehearsed.
The relationship between Sisyphus and Zach Testa and Max Zim is very close. It is reported that Zim is Sisyphuss former roommate. Before AnubisDAO Rug, Sisyphuss wallet had interacted with Zim for transfers; and the two had also participated in program interviews together - Sisyphus did not appear in real life.
(Wallet interaction record)
On April 17, Sisyphus tweeted, Over the weekend someone used a token called pepe to convert 0.02 ETH into 63 ETH and posted an address starting with 0x 5 DD. Zim responded immediately After reading Sisyphuss post, the two interacted.
Interestingly, the address starting with 0x 5 DD received startup funds from the FixFloat platform on April 7. In addition, on April 7th, another version of the PEPE token (called aPEPE to distinguish it) was also launched. It has the same contract and the same early batch of holders as the currently well-known version of PEPE. . For example, Zim bought aPEPE when it was released on April 7 - but he said in a subsequent community interview that he had never heard of PEPE before. It seems that from the beginning, Zim knew that the PEPE currency was going to rise.
(Zim was a guest on the show and said it was the first time he knew about PEPE)
There are more coincidences than just the above. 2 minutes after the Anubis Rug 3 wallet transferred 3,000 ETH, the Zim wallet address began to interactively buy PEPE on the chain; and the investigation found that when the wallet associated with Anubis Rug was active for transfer, the Zim wallet seemed to be conducting PEPE-related transactions. operate.
(Zim wallet and Anubis Rug wallet are active at the same time)
In addition, Anubis funds are mainly laundered through platforms such as Stake; and the fund wallet addresses related to PEPE also transferred a large amount of funds to Stake after PEPE went online (April 14), and from Stake to FixFloat. Moreover, most of the Anubis stolen funds were transferred out from March to July this year, which basically overlaps/synchronizes with the PEPE growth cycle. There is a deep correlation between the two, and the stolen funds may be laundered through the speculation of PEPE.
Regarding the complete whereabouts of the Anubis stolen funds, some CEX and OTC platforms still need to work together - some of the funds flowed into platforms that require KYC. Whether there is any connection between the Anubis stolen funds and the PEPE hype still requires more evidence to verify.
To add another detail, in August this year,PEPE team internal strife, several former members privately deleted their multi-signature permissions and sold their tokens, and finally the official issued a vague announcement.
2. Sisyphus dominates Anubis and designs its own Rug
The blogger NFTethics obtained the information of the Anubis team members a few days before the funds were stolen.Internal chat log。
According to investigative reasoning, Sisyphus appears to be the true mastermind behind the project, with his approval and signature needed for almost everything, including the exact wording of every published tweet and every technical/financial issue. Moreover, the project Rug Pull seems to have been directed and performed by Sisyphus, and he successfully made another member Beerus take the blame for it.
(Team division of labor)
In the team division of labor, Sisyphus positions himself as responsible for external public relations and helping to unite DAO members, but in fact he is the person in charge and gives orders.
Team member AureliusBTC said in the chat: None of us really understand LBP (Liquidity Boot Pool), but as long as Sisyphus understands.. When another member Beerus posted a post announcing that a new member had joined Anubis, Sisyphus immediately instructed him to delete the tweet, which Beerus did. Moreover, Sisyphus also stated in the chat records that he has contact with Alameda Research (an encryption company under SBF), and that the other party also purchased Anubis’ token ANKH.
(Sisyphus introduces LBP related situations)
Lets return our focus to Anubis being drained of liquidity. After the incident, Sisyphus claimed that DAO members agreed to let Beerus deploy LBP because they were either unavailable or did not want to be responsible. But in the internal chat, there was no evidence to support this statement - in fact, Sisyphus initially mentioned that they were using the best multi-signature ever, but later in the chat he said that he could not sign for authorization - Therefore, it is speculated that he may have changed the original multi-ticket to be solely responsible for Beerus in this way, thus laying the groundwork for subsequent attacks. The timeline of the next story is as follows:
Late at night on October 28, Sisyphus mentioned that he was going to bed and planned to sleep for 6 hours. The last message stayed at 00:16;
When I joined the chat the next morning, the time was 07:18 am, and I answered a few questions in the group;
At 07:20, the mailbox of Beerus, who holds the management authority of LBP, received an email from Sisyphuss email address - including a PDF with SAFT (Simple Agreement for Future Tokens) - Beerus is on file After posting, I mentioned that this PDF contained a Trojan virus, which damaged my computer and stole LBP management rights;
At 07:26, Sisyphus communicated with Beerus for a period of time, and reminded the latter to stay awake before the end of LBP. The communication continued until 07:44, which was 4 hours before the end of LBP;
At 07:48, LBP funds were exhausted, and all ETH was withdrawn to a new address by the management account, leaving only a pile of worthless ANKH tokens.
According to subsequent investigations, neither the Copper platform nor Balancer’s smart contracts have been breached or destroyed. In other words, the Beerus wallet account of the LBP creator was either compromised as he said, or he acted on his own initiative. Sisyphus claimed that the email was never sent to his email address.
(Beerus said he received a virus email)
Who is lying? We make inferences from some side information. First of all, not only Beerus received the email, but also other VC contacts - the difference is that Beerus received the PDF email at 07:20 am, while others received it half an hour later, and some even several days later Hours. One possible explanation is that the attacker sent mass emails to confuse the target of the attack, and also reserved time in advance for Beerus to open the PDF and attack the computer.
Furthermore, when other received PDFs were later analyzed, there were no visible anti-spoof warnings. SPF doesnt flag a Gmail address unless the address doesnt actually come from Gmail; based on the photo, its likely that the address sent actual email. In other words, these emails were really sent from Sisyphuss real email address - and Sisyphus swore that he had never sent any emails, and even pretended to be stupid in the group and asked what does this mean?
In addition, analysis of other peoples emails found that there was no Trojan virus installed - in fact, it may be that only Beeruss had the virus. Afterwards, he also submitted his computer to the Hong Kong police to prove his innocence (there is currently no latest development, and the incident seems to be over) Of).
The question is, how does the attacker know that Beerus has LBP management rights? Except for a few insiders, no one knew that Beerus was (the only) person in control. In fact, Anubis team member Convex mentioned this in the group chat: Why would Beerus even receive malware? It makes no sense for him to be targeted. As everyone knows, aureliusBTC and I are the developers, more like master Private key. Outsiders don’t know the specific situation of Beerus at all.
Interestingly, Sisyphus also asked Beerus: Man, what did you click? At this time, Beerus had not revealed to everyone that he clicked on the malicious email PDF, and no one else knew about it. How did Sisyphus know?
After the LBP capital pool was drained, Sisyphus accused Beerus of implementing rugs on the project and said, You ruined my reputation. Moreover, Sisyphus also released the attackers IP address and mentioned that it came from Hong Kong, where Beerus lives - in fact, this IP address came from a third-party VPS provider, which can rent servers in different regions, and has no reference value. Later, Beerus was exposed by investors to his true identity. He was the 19-year-old son of Cheung Shun-ching, a well-known figure in the Hong Kong horse racing industry.
There is another detail. Max Zim, an early participant of PEPE mentioned earlier, also participated in the sale of Anubis. Afterwards, he also defended Sisyphus on Twitter. After all, the two have a close relationship.
3. Sisyphus opens a trumpet again, and his real identity is Kevin Pawlak, the head of OpenSea Ventures
As we said before, Sisyphus, who claimed to have invested US$420,000 in the Anubis project, was not disappointed at all after the project Rug. After I wrote a short essay clarifying my responsibilities, I stopped paying attention to the subsequent progress.
On November 6 (a week after the attack), Sisyphus opened another account on Twitter under the pseudonym 0x Magallan (now deleted). This account has been extremely active in the past two years, posting more than 5,000 posts and participating in various project marketing. The account contains two wallet addresses: ferdinand-magellan.eth and ukrainedonations.eth.
In fact, there are many controversial aspects of Sisyphus (Kevin Pawlak). For example, he once purchased the expensive NFT Etherrock 72, fragmented it into PEBBLE tokens on the NFT fragmentation protocol Fractional, and sold it at a very high premium. Priced in ETH, the PEBBLE token has fallen by more than 99% from its high point. The project has been shut down in 2023 and all operations have ended; PEBBLEs official website pebble.xyz has also expired and is in the sale stage.
It seems that no one has ever seen the real bodies of Sisyphus and 0x Magallan, and there is no relevant information on the Internet. However, “NFTethics” still passedVarious on-chain informationAnd multiple sources confirmed his true identity, which is Kevin Pawlak, head of OpenSea Ventures.
Kevin Pawlak
First, the timestamps on the pawlak.eth and sisyphus.eth addresses match exactly. On-chain data shows that they all minted Zorbs (ZORB) within 1 minute, and they also minted sismo.eth DAO (SDAO) within 10 minutes. At the same time, the intervals between other on-chain operations were also very short, and the accounts were basically the same. Frequently active.
Interestingly, Kevin Pawlak often uses the account Sisyphus to publish some critical posts about OpenSea - maybe he wants to put some pressure on them so that Opensea can launch a project that he can benefit from the most, maybe just to post Whining and complaining.
More people, including The Blocks Tim Copeland, have confirmed that Sisyphus true identity is indeed Kevin Pawlak - and that his identity is actually well known in small circles. Now, he has renamed the wallet to pawlak.eth. The wallet address is: 0x BB 5 BB 336 d 1 Db 8471 B 77 F 936 C 210 B 15 fa 2 A 5 b 3 cbb.
Kevin Pawlak is smart, an Intel Science Talent Semifinalist, has a degree in chemical engineering, and wants to be a surgeon/scientific researcher, but people who know him mention his dark side: ruthless, amoral, antisocial, and capable of having no conscience /lies with regret.
Last October, Kevin Pawlak purchased another property in New York for $3.3 million. According to sources, Kevin Pawlak recently purchased a Rolls-Royce and Lamborghini (worth over $1 million) in France and is privately showing off his wealth and lavish lifestyle.
(Kevin Pawlak new home)
At present, Kevin Pawlak (Sisyphus) has not responded directly to external doubts. If there are any latest developments, Odaily will also pay attention to the reports as soon as possible.
