Oyster Protocol Founder Exit Scams, Steals $300,000 from ICO Smart Contract
Oyster Protocol is a hybrid IOTA/Ethereum smart contract platform intended to help sites garner earnings. Rather than classic advertisements, users of sites provide their computing resources, allowing the web site owner to garner Oyster Pearls (PRL) by procuring and contributing to solutions provided by Oyster. PRL — that will be an ERC-20 token and operates on Ethereum — continues to be recorded on crypto exchange KuCoin because December.
Yesterday William Cordes, CEO of Oyster, declared that a few events of intense intrigue had happened in the hands of their project’s initial designer, Bruno Block. In accordance with Cordes, Block managed to use a role inside the Oyster smart contract — a role that he insisted must stay in the live code to make himself”manager” and mint new crypto tokens, at least 3 million, that he then moved to KuCoin and sold to the tune of $300,000.
“Despite Oyster passing three separate smart contract audits, we were told by Bruno Block, the original founder and chief architect of the project, that the directorship of the token contract had to remain open so that the peg could be adjusted over time. This ultimately turned out to be a trapdoor mechanism in the contract that was eventually exploited. This contract was written by Bruno Block prior to the ICO, at which point Bruno was the only member of the team. We relied on the auditors involved here for assurance that the smart contract was safe. Bruno was the only one who had the ability to transfer directorship within the PRL smart contract. After our initial review, we are inclined to believe that these were solely the actions of Bruno Block and that he did this now to avoid detection from KuCoin KYC procedures (that will be implemented on November 1st). These KYC procedures would have limited withdrawals on Non-KYC’ed accounts to no more than 2 BTC per day and would have prevented this from happening. This was well-orchestrated and well-executed (at a time when he knew a majority of the KC team would be offline). This also caught the entire team outside of Bruno Block by surprise, as the team collectively holds ~5% of the total supply in personal wallets. The team has been working tirelessly on this since day 1, without pay at some points in time. This project has been built on the back of hard work and raw determination and we will not let Bruno’s role as a bad actor in all of this undermine a project that the entire rest of the team is completely devoted to.”
According to the evaluation at Oyster, the assault culminated in crypto tokens being made and issued to Ethereum speech 0x0001Ee57Bb28415742248d946D35C7f87cfd5A54. The coins were sent to the exchange and also withdrawals and sales were made prior to the exchange and Oyster’s team could put a halt to it. As you can see in the image below, each the transactions were produced within a span of approximately 6 hours.
Over the span of 22 deposits, the speech garnered over 70 BTC (more than $400,000), all on precisely the exact same day. It’s uncertain where the coins moved out of there, however, it is safe to assume that the departure scammer has made efforts to realize his profits in a more transmittable manner — say paper cash.
The post about the topic makes clear the consumer tokens are”secure,” but it, unfortunately, does not account for the fact that the general value of these tokens was diluted with the random creation of countless new tokens for the only goal of deceptive enrichment. Oyster also promises to attempt to make the dealers on KuCoin — those who bought counterfeit coins — entire.
“In the interim, our team will be working around the clock to remedy this situation. We don’t know why Bruno did what he did or what his intentions were at the end of the day, outside of profiting from a loophole that he intentionally left in the smart contract. While I still take full responsibility for this all transpiring, I had no reason to believe Bruno would do something like this to harm the project and much of the work that he had a significant role in creating. We will not let his selfish actions today damage the long-term viability of the project.”
No word has surfaced out of Bruno Block. Definitely a heist worth entire less than $1 million is not sufficient to evaporate forever, and furthermore, he’ll surely have the government on his path before long. Interestingly, the article in William Cordes makes no mention of getting contacted the government, but the crypto exchange KuCoin is going to likely be forced to do so.