Web3 Security Warning丨Be careful with "hot spots": Detailed explanation of OrdiZK exit scam

On March 5, the CertiK security team discovered that OrdiZK orchestrated an exit scam. In this incident, the scammers used methods such as hoarding transaction fees, malicious selling, and abusing management rights to steal approximately US$1.4 million in user funds.

This incident is the sixth exit scam that occurred in 2024. To date, total losses from 2024 exit scams have exceeded $64 million.

Event Overview

OrdiZK claims to be a privacy cross-chain bridge between the Ethereum network and the Bitcoin network. They also claimed to enable cross-chain operations between other networks such as Solana and Avalanche, according to their since-deleted announcement.

The project’s deployer has established two OZK token contracts and multiple pledge contracts. Initial funding comes from ChangeNOW, which deployers deposit into FixFloat. Currently, we are unable to accurately confirm the identity of the source address of the funds.

OrdiZK’s project name covers two current industry hot spots and has attracted widespread attention. After the project is launched, users will be attracted to participate by promoting high returns. In a since-deleted announcement, they claimed that OZK’s staking annualized return is as high as 321.8%, which is an impressive figure.

Scam Timeline

OrdiZK announced via their X account on February 21 that they planned to migrate the contract to the V2 version. The new contract is expected to launch on February 26th and will allow users to migrate until March 4th.

After researching the migration mechanism, we found that when users call the "migrate" function, their V1 OZK tokens will be transferred to the deployer wallet (later marked as Fake_Phishing323133), V2 OZK tokens will be obtained later. See the case below:

#The substantial consequence of this migration is that the deployer address began to accumulate a large amount of OZK tokens. It is worth noting that this migration was announced shortly after the OrdiZK project went online. Officials claimed that this migration was to solve a small error discovered during the audit.

On March 5 after the migration deadline, the OrdiZK deployer sold 489 million OZK from the old contract at a price of 35.65 ETH (approximately $134,000), resulting in Price slippage of up to 98%.

At that time, users may not have realized that they had become victims of the scam. Because according to official news from the project, the liquidity after selling the old tokens should be added to the new token contract.

However, these funds were not added from the V1 contract to V2’s liquidity pool, but remained in the deployer’s wallet.

On March 5, within 12 hours after the sale of V1 tokens, the deployer sold an additional 454 million OZK in the new contract for 57.64 ETH (approximately $214,000), in OZK V2 liquidity The pool causes 98% slippage.

Subsequently, the deployer called the EmergencyWithdraw function twice and withdrew 57.68 ETH and 0.90 ETH respectively from the OZK pledge contract.

In addition to two sell-offs and emergency withdrawals of pledges, deployers also actively hoarded transaction fees while the project was online.

According to CertiK security team estimates, OrdiZK’s losses in this exit scam through the above methods were approximately US$1.4 million.

Funding Trends

OrdiZK also has two additional project wallet addresses, a marketing wallet and a financial wallet. On January 12, 70.5 ETH was injected into the marketing wallet, and it still holds 46.66 ETH. The treasury wallet received a capital injection of 75 ETH on January 15, which was used to create the pledge contract, and currently still holds 70 ETH in the wallet.

The project currently holds a total of approximately 1.47 million US dollars in assets in the wallet. The details are as follows:

ozk Deployer: 277.89 ETH (approximately 1,037,125 US dollars)

ozk- treasury.eth: 70.59 ETH (approx. $263,482)

ozk-marketing.eth: 46.66 ETH (approx. $173,899)

Written at the end

Removal resulted in $56.5 million The loss-making BitForex incident and the OrdiZK exit scam are the largest losses this year. With the emergence of innovative experimental standards such as ERC-404 and the popularity of the Bitcoin ecosystem reaching an all-time high, we may see more high-impact exit scams in 2024.

CertiK will continue to monitor the subsequent progress of this scam and will continue to bring you the latest security monitoring developments in the future to help the community stay vigilant and guard industry security.

If necessary, you can continue to pay attention to OrdiZK’s exit scam information and the subsequent financial trends of the fraud group in CertiK SkyInsights.

The above is the detailed content of Web3 Security Warning丨Be careful with "hot spots": Detailed explanation of OrdiZK exit scam. For more information, please follow other related articles on the PHP Chinese website!