Cyber vigilante hunts down DeFi scammers running away with $25M rug pull

In the world of digital finance, where the weapon of choice for a heist is a computer rather than a semi-automatic firearm, tracking down scams and frauds from across the world becomes a near-impossible feat for centralized police forces. 

However, in an interview with Cointelegraph, an anonymous cyber vigilante shares insights into how he went about tracking down a group of decentralized finance (DeFi) scammers responsible for the $25 million StableMagnet rug pull, coordinating with police authorities and eventually having the stolen money returned back to the investors.

The StableMagnet platform lured unwary investors under the pretext of high returns against stablecoin deposits. In a typical rug pull event, StableMagnet managed to run away with the $25 million that was invested by over 1000 users.

##StableMagnet #rugpull $22m and growing. Its SwapUtils library code is NOT verified and *DIFFERENT* from main Swap contract: https://t.co/Ls5XNA5UXf. @bscscan There is a need to verify the library code!

— PeckShield Inc. (@peckshield) June 23, 2021

Right before the rug pull, the cyber vigilante (anonymous for obvious reasons) examined the code to ensure the legitimacy of the project prior to investing himself. However, what he missed out on were a number of messages on Twitter alerting him on the possible exploits and vulnerabilities in the system. 

Taking things personally, the vigilante — an active ethical hacker — set out to track the scammers and bring justice to the investors. He told Cointelegraph:

“I just felt like this was the only opportunity in my life — to have a very meaningful impact in a situation where most people are not going to have the time and the gusto to do that kind of thing.”

Starting from tracking down a GitHub account to identifying all family members of the scammers through social media accounts, our vigilante’s investigation pinpointed a group of Chinese locals from Hong Kong.

Eventually, the anonymous vigilante tracked down the scammers' travel to a Chinatown in Manchester — a temporary move until the commotion died down:

“I didn't want them to go to jail. I don't like the centralized forces to come into the decentralized world as much as we possibly can.”

Taking the matter into his own hands, he booked a one-way flight ticket to Manchester while contacting local police authorities citing the narrow timeline before the scammers move to a different location. To the vigilante’s surprise, the Greater Manchester Police reacted swiftly and arrested a few of the scammers.

The police retrieved different pieces of a single USB device from the scammers, which contained roughly $9 million:

“Once that occurred, it was believable to the other project people (scammers) that I wasn't BSing about finding them and knowing where they were and being able to get them taught if

Following the arrests, other members of StableMagnet cooperated with the cyber vigilante and returned the majority of the loot. Ever since the development, his message has been heard loud and clear, “maybe it's not a good idea to scam, at least not on the Binance Smart Chain.”

‘No more rug pulls’: Project eliminates human involvement from token distributions   April 6, 2021
International Police Collaboration Leads to Arrest of Suspect in $11 Million IOTA Theft   Jan. 24, 2019
Security firms are making it more difficult for scammers to get away with DeFi project hacks   Feb. 23, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains   Oct. 19, 2022
Ethereum white paper predicted DeFi but missed NFTs: Vitalik Buterin   Jan. 2, 2022