Possible identities of AnubisDAO rug pull suspects revealed

Two years ago, AnubisDAO was rug-pulled for about $60 million worth of Ethereum (ETH) and funds were never recovered. However, the blockchain never forgets and block analysts have been keeping an eye on Anubis exploiter wallets.

New on-chain analysis by ZachXBT may have revealed who the scammers are.

Deeper analysis reveals possible identity of exploiters

An analysis done by ZachXBT, an on-chain analyst, shows that the funds ended up in two exchange deposit addresses.

These addresses are 0x51da686c7a2f973ad11fafed6ce9a3ffc020349f, herein marked as (1) and 0x253d7ba533b7d13720fb5ec5a7d1e64d4ff3f58b, herein labeled as (2).

1/ Here is my analysis of the $60M Anubis DAO rug pull.

I noticed a clear trend in 2023 of funds being withdrawn from Tornado Cash and bridged to Polygon before consolidating to two exchange accounts. pic.twitter.com/UX0uHSG9TN
— ZachXBT (@zachxbt) July 20, 2023

ZachXBT was able to trace a transaction of 95 ETH sent to (1) from bsl.eth, an address owned by Beerus. Up until now, the identity of the DAO exploiters had remained unknown. Upon further investigation, wallet (1) belongs to Ersan, a friend of Beerus.

While Beerus’ Twitter account is mainly dormant, having posted last in October 2021, Ersan is quite active, only recently posting on July 20, 2023.

You might also like: Attacker behind AnubisDAO rug pull transfers another $5.9m to Tornado Cash

AnubisDAO rug pull suspects laid low for 2 years

In October 2021, following the massive Dogecoin pump, AnubisDAO raised 13,556 ETH from crypto investors. However, just 20 hours after receiving the funds, the ETH was sent to different addresses in a rug pull.

The result was an immediate loss for investors.

Two years later, block analysts noticed a trend of the funds (13,556 ETH) getting bridged to Polygon before getting sent to two exchange deposit addresses. These funds were moved through Tornado Cash, a cryptocurrency mixer that completely anonymizes transactions.

As it turned out, the rug pullers didn’t move funds for over two years only for Peckshield, a blockchain security firm, to be among the first on-chain analytics platforms to pick out funds’ movements.

It seems the rugged @AnubisDAO funds are being washed via @TornadoCash https://t.co/DPoZ1ifSNX https://t.co/LvDSUsL6tS pic.twitter.com/mKfSdTE6D9
— PeckShieldAlert (@PeckShieldAlert) July 16, 2023

Hackers may be involved in other online scams

Further deep-dive reveals that Ersan is a notorious exploiter who “works with multiple ‘suppliers’ for a scam website known as CDGORoll.”

Warren, another blockchain analyst, links Ersan to high-level and coordinated online casino scams involving shady payment processors and x-rated website hosting services.

Great finds, Zach.

Ersan, the owner of the address you mentioned in the 3rd tweet, works with multiple "suppliers" for a scam website known as CSGORoll. The money is laundered through there into some very odd places. This site is a hub for illegal funds. https://t.co/cdhA8V5WIt
— Warren (@variancewarren) July 20, 2023

This breakdown comes weeks after PolyNetwork was hacked for millions of dollars.

Given the size and patience of the AnubisDAO exploiters, investors may have to watch as their investment disappears into the Tornado Cash black hole.