Covert rug pull results in $1.14 million loss from IEGT token minting scam

In the latest scam to hit the DeFi space, the PancakeSwap community noticed a massive IEGT token minting operation by bad actors that had gone unrecorded and resulted in significant fund theft.

Token minting scam results in IEGT token value plummeting

On July 22, 2023, the IEGT token’s value plummeted by 100% due to the sale of 1 billion IEGT tokens for a total of $1.14 million. Allegedly, the project behind this belongs to Twitter account @IECTT as they had previously advertised an IEGT launch on their account.

The transaction was received by EOA 0x000000481f40f88742399a627cbc2afb6ec34fed, of which $100,000 was transferred to EOA 0x00002b9b0748d575CB21De3caE868Ed19a7B5B56 who then converted the funds to BNB and deposited into Tornado Cash. 

The IEGT token is presumed a scam due to Its total supply being $5 million, yet a significantly larger amount of IEGT tokens was bought by EOA 0x00002b9b0748d575cb21de3cae868ed19a7b5b56. The selling wallet’s records also show no incoming IEGT tokens, but it was able to sell a large quantity.

This discrepancy is suspected to be due to the contract’s setup that enabled EOA 0x00002b9b0748d575cb21de3cae868ed19a7b5b56 to receive secretly minted tokens.

Users forwarded tokens to these wallets in $100 USDT increments. After accumulation, large funds ranging from $10k to $50k were transferred to 0x099A59605EbA814D1c094F7cc065064B29C02D7E. This EOA purchased IEGT, which was promptly burned after deducting a 2% and 3% tax. The taxed funds were sent to two more EOAs currently holding balances of $21k and $14k.

The bad actors’ actions were noticed when PancakeSwap community members sent a distress signal while the IEGT token was deployed on BSC. The PancakeSwap community also saw that the bad actors had made away with a significant amount of the pool’s funds.

Further investigation uncovered that the project team had covertly minted a large number of tokens during the initialization of the IEGT contract, preparing for a rug pull.

Contract storage manipulation results in rug pull

An investigation into the event revealed that the token contract code did not use a direct method for token minting. An in-depth analysis of the smart contract’s balances revealed an alteration to the data slot corresponding to a specific user’s balance, thereby altering the token balance.

The project team used inline assembly to modify the contract storage and purposely didn’t format the code to enhance its concealment. The calculated balance storage slot position was [0x9d1f25384689385576b577f0f3bf1fa04b6829457a3e65965ad8e59bd165a716]. The subsequent operation then modified the contract storage value at this position, successfully minting the tokens.