A blockchain security firm tried to warn users of an imminent rug pull surrounding a crypto project, but investors became angry and fired back. The firm rescinded the security alert. Then, the project it accused of being a rug pull, pulled the plug.
This is the story of CertiK, a blockchain security firm that was just trying to do its job, the users who tried to stop them from doing so, and the project, Crypto Cars, who (perhaps gleefully) turned its back on its users.
Back in 2022, CertiK issued a “rug pull” alert for a Vietnamese Web3 gaming project called “Crypto Cars” which claimed it had over 700,000 users. At the time the project’s native token was falling quickly in price, its website was temporarily down, while its developers said that it would no longer respond on their Telegram due to the Lunar New Year Holiday celebrated in Vietnam. Considering the situation, the alert made sense — until angry community members pressured CertiK to retract its statement. But when Cointelegraph attempted to follow-up with the project on August 1, 2023, it had long shut its doors.
CertiK previously warned investors to avoid interacting with the nonfungible token (NFT) “racing-based play-to-earn” project. The firm announced on Twitter that they identified the project as a “rug pull” and highlighted that its website and Telegram channel had been shut down.
Despite its good intentions, users were quick to go after CertiK and argued that the community alert published by the on-chain security company was ‘false.’ Community members highlighted that the project’s website is still up, and its Telegram account was still functional. Yielding to a combination of pressure and seemingly legitimate evidence at the time, the blockchain security firm was retracted its rug pull alert and deemed it a “false alarm.”
After retracting the alert, CertiK pointed out the reasoning behind their alert, citing the Telegram account and website going offline and the funds “dropping to zero.” The security firm also told Cointelegraph back then that incident reporting is done at a very fast pace in order to alert community members and keep them up-to-date on any suspicious activity, defending itself for their “mistake.”
Related: BALD token developer denies rug pull as price falls 85% post-launch
The retraction also attracted criticism from the community. One community member described their alert as a “murderous statement.” The Twitter user also said that they wondered how long CertiK monitored it before making the conclusion, implying that the firm quickly jumped the gun instead of making sure that their analysis was correct.
The project now appears to be completely abandoned. While the rug pull alert was already retracted by CertiK more than a year ago, the project has recently done what “rug pull” projects typically do — deleted its Telegram account and even changed its Twitter into a totally different project called EtherBank. Moreover, the project also scrubbed the faces of its team members from its barely running website.
According to information left at CoinMarketCap, which has since ceased tracking the Crypto Cars token, Crypto Cars was created by a team of Vietnamese developers and was led by Ly Tran, who claimed to be a full-stack web and mobile app developer. Its chief technology officer An Nguyen was also described as a mobile developer focusing on iOS, Android and BlackBerry. However, the developers seem to have erased all traces from the internet.
At the time of writing, the section showing the project’s executives has been deleted from the site. Apart from their website, the team members have also seemingly disappeared from various places online. Its CEO and founder Ly Tran, along with other team members An Nguyen, Da Mach and Mai Dang can no longer be searched on LinkedIn and other social media outlets.
We all want to enjoy crypto for what it brings. But sometimes, one wonders if the regulators are right, in that investors do need to be protected from their own greed.
Cointelegraph editor Zhiyuan Sun contributed to this story.
Magazine: Crypto audits and bug bounties are broken: Here’s how to fix them