Original Text | NFTethics
Compiled by | Odaily Planet Daily
If you are a fan of Meme coins, you must have heard of the hottest project this year, PEPE, and may have also heard related wealth myths. For example, some so-called "Smart Money" addresses spent $100 to buy into PEPE at the beginning and never got off, eventually earning tens of thousands of times (chain data can confirm this).
Why can't ordinary people be the first wave of people to get on board and grab the "thousandfold coin"? Because, in such projects, the most profitable are only the operators, who can buy at the bottom and escape at the top; and even the original intention of such Meme projects is just to help launder some dirty money.
Recently, X platform (formerly Twitter) user "NFTethics" published multiple long articles, confirming the true identity of the operator behind PEPE through meticulous on-chain analysis and various evidence. The key points of the tweets are summarized as follows:
In November 2021, the funds of the Rug Pull project AnubisDAO were laundered through the popular PEPE project this year, and the anonymous and well-known DeFi investor Sisyphus was behind the scenes.
Sisyphus's real identity is Kevin Pawlak, the head of OpenSea Ventures, who now lives a luxurious life.
Sisyphus (i.e. Kevin Pawlak) is the true leader behind the AnubisDAO project. He obtained the private key of the project manager through hacking and transferred the funds, successfully finding a scapegoat and escaping punishment.
The latest news is that an OpenSea spokesperson responded to the matter: "Kevin Pawlak resigned in June 2023. During his time at OpenSea, his scope of work was limited, and he held a non-management position. We do not know if he was involved in the AnubisDAO Rug incident. In addition, we have no connection with the related project, nor do we have any relevant information, as these projects were conducted before he joined OpenSea."
1. Anubis project's Rug funds laundered through PEPE
Let's go back to November 2021. AnubisDAO, a copycat project of OlympusDAO (token ANKH), raised 13,256.4 ETH (worth about $57 million at the time) after conducting an LBP (Liquidity Bootstrapping Pool). However, the management soon discovered that these funds had been transferred to another new address, and at that time the LBP had been running for 20 hours and had not yet reached the end time.
What role does our protagonist Sisyphus play in AnubisDAO? On the surface, he is the project's public relations ambassador, but in secret, he is the mastermind (as will be explained later).
The day before the AnubisDAO funds were taken, Sisyphus was still vigorously promoting the project in the Discord community, claiming to have bought $420,000 (remember this fact, it's important), and that he would buy more in the future. To dispel everyone's concerns, Sisyphus also claimed that the project would never Rug, even if the development did not go smoothly, everyone would eventually get their principal back.
(Sisyphus community marketing recording)
As a result, the project really Rugged the next day. Sisyphus immediately wrote a long essay, absolving himself of responsibility, while also claiming to have been in contact with law enforcement agencies in the United States and Hong Kong, urging the hacker to return the money as soon as possible. After that, Sisyphus disappeared and no longer updated any AnubisDAO-related news, as if the $420,000 was really just a small amount of money.
Of course, the hacker did not return the stolen funds from AnubisDAO. Over the past two years, these stolen funds have been continuously transferred to various coin mixers and platforms without KYC. One of the wallets (Anubis Rug 3) interacted with the Seychelles-based platform FixedFloat—this wallet's Gas was sent by FixedFloat. As shown below:
(Anubis Rug 3)
Interestingly, the initial funds of the early holders of the PEPE project also came from the FixedFloat platform, such as Zach Testa (account: DegenHarambe) and Max Zim (account: SumFattyTuna). Especially Zach Testa, who bought in just a few minutes after the PEPE token contract was released on April 14, and then tweeted about the project; three minutes later, Max Zim immediately retweeted the tweet and also bought PEPE. The whole process seemed very smooth, as if it had been rehearsed.
The relationship between Sisyphus and Zach Testa and Max Zim is very close, and there are reports that Zim is Sisyphus's former roommate. Before the AnubisDAO Rug, Sisyphus's wallet had interacted with Zim through transfers; and the two had even participated in a program interview together—Sisyphus did not appear in person.
(Wallet interaction record)
On April 17, Sisyphus tweeted, "Someone turned 0.02 ETH into 63 ETH over the weekend with a token called 'pepe'," and posted an address starting with 0x5DD. Zim immediately responded to Sisyphus's post, and the two interacted.
Interestingly, the address starting with 0x5DD received initial funds from the FixFloat platform on April 7. Also on April 7, another version of the "PEPE" token (referred to as aPEPE to distinguish it) was released, with the same contract and early holders as the currently well-known version of PEPE. For example, Zim bought in at the beginning of aPEPE on April 7—but in a later community interview, he claimed he had never heard of PEPE before. It seems that from the beginning, Zim knew that the PEPE coin was going to rise.
(Zim claiming to have heard of PEPE for the first time on a program)
These coincidences are far from the only ones. When the Anubis Rug 3 wallet transferred 3000 ETH, Zim's wallet address began interacting on-chain to buy PEPE; and the investigation found that when wallets associated with Anubis Rug were active in transferring, Zim's wallet seemed to be conducting operations related to PEPE.
(Zim wallet active in sync with Anubis Rug wallet)
In addition, the Anubis funds were mainly laundered through platforms like Stake; and the wallet addresses related to PEPE also transferred a large amount of funds to Stake after the launch of PEPE on April 14, and then from Stake to FixedFloat. Furthermore, most of the stolen Anubis funds were transferred out between March and July this year, which basically overlaps/synchronizes with the growth cycle of PEPE. There is a deep connection between the two, and the stolen funds may have been laundered through the hype of PEPE.
As for the complete whereabouts of the stolen Anubis funds, it will require joint action from CEX and OTC platforms—some of the funds flowed into platforms that require KYC. Whether the stolen Anubis funds are related to the hype of PEPE still needs more evidence for verification.
Adding a detail, in August of this year, there was internal discord within the PEPE team, where several former members privately removed multi-signature permissions and sold tokens, and the official announcement was vague.
2. Sisyphus leading Anubis and orchestrating the Rug
Blogger "NFTethics" obtained internal chat logs of the team members a few days before the Anubis funds were stolen.
Based on the investigation and reasoning, it seems that Sisyphus is the true mastermind behind the project, and almost everything requires his approval and signature, including the exact wording of each tweet and every technical/financial issue. And it seems that the Rug Pull of the project was also orchestrated by Sisyphus himself, successfully making another member, "Beerus," take the blame.
(Team roles)
In the team's division of labor chart, Sisyphus positions himself as "responsible for external public relations and helping to unite DAO members," but in reality, he is the one giving orders.
Team member "AureliusBTC" said in the chat, "None of us really understand LBP (Liquidity Bootstrapping Pool), but as long as Sisyphus understands, it's fine." When another member, "Beerus," posted an announcement about a new member joining Anubis, Sisyphus immediately instructed him to delete the tweet, and Beerus complied. Additionally, in the chat logs, Sisyphus mentioned that he had contact with Alameda Research (a crypto company under SBF) and that they also bought the ANKH tokens of Anubis.
(Sisyphus explaining LBP-related matters)
Let's turn our attention back to the incident of Anubis's liquidity being drained. After the event, Sisyphus claimed publicly that "DAO members agreed to let Beerus deploy the LBP because they either didn't have time or didn't want to take responsibility." However, there is no evidence in the internal chat to support this claim— in fact, Sisyphus initially mentioned that they were using the "best multi-signature ever," but later in the chat, he said he couldn't sign the authorization—so it is speculated that he may have changed the original multi-signature to be solely controlled by Beerus, setting the stage for the later attack. The timeline of the story is as follows:
Late on October 28, Sisyphus mentioned that he was going to sleep and planned to sleep for 6 hours, with the last message staying at 00:16;
The next morning, when he joined the chat, it was 07:18, and he answered a few questions in the group;
At 07:20, the email of "Beerus," who had the LBP management authority, received an email from Sisyphus's email address—containing a PDF with SAFT (Simple Agreement for Future Tokens)—Beerus mentioned after the incident that this PDF contained a Trojan virus, damaging his computer and stealing the LBP management authority;
At 07:26, Sisyphus communicated with Beerus for a while and reminded him to stay alert until the end of the LBP, continuing the conversation until 07:44, with 4 hours left until the end of the LBP;
At 07:48, the LBP funds were depleted, and all the ETH was withdrawn from the management account to a new address, leaving behind a pile of worthless ANKH tokens.
According to the post-event investigation, the smart contracts of Copper platform and Balancer were not breached or tampered with. In other words, either Beerus's wallet account was invaded as he claimed, or he orchestrated it himself. And Sisyphus claimed that his email address had never sent that email.
(Beerus claiming to have received the virus email)
So, who is lying? We can infer from some indirect information. First, not only Beerus received the email, but other VC contacts also received it— the difference is that Beerus received the PDF email at 07:20, while others were late by half an hour, some even several hours late. One possible explanation is that the attacker mass-emailed to confuse the attack targets, and also reserved time for Beerus to open the PDF and attack the computer in advance.
Furthermore, after analyzing the other received PDFs, there were no visible anti-deception warnings. SPF does not mark Gmail addresses unless the address is not actually from Gmail; based on the photo, it is very likely that the address did send the actual email. In other words, these emails were really sent from Sisyphus's real email address— and Sisyphus adamantly claimed that he did not send the email, and even pretended to ask "what does this mean" in the group.
Additionally, the analysis of other people's emails found no Trojan virus— in fact, only Beerus's may have had the virus, and he also submitted his computer to the Hong Kong police to prove his innocence (there have been no recent developments, and the incident seems to have been unresolved).
The question is, how did the attacker know that Beerus had control of the LBP management authority? Apart from some insiders, no one knew that Beerus was the (sole) person with control. In fact, Anubis team member Convex mentioned in the group chat, "Why would Beerus even receive malware? It doesn't make sense for him to be the target. It is well known that I and aureliusBTC are the developers, and it's more like we have control of the private keys. Outsiders have no idea about Beerus's specific situation."
Interesting enough, Sisyphus also asked Beerus, "Buddy, what did you click on?" At that time, Beerus had not yet revealed to everyone that he had clicked on the malicious email PDF, and no one else knew, so how did Sisyphus know?
After the LBP liquidity pool was drained, Sisyphus accused Beerus of orchestrating the Rug on the project and said, "You've ruined my reputation." Additionally, Sisyphus also posted the attacker's IP address and mentioned that it came from Hong Kong where Beerus resides— in reality, this IP address comes from a third-party VPS provider, which can rent servers in different regions and is not of reference value. Later, Beerus's real identity was exposed by investors, revealing that he is the son of a well-known figure in the Hong Kong horse racing world, Zhang Shunzheng, at the age of 19.
There is another detail, the earlier mentioned early participant in PEPE, Max Zim, also participated in the Anubis sale. Afterwards, he defended Sisyphus on Twitter, as the two have a close relationship.
3. Sisyphus opens another account, real identity is OpenSea Ventures executive Kevin Pawlak
As we mentioned earlier, Sisyphus, who claimed to have invested $420,000 in the Anubis project, was not at all disheartened after the Rug of the project. After posting a short essay to absolve himself of responsibility, he no longer paid attention to the subsequent developments.
On November 6 (one week after the attack), Sisyphus opened another account on Twitter under the pseudonym "0xMagallan" (now deactivated). This account has been unusually active over the past two years, with over 5000 posts, participating in various project promotions, and containing two wallet addresses, ferdinand-magellan.eth and ukrainedonations.eth.
In fact, Sisyphus (Kevin Pawlak) has many controversial aspects. For example, he once purchased the expensive NFT Etherrock 72 and fractionalized it into PEBBLE tokens using the NFT fractionalization protocol Fractional, and sold it at a very high premium. The price of the PEBBLE token in ETH terms plummeted by over 99% from its peak. The project has been shut down in 2023, ending all operations; the official website of PEBBLE, pebble.xyz, has also expired and is in the selling phase.
It seems that no one has ever seen the real identity of Sisyphus or 0xMagallan, and there is no related information online. However, "NFTethics" confirmed his real identity through various on-chain information and multiple sources, as OpenSea Ventures executive Kevin Pawlak.
Kevin Pawlak
Firstly, the timestamps on the pawlak.eth and sisyphus.eth addresses completely match. On-chain data shows that they both minted Zorbs (ZORB) within a 1-minute interval, and they also minted sismo.eth DAO (SDAO) within a 10-minute interval, with other on-chain operations also having very short intervals, indicating that the accounts are active at the same frequency.
Interestingly, Kevin Pawlak often uses the pseudonym "Sisyphus" to post some critical posts about OpenSea—perhaps to exert some pressure on them to launch a project from which he can benefit the most, or perhaps just to vent his complaints.
More people, including The Block journalist Tim Copeland, have confirmed that the real identity of Sisyphus is indeed Kevin Pawlak— in fact, his identity is well known in small circles. Now, he has renamed his wallet to pawlak.eth. The wallet address is: 0xBB5BB336d1Db8471B77F936C210B15fa2A5b3cbb.
Kevin Pawlak is very intelligent, a semifinalist in the Intel Science Talent Search, with a degree in chemical engineering, aspiring to be a surgeon/scientific researcher, but people who know him have mentioned his dark side: ruthless, unethical, antisocial, and capable of lying without remorse or regret.
Last October, Kevin Pawlak purchased another property in New York for $3.3 million. According to sources, Kevin Pawlak recently purchased a Rolls-Royce and a Lamborghini in France (worth over $1 million) and privately boasted about his wealth and luxurious lifestyle.
(Kevin Pawlak's new house)
Currently, Kevin Pawlak (Sisyphus) has not responded directly to the external doubts. If there are any new developments, Odaily will be the first to report.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
