Is zkSync Becoming zkScam?

Millions of dollars worth of crypto has disappeared from investors' pockets in weeks from newly launched token generation events on zkSync. Read how I fell for one and tips to avoid being swindled.

Image by the author using dall-e

It’s ironic because many of us in crypto would poke fun at someone who falls for a Nigerian Prince email scam or falls in love with a stranger online and sends them money. Meanwhile, many of us entrust development teams who have done little to earn our trust in the hope of making fast profits on a token launch. And then, when they run off with our money, we feel bitter, cheated, and taken advantage of.

Such has been the case for many optimistic investors on zkSync. The chain has garnered a lot of hype on the back of the Arbitrum airdrop and its quickly growing total value locked. Unfortunately, the scammers and conmen are out in full force and they are doing a good job impersonating legitimate projects.

Millions worth of crypto have leaked out of ordinary investors' pockets in the past couple of weeks due to hacks, rug pulls, or “mistakes” by development teams on zkSync. It’s gotten so bad, I’m second-guessing involving any of my crypto on these new token launches on zkSync.

I want the potential upside like we saw with Velocore (luckily I got in on this and wrote about it: Major Token Presale on zkSync Tomorrow!)that quickly went up 10X from its presale price. But I also lost hundreds of dollars worth of Ethereum on the SyncDex scam.

It’s impossible to be perfect in crypto. Lack of regulation means that the most skilled people from the most trusted places aren’t building many of these platforms and it’s easy to con trusting investors out of their funds with fake promises and copying code and whitepapers. Nearly all projects in DeFi launch with anonymous teams and it’s often impossible to know if they are trustworthy.

In this post, I will share a few red flags I’ve noticed in recent zkSync scams and some ideas to help you not fall for the next scam because more are coming. Remember, we’re all learning this space together, and as I will share I make mistakes like many of you do as well.

Ruggers are going to rug

Image by the author using dall-e

Luckily, I didn’t have any interest or advanced notice about the Gemholics launch. Therefore, I can’t speak of any glaring red flags or warning signs. However, I have learned that the development team states they tested the platform on the Binance Smart Chain before launching it on zkSync. Since the two chains are different, the team claims they didn’t foresee the 900 ETH (worth approximately $1.7 million) being locked and inaccessible when they launched on zkSync.

Now, Gemholics investors are stuck in purgatory. They are wondering, “Will I get my ETH back? Are these devs just rugging us and lying in Telegram as they keep pushing out resolution dates? Why did I invest in this stupid project?” I hope the investors get their funds returned, but I don’t envy their position.

The one I fell for was filled with red flags, but I still fell victim to the dirty developers. Syncdex was planning a token launch and, to participate in the presale, investors had to stake USDC or ETH before the launch date. I visited Syncdex Discord and learned that other investors weren’t able to withdraw their deposits. The nefarious dev team said all deposits would be withdrawable after the token launch.

Trying to be clever, I deposited 0.01 ETH in the staking contract. “This way, I will be able to participate in the presale and if things go south, I’m only risking about $20,” I thought. Unfortunately, my cleverness was replaced with self-loathing. The team called off the presale and the platform had a withdraw button. I clicked the withdraw button to pull out my 0.01 ETH and quickly realized all the ETH in my wallet disappeared.

Next, I went to the Syncdex Discord to see what happened and when I realized their socials were all taken down, I knew I was out around $400 worth of ETH. I wanted to vomit. In total, Syncdex stole $370,000 worth of crypto from users like me.

The most recent rug occurred yesterday on Merlin. This was a heavily hyped project that was copying what Camelot has done successfully on Arbitrum. The whitepaper was descriptive. They had a large community. The platform looked professional. There was a Certik audit that showed no errors.

Merlin gave an option for investors to add liquidity to “core pools” before the token launch. Lucky for me, I wasn’t drawn in by the relatively low APRs. In hindsight, I’m not sure why the team didn’t offer higher APRs to attract more funds. However, some believe that it was only a member of the team who was corrupt and stole the funds.

Additionally, hundreds of ETH were raised during the token presale. Then, the news came that the liquidity pools were being drained. The dev team disappeared. Blockchain sleuths tracked the funds and audited the code and found that the code was corrupt and allowing the team to siphon all the funds in the LPs. Further, the ETH that was raised for the presale was gone. In total, $1.3–$1.8 million in crypto assets were stolen.

Today, saying that zkSync has some optics problems is an understatement. I’m going to be extremely cautious about any new token launches on zkSync.

Red flags to look out for

Image by the author using dall-e

It’s impossible to have 100% confidence in any DeFi project. Even if the team is honest, every project carries smart contract risk. And we know that audits aren’t that great at auditing. I’ve seen or heard of many audited projects rugging their investors. So, as investors, what are we to do?

You have several options. The safest is to avoid presales and token launches completely. You may miss out on the next ten-bagger, but at least you don’t have that uneasy feeling once you lock your ETH or USDC on the platform. If you recognize that you can lose all of your funds and aren’t comfortable with that, wait. There are thousands of projects in crypto to invest in and you don’t need to get in on the token launch to see massive gains.

If you are less risk-averse and more on the degen side, here are some ideas to help you avoid getting scammed. First, be sure to read the docs. If the project doesn’t have docs, it might be a good idea to skip it. If something in the docs doesn’t make sense, seems off, or you have questions (which you should when reading docs) then visit their Discord or Telegram page and ask questions.

If your question is answered completely on their Discord or Telegram in a knowledgeable way, this should instill confidence. Let me share an example. I was looking at Merlin and noticed they had a private sale. The docs didn’t say how much was raised or at what price. I asked on the Merlin Telegram how much was raised. A person from the team answered $425,000.

I did the math and that meant that private sellers were paying around $50 per token in the private sale. The presale starting price was $45. It didn’t add up because private sale buyers almost always get a lower price. If your question isn’t sufficiently answered or attended to, move on to another project.

Try to find out about the team. Many projects come off as deceptive when you ask about them. Some will answer plainly why they aren’t doxxed. For Syncdex, there was an AMA with one of the devs. I listened to it and it was awful. It made me not want to invest in the project at all. Even so, I still hit the withdraw button and had the ETH in my wallet stolen.

Don’t fall for airdrop incentives and if the sale is multiple days, wait until the end. Merlin had a three-day presale. The team rugged after day 1 of the presale. By waiting until the end of the presale, investors wouldn’t have lost their funds (in this instance).

If something in your gut makes you feel uneasy or doesn’t pass the smell test for any reason, avoid the project. It’s not worth the risk.

Things that make me more confident about presales

Image by the author using dall-e

I recently wrote an article, 3 Token Launches This Coming Week where I discussed three projects having presales this week. I would not feel comfortable writing about projects that I think have a chance of rugging myself or my readers. Therefore, I did extensive research on the three projects. Here is the logic behind why I wrote them up.

  1. I mentioned Cruize Finance because the team is completely doxxed. They even have a link to a bio page where you can access their LinkedIn accounts. They have already raised $500,000 in a private sale and openly explained the private sale pricing. The white paper and tokenomics are clear and make sense.

Further, Cruize Finance is being launched on Ramses Exchange. If an exchange is going to launch a token, they will typically do some due diligence to ensure their customers don’t get rugged. I trust the Ramses team so I felt comfortable writing about the project.

2. The second project I wrote about was GND Protocol launched on GMD Protocol. Its token began trading yesterday and the price has doubled in the first 24 hours. I read the docs for the project and didn’t completely understand them. However, I have been a longtime investor in GMD Protocol and I believe the development team has good and honest intentions.

The last thing a successful team wants to do is launch an unsuccessful token. This will hurt their original project and reduce trust and credibility in all of their projects. I saw no red flags (except that I couldn’t understand it) on this project and (happily) invested in it.

3. The final project I discussed was Reactor Fusion. This project was launched on Velocore’s launchpad. Velocore’s VC token launch went extremely smoothly and the team communicated clearly and delivered on their promises. Further, the Reactor Fusion team was KYC’d by Solidly during the audit.

Reactor Fusion is trading at a discount from its launch price, but this is a risk investors take when investing in a new platform. The team is building and the project is progressing and adding TVL.

Key Takeaways

Image by the author using dall-e

Every new project sounds awesome before the token launches. If they don’t, people won’t invest in them. Unfortunately, the scammers are very good at lying and marketing. They will say anything to get your crypto because there is no way to hold them accountable.

Never commit more funds to any DeFi platform than you are comfortable completely losing. This applies to presales and active platforms. I learned very harshly how it feels to have too much of my portfolio allocated on one platform and watch it get exploited.

Stick with your gut. If something feels off, shady, or questionable, skip it. There will be other opportunities and, maybe presales, aren’t the right fit for your investing profile.

Most importantly, perform due diligence. Don’t rely on Twitter, Medium articles, blog posts, YouTube videos, or tips from friends when it comes to risking your funds. I write and research consistently about crypto and I get things wrong, as I’ve mentioned in several of my articles. Don’t blindly trust someone else because DeFi is high-risk and high-reward.

Finally, share your knowledge. If something doesn’t seem right, ask about it. I explained in a Telegram how one project had unfair tokenomics and got booted out. The token is down 90% in a week. If one person read my comment, and it changed their mind, I am happy I wrote about it. If you have any other red flags or tips, please share them in the comments section.

I believe that everyone who reads my writing is on the same team. We can all benefit and get much further by sharing our knowledge, insights, and experiences.

I have not been paid or sponsored to write this article. I am investing in $GMD and $GND. I may take part in the Cruize Finance presale. I may also purchase $RF tokens but do not own any at the time of writing.

This information should not be taken as investment advice. Digital assets like crypto and NFTs involve risk, so you should always perform due diligence before investing.

Reply

or to participate.