The Anatomy of a Scam — Or How to Not Get Rugged

A post-mortem analysis of the first rugpull in Cardano history, likely worth over $1m, as well as how to spot the tell-tale signs of scams.

This post was adapted from a thread originally posted by @Flantoshi on Twitter

Prior to me becoming a flan on social media, there was another Cardano flan on Twitter — an evil, scammer flan. Naturally, I took this affront to the goodness of sugar and egg-based desserts quite personally, so I’ve decided to address the matter and clear the good name of flan.

This is the story and development of the FlanoSwap scam — a supposed DEX, an NFT marketplace, launchpad, token farm, and a wallet — along with advice on how to spot the next rugpull by analyzing the means they used into fooling the public.

It bears saying though that this article is more of a chronicle than a warning.

By now the trap has long been sprung, and there’s little else that remains about it except for digital dust and a string of disillusioned investors. It happened over the last quarter of 2021 and it perhaps has the dubious honour of being the first and largest Cardano rugpull to date, as they likely stole north of a million dollars in value!

Before we jump in though, it’s worthwhile to cover my ass a bit. Dissecting a scam carries with it the consequence that by explaining how something works, you’re also implicitly teaching someone how to improve in their lies.

While that may be the truth, this type of argument has gone on for centuries. Back in 1851, a locksmith and inventor by the name of Alfred Charles Hobbs showed the public how state-of-the-art locks could be picked.

Some in the wider public voiced concerns about this and he said “Rogues are very keen in their profession, and know already much more than we can teach them.” Security in obscurity just does not work, as evidenced by the fact that this rugpull happened in the first place.

Hence, it is only through educating the public that we can make meaningful strides in averting catastrophes. To that end, it’s worth breaking down how these scams work and just for good measure I’ll restate:

FLANTOSHI HAS NO RELATION TO FLANOSWAP IN ANYTHING ELSE OTHER THAN APPRECIATION FOR THE DESSERT

Meeting my Flanemy

In December of last year, I decided that I wanted to open a Twitter account for my surging Cardano interest. The problem was what to name it. And if there is anything that you ought to know about me is that I love wordplay and bad puns, the cringier the better.

So, naturally, my account name turned out to be a bad pun based on a name I was already using online plus Satoshi. Thus @Flantoshi was born.

However, it then occurred to me that there might be other flan-based people on Cardano, as for instance, on ETH a lot of the good commenters are pastry-based, for some reason. It thus wasn’t out of the realm of possibility that different chains could have other dessert-based commenters; after all, crypto works in mysterious and confusing ways. With these looming background doubts, I decided to do some research and see whether I would be shooting myself in the foot by trying to cook up a flan account.

Much to my chagrin, I did find someone already with a flan-based name — FlanoSwap, a top of the line Automated Market Maker DEX. I was ready to concede defeat, as it was a massive account with over 5,000 followers. Yet, they hadn’t posted in over two months, and people kept calling it a scam in the comments.

I was intrigued, so I began to do some digging. Now, if you were to judge a book by its cover, it’s easy to understand why individuals fell for the scam. The website looks slick, with nice animations and they have almost everything you might expect, like a White Paper, Press Releases, a Github, blogs and a large organic presence on just about any social media website you might think of.

For all intents and purposes, it looked like the real deal.

Yet something didn’t quite sit right with me. I wasn’t able to outright prove it was a scam with a cursory look, but at the very least the developers and marketing people seemed to have disappeared under mysterious circumstances at some point, months before, in October (which for crypto standards is about half a century).

So I decided to go through with it and started publishing under the Flantoshi pseudonym, despite the risk that they might come back and overshadow me at any second. Fortunately for me, it did not happen.

Now that Flantoshi has grown in its own right, I’ve had this spectre looming behind me though. Obviously, with hindsight, it’s easy to call the project a scam, but how would you have gone about identifying a rugpull before the trap was activated?

The Sniff Test

A horrible, horrible bias that our brain has is that we always assume “if it looks like a duck, if it walks like a duck, if it quacks like a duck, it must be a duck.” At its core, that’s what our brains evolved to do — to find patterns in nature and be able to predict outcomes based on knowledge and experience.

Nevertheless, that’s exactly what scammers rely on. They take your biases and preconceptions about how the world works and use them against you.

Going back to the website, it should have been obvious that some stuff was off. But most people did not notice it. In fact, in my research, I found some of the more illustrious names on Twitter accidentally promoting FlanoSwap.

I’m not going to name and shame them, there’s no possible way they can go through every project in detail, especially in the early stages. But it does go to show that “doing your research” is far from a meme, and you should not just blindly assume influencers are all-knowing beings.

In either case though, if you start scratching past the nice, glossy website you can start noticing some curious things.

(A note before we continue though, since the scammers have scrubbed a lot of content from the web, including the website, to write this article, I often depended on web archives like the Wayback Machine, and what the close to dozen Telegram groups were saying to reconstruct things. It’s also worth mentioning that the comments that are still on Telegram are the ones that survived the banwaves, so the actual flow of information might have been more dramatic than we can now tell at this stage.)

The first sign that something might be off is the ‘Engrish’ on display. It shows that they’re either non-native speakers or didn’t hire a good copywriter. Now, this isn’t an immediate disqualifier, but it isn’t necessarily a good look.

I don’t know whether it was deliberately done here, due to the different target audiences and the mechanism at work to gain people’s money. But in the infamous “Nigerian Prince” scam emails grammar mistakes are deliberate. The reason this is so is that smarter users are likelier to get put off by the bad English, and thereby deduce it’s a scam. The grammar mistakes act like a funnel so that scammers only interact with the most gullible and less internet-savvy people.

In either case, if you scroll down past the main page you’ll eventually stumble on the team’s section. It looks just like any other team tab until you read and look at the pictures.

Notice anything curious?

Besides fitting the stereotypes of what you would expect every person to look like according to their role, their bios are meaningless. They have no actual verifiable information, it’s as if they lived in this strange void where FlanoSwap was the only thing in existence — there are no universities, no prior work experience, no prizes, nothing.

There’s also no attached LinkedIn profile at all, it’s almost as if these profiles were made up! But how would you avoid someone reverse image searching your photo and finding out that you had used stock images?

You don’t use real people!

There’s a website called www.thispersondoesnotexist.com which generates photos of individuals via machine learning algorithms. It’s gotten quite good over time, though occasionally it does give wonky results.

This is how you can fake an entire team overnight. 

However, it seems that people connected the dots rather quickly as that portion of the website disappeared within a few days.

Since we’re on the topic of phantom employees though, might as well follow the few breadcrumbs that are there and check out FlanoSwap’s LinkedIn. The first red flag is that their company profile is barebones, and they claim to have over 10,000 employees — an absolutely absurd number considering that would put it at roughly the size of the videogame retailer Gamestop.

Then, they have a single employee listed, who judging by their listed experience of being a community manager and having some menial secretarial roles prior, I’d honestly just chuck it to being an overzealous freelancer, and not the actual scammer’s profile.

If we go back to their website, one of the other key things mentioned is their Github, which if you bother to check, you’ll notice it’s empty. It was created on the 14th of August and besides a few meaningless contributions on that day, there isn’t even an attempt at code.

The reason for this is simple, their scam relied on you seeing that there were links to things and assuming that if they were presented earnestly they must be on the up and up. In other words, the success of this scam necessitated that people would be too lazy, disinterested or too trusting to bother to check.

Even a cursory exploration of any of these elements should have had alarm bells ringing, and it did, for a handful of users. But the vast majority of people were distracted by other things happening — it was like a magic trick reliant of sleight of hand and misdirection.

Make them Drink Kool-Aid

Running a crypto scam is a bit like running a cult, but you have to do this while making it seem like you’re open to criticism. Fortunately for scammers, many of the well-accepted practices of crypto are already quite cult-like so you can easily slip under the radar even if you push it further than most.

To start with, there’s the Ponzi-esque nature of value creation, where the projects mainly appreciate in price by others evangelizing about it, or potential investors getting Fear of Missing Out (FOMO). Even back in the early Bitcoin era days, this was something that Satoshi Nakamoto, the founder of Bitcoin, talked about:

“As the number of users grows, the value per coin increases. It has the potential for a positive feedback loop; as users increase, the value goes up, which could attract more users to take advantage of the increasing value.”

In other words, every active member of a crypto project is incentivised to “talk their book” and evangelize in its name. In the traditional finance world, people tend to be limited on what they can publicly say, as Elon Musk constantly keeps finding out whenever he has trouble with the Securities Exchange Commission (SEC) for his tweets.

So what scams do is take this exact same feedback loop but turbo-charge it. In this case, it was via referral codes. If you brought a certain number of users in, you were paid 15 Flan tokens. This prompted social media to be flooded by people singing the project praises and giving their referral codes.

Then, once they were in the spider’s web, FlanoSwap began controlling the narrative. This can be done via subtle means.

For instance, something that only recently occurred to me when looking back at their Medium blogs is that one of their posts called out someone trying to scam others on Ethereum by pretending to be them.

This is not uncommon, often the easiest way for a scam to piggyback off of a project’s efforts is to take their marketing and work and make it seem as if they’re also available on another blockchain. That’s why you see Bored Ape derivative NFT knockoffs (sometimes just outright stealing the artwork) on just about every blockchain.

It’s happened within the same network as well, the DeFi lending protocol Meld recently flagged that someone had minted Cardano tokens with their exact same ticker and deployed a liquidity pool for speculators to trade on Sundaeswap, in the hope people would not do due diligence and mistake the fake tokens for the real deal.

However, I don’t think that was the case with FlanoSwap. Here’s a conspiracy theory, what if there weren’t external scammers trying to scam FlanoSwap investors and the FlanoSwap team made it all up? Why would someone do this to themselves?

By mid-August, when their Ethereum scammer warning popped up if you searched on Google for “FlanoSwap Scam” there were already worrying results on the first page of people warning others not to invest. It’s my theory that they were trying to front-run the results. So that if you searched for the term, you would instead bump into their articles.

This is a masterstroke in terms of controlling the narrative. So much so, that PR companies actually have it as a service where you pay them a few thousand dollars, and they’ll write puff pieces to hide any embarrassing stories you might have. If it’s no longer on the front page of Google search results, it might as well not exist.

FlanoSwap, while it looked slick, seemed to have worked on a budget, so they did not opt for astroturfing on that scale. Irrespective of this though, their Medium piece muddied the waters, and thus when people asked “Is FlanoSwap a scam?” the evangelists could answer “no, those were some other scammers trying to profit out of the FlanoSwap name, look at this post where they explain it.”

It didn’t help matters either that the Telegram channels limited external links, ostensibly to avoid scammers. But in the end, the result was that their narrative was strongest, and anyone who disagreed was banned.

Furthermore, at some point, the people who had fallen victims to the scam were too deep to ever concede they might have been duped. To claim your flan rewards via the wallet, you also had to doxx yourself, as in give all manner of private information, including full name, government ID, etc to this nebulous scammer group.

Some individuals valued this information so little that they even posted it freely on Telegram! (I’ve taken the liberty to edit their personal info, despite them not caring about their privacy, I do.)

Imagine how much damage the scammers can still do with the potentially thousands of people that they signed up to their scam.

In other words, if people were aware of the magnitude of leverage that they had given FlanoSwap over them (they even divulged seed phrases), their self-preservation instincts kicked in and the mental gymnastics started.

Have you ever gone somewhere or done something that wasn’t pleasant but you did it anyway as the experience was already paid for? That’s the sunk cost fallacy at work, where the more you’ve invested, the likelier you are to overcommit resources to it, in the hopes that you recoup your original investment.

As such, FlanoSwap had a mechanism to lure investors in via social ties, and then once they were in, they were given the tools to defend the project, or else they might be hit with unimaginable buyer’s remorse.

But you can only contain truth for so long.

Eventually, the vocal and rebellious minority started finding ways around the automatic link filters and the narrative started to break, even with the evangelists furiously typing away. The thing that might have pushed it over the edge was @BigpeyYT’s thread which got shared past the spam filters.

This was like a bomb that destroyed most defences and woke many of them up to realize the large scale damage that the project was doing. Even so, though, the diehards stayed for months thereafter and still kept trying to onboard people right up until the very end when the scammers had long since left.

Under the Hood

Have you ever wondered what it takes to get those “As seen on MSNBC, Fox News, etc” badges you sometimes see on websites, no matter how scammy?

The obvious answer is that you could just as well lie, I mean, who’s gonna check? As we’ve seen, scams rely on laziness and merely the appearance of looking proper.

That’s one way to do it, but there’s an easy way to legitimately gain mainstream acceptance overnight — pay for it! It’s actually surprisingly easy to get onto such places, some PR companies’ websites even list this as a service, this was the copy of the first Google result on the topic:

“Get Featured On FOX, USA Today and 200 news sites

Get published on our network of over 200 influential news sites that receive 100 million visitors every month for a massive boost in exposure and search rankings.”

Total cost? The basic package is $195, which guarantees you’ll get published on all these sites within the next five days and that you’ll get the “Website trust badge.”

Hell, wanna do it for free? Shitpost enough and you might accidentally get featured. Perhaps my proudest achievement from a Twitter perspective, with another account, was getting featured on MSNBC. Yes, the piece was critical of the joke I made but does it really matter when I can say I’ve been featured there? Is anyone going to check what the article says?

However, getting featured organically involves work and luck. If you want to do it consistently and for cheap, by far the easiest way is to write up a press release and publicize it via a newswire distribution network service like GlobeNewswire.

In other words, you can write up whatever garbage you want, and nobody will double-check it, but it’ll look quite official. Then, for the basic tier, you pay $150 and you’re off to the races.

This is the means that FlanoSwap used and their press releases are still up to this day. Bears saying though, they’re far from the only organization to do this. Remember the fake news story in September of last year of Litecoin being adopted in Walmart stores?

It pumped up the price of Litecoin by 20% and then when Walmart said the story wasn’t true, it came crashing down. Of course, when confronted about the matter, a spokesperson for GlobeNewswire said the following:

“This has never happened before and we have already put in place enhanced authentication steps to prevent this isolated incident from occurring in the future […] We will work with the appropriate authorities to request — and facilitate — a full investigation, including into any criminal activity associated with this matter.”

All in all, it was a spectacularly well-executed scam, as it’s difficult to trace, given that you’re profiting off of changes in perceptions in a product via short selling, and thus not outright stealing traceable assets from people.

FlanoSwap, on the other hand, was a bit more hands-on in their scam.

Cards on the table, I’m an economist, and while technologically literate, I’m not someone who knows how to code (hell, I could barely hack the HTML for Myspace pages back in the day). So when it involves looking at the code’s behaviour for the technical side of the scam, I’m primarily going to rely on the research done by @BigpeyYT, who went into detail about the FlanoSwap scam in a thread.

In short, the so-called “FlanoWallet” seems to have been little more than a means to collect seed phrases from people. It gets murky as to how complex the system was, as while BigPey claims that there wasn’t any wallet interface beyond the portion that collected seed phrases, some users did post screenshots of it on Telegram, though admittedly those might have been fake users.

Be that as it may, once they seemed to establish authority and legitimacy, FlanoSwap used the opportunity to take advantage of people’s trust and take in funds via their seed funding round, and also stole investors’ seed phrases.

Then, on October 18th they claimed their site was undergoing maintenance and would be off, and they never came back up again.

They had vanished!

Aftermath

As far as I can tell, nobody was ever caught, and the seed investment round alone was 300k ADA, at a time when it had reached its all-time high of $3. So, conservatively speaking, the scam netted them well over one million dollars, plus whatever contents there were of the wallets whose seed phrases they managed to scam.

In addition, they have all the KYC information, including photos and IDs of potentially hundreds, if not thousands of people. They could potentially open accounts and credit lines in their name, for years to come.

Giving access to your personal data to a scammer might be something you never fully recover from.

As for the community, it would seem that some did receive some FLANO tokens at some point. If you check DEXes like Sundaeswap, you can see some people have tried to establish a liquidity pool for their tokens.

In other words, some of the victims of the scam are trying to make others purchase their garbage, so as to hopefully break even. Judging by the size of those liquidity pools, of a few thousand dollars, it’s just a handful of people. But it’s aggravating to think that victims who were themselves scammed would have so little empathy, as to want to scam others for them to make some money.

Conclusion

As a ghostwriter, I’ve occasionally ended up working with projects where I don’t know to this day whether they were just inept or they were scammers. Sometimes projects fail simply because most businesses fail, and I wouldn’t necessarily classify that as a scam.

Intent, rather than an ability to deliver, is the main thing I would use to classify a scam. In the case of FlanoSwap, for all the aforementioned reasons, I would say it was indubitably a scam.

Early on, it’s difficult to tell frauds apart from genuine projects. Crypto is the wild west, amateurs are the norm rather than the exception. So it pays to wait until they’ve proven themselves, and you’ve verified the team is competent.

Not only that, but it’s worth being sceptical of anyone, even if they look fairly well polished. Scammers rely on your laziness and camouflaging themselves as something they aren’t.

This doesn’t mean you should be paranoid and never invest in anything, but you should be very careful about whom you give your money to. “Trust but verify” should be your motto, especially when in crypto.

And it bears saying, take anything people say about a project (especially if they stand to financially gain from it), with a pinch of salt.

Pay attention to the squeaky wheels, the perpetual wet-blankets who say the most uncharitable things. While they’re little fun to listen to, they’re often an invaluable warning system that something might be wrong in a project.

All in all, way too many individuals were willing to go down with the ship instead of cutting their losses. To an almost comical degree, unpaid shills defending the project gave the scam enough time to organize their exit. Their last post was mid-October, and there were still people saying “Let’s be patient till January before we can conclude either if it is a scam or not” weeks after on the official FlanoSwap Telegram

Think for yourself, don’t take people at their word, be cautious, and don’t put yourself in a situation where a single mistake could cost you your net worth (at a minimum, don’t have everything in a single wallet).


If you’re in the crypto or in the traditional finance industry looking for someone to ghostwrite content for you, please do not hesitate to message me. I’m a full-time ghostwriter.

Join the community over at @flantoshi on Twitter.

And if you would like to support this project and help me pay rent, I’ll pass on the tip hat and you can send ADA to:

addr1qxfgs44d763uuw4hy6qatx383v9mmrrm6qazay6eren9sp5r2usruecwv33lp2t2nqp4ss6hrc9ac8yd2klxnsfnxz2qw3su4s

Thank you for your support!

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts