Unveiling the manipulator behind the PEPE 10,000-fold myth: He pulled up the stock market to launder the funds for the Rug Pull project and now buys luxury cars and lives in luxury houses

PANews · 2023-10-10T10:13:01.000Z
Original text |NFTethics Organizing | Odaily Planet Daily If you are a Meme coin enthusiast, you must have heard the name of this year’s most popular project, PEPE, and you may have also heard the related wealth myths. For example, some so-called "SmartMoney" addresses spent US$100 to buy PEPE since its issuance and never got off, eventually earning tens of thousands of times (on-chain data can confirm). Why can't ordinary people be among the first to get on the bus and grab the "10,000 times the coin"? This is because the most profitable projects of this kind are only traders, who can buy at the bottom and escape at the top of the mountain; even the original intention of creating this kind of Meme project is just to launder some black money.
Original article | NFTethics
Compiled by | Odaily Planet Daily
If you are a Meme coin enthusiast, you must have heard of PEPE, the hottest project this year, and you may have also heard of related wealth myths. For example, some so-called "SmartMoney" addresses spent $100 to buy PEPE at the beginning of its issuance and never got out of it, and eventually earned tens of thousands of times (which can be confirmed by on-chain data).
Why can't ordinary people be the first to get on board and grab the "10,000-fold coins"? Because the most profitable people in this type of project are the traders, who can buy at the bottom and escape at the top; even the original intention of establishing this type of Meme project is just to help some black money laundering.
Recently, the X platform (formerly Twitter) user "NFTethics" published several long articles, through careful on-chain analysis and various supporting evidence, confirming the true identity of the operator behind PEPE.
To summarize the key points of his tweet, they are as follows:
1. In November 2021, the funds of the Rug Pull project AnubisDAO were laundered with the help of this year's popular PEPE project, and the person behind the scenes was the anonymous and well-known DeFi investor Sisyphus.
Second, Sisyphus’ real identity is Kevin Pawlak, the head of OpenSeaVentures, who now lives a lavish life;
3. Sisyphus (Kevin Pawlak) is the real leader behind the AnubisDAO project. He obtained the private key of the project manager at the time through hacking and transferred funds. He successfully found a scapegoat and "passed the buck" and is now at large.
The latest news is that an OpenSea spokesperson responded to this matter: "Kevin Pawlak left in June 2023. During his time at OpenSea, his work scope was limited and he held a non-management position. It is not known whether he was involved in the AnubisDAO Rug incident. In addition, we have no connection with the related projects and no relevant information because these projects were carried out before he joined OpenSea."
1. Anubis project Rug funds were laundered with the help of PEPE
Back in November 2021, OlympusDAO's copycat project AnubisDAO (token ANKH) raised 13256.4 ETH (worth about $57 million at the time) after conducting LBP (liquidity bootstrapping pool). But soon, the administrators discovered that the funds were transferred to another new address, and the LBP had been going on for 20 hours and had not yet reached the end time.
What role does Sisyphus, the protagonist of our story, play in AnubisDAO? On the surface, he is the project's ambassador, but secretly he is the leader (which will be introduced later).
The day before AnubisDAO funds were swept away, Sisyphus was still promoting the project in the Discord community and claimed that he had already bought $420,000 (remember this knowledge point, you will be tested on it) and would buy more in the future; and, in order to dispel everyone's worries, Sisyphus also said that this project would never Rug, and even if the development was not smooth, everyone would get their principal back in the end.
As a result, the next day, the project really crashed. Sisyphus immediately wrote a long essay to shirk his responsibility, and said that he had contacted law enforcement agencies in the United States and Hong Kong, China, and called on the hacker to return the money as soon as possible. After that, Sisyphus had no further news, and no longer updated AnubisDAO related news, as if $420,000 was really just a small amount of money.
Of course, the hacker did not return the stolen funds from AnubisDAO. In the past two years, these stolen funds have been continuously transferred to various mixers and platforms that do not require KYC for laundering. One of the wallet addresses (Anubis Rug 3) interacts with a Seychelles platform that does not require KYC, FixedFloat - the wallet gas is sent by FixedFloat. As shown below:
Interestingly, the start-up funds of the early holders of the PEPE project also came from the FixedFloat platform, such as Zach Testa (account: DegenHarambe) and Max Zim (account: SumFattyTuna). In particular, Zach Testa bought the PEPE token contract just a few minutes after it was released on April 14, and then posted a project tweet; 3 minutes later, Max Zim immediately retweeted the tweet and also bought PEPE. The whole process looks very smooth, as if everything looks like it was rehearsed.
Sisyphus has a very close relationship with Zach Testa and Max Zim. It is reported that Zim is Sisyphus’ former roommate. Before AnubisDAO Rug, Sisyphus’ wallet had transferred money with Zim. Moreover, the two also participated in a show interview together - Sisyphus did not appear in person.
On April 17, Sisyphus tweeted, “Someone turned 0.02 ETH into 63 ETH over the weekend using a token called “pepe”,” and posted an address starting with 0x5DD. Zim immediately responded to Sisyphus’ post and the two interacted.
Interestingly, the address starting with 0x5DD received the start-up funds from the FixFloat platform on April 7. In addition, on April 7, another version of the "PEPE" token (called aPEPE for distinction) was also launched, with the same contract and the same early holders as the currently familiar version of PEPE. For example, Zim bought aPEPE at the beginning of its sale on April 7 - but he said in a subsequent community interview that he had never heard of PEPE before. It seems that from the beginning, Zim knew that the PEPE coin would rise.
The coincidences are far more than the above. Two minutes after the Anubis Rug 3 wallet transferred 3,000 ETH, the Zim wallet address began to interact on the chain to buy PEPE; and the investigation found that when the wallet associated with Anubis Rug was in an active transfer state, the Zim wallet seemed to be performing operations related to PEPE.
In addition, Anubis funds were mainly laundered through platforms such as Stake; and the wallet addresses of funds related to PEPE also transferred a large amount of funds to Stake after the launch of PEPE (April 14), and then transferred from Stake to FixFloat. Moreover, most of the stolen funds from Anubis were transferred out between March and July this year, which basically overlapped/synchronized with the growth cycle of PEPE. There is a very deep connection between the two, and the stolen funds may have been laundered through the hype of PEPE.
As for the complete whereabouts of Anubis’ stolen funds, some CEX and OTC platforms need to work together - some funds flowed into platforms that require KYC. Whether Anubis’ stolen funds are related to PEPE hype requires more evidence verification.
To add one more detail, in August this year, there was an internal conflict within the PEPE team. Several former members privately deleted the multi-signature permissions and sold tokens. Finally, the official issued an ambiguous announcement.
2. Sisyphus leads Anubis and designs self-propelled Rug
Blogger "NFTethics" obtained the internal chat log of Anubis team members a few days before the funds were stolen.
According to the investigation, Sisyphus seems to be the real mastermind behind the project, and almost everything needs his approval and signature, including the exact wording of each tweet and every technical/financial issue. Moreover, the Rug Pull project seems to be directed and acted by Sisyphus himself, and he successfully let another member "Beerus" take the blame for it.
In the team division of labor, Sisyphus positioned himself as "responsible for external public relations and helping to unite DAO members", but in fact he was the person in charge giving orders.
Team member “AureliusBTC” said in the chat: “None of us really understand LBP (liquidity bootstrap pool), but Sisyphus is the only one who understands it.” When another member “Beerus” posted an official announcement that a new member had joined Anubis, Sisyphus immediately instructed him to delete the tweet, which Beerus did. In addition, Sisyphus also stated in the chat record that he had contact with Alameda Research (SBF’s crypto company), and that the other party had also purchased Anubis’s token ANKH.
Let's return our attention to the fact that Anubis was drained of liquidity. After the incident, Sisyphus claimed that "DAO members agreed to let Beerus deploy LBP because they were either too busy or didn't want to be responsible." But in the internal chat, there was no evidence to support this statement - in fact, Sisyphus mentioned at the beginning that they used "the best multi-signature ever", but in the later chat he said that he couldn't sign the authorization - therefore, it is speculated that he may have changed the original multi-signature to Beerus alone in this way, thus laying the groundwork for the subsequent attack. The timeline of the next story is as follows:
Late in the evening of October 28, Sisyphus mentioned that he was going to bed and planned to sleep for 6 hours, with the last message staying at 00:16;
When I joined the chat the next morning, it was 07:18 AM, and I answered a few questions in the group;
07:20, the mailbox of "Beerus" who has the management rights of LBP received an email from Sisyphus's email address - containing a PDF with SAFT (Simple Agreement for Future Tokens) - Beerus mentioned after the incident that this PDF contained a Trojan virus, which damaged his computer and stole LBP management rights;
At 07:26, Sisyphus communicated with Beerus for a while and reminded the latter to stay awake before the end of LBP. The communication lasted until 07:44, at which time there were still 4 hours left before the end of LBP.
At 07:48, LBP funds were exhausted and all ETH was withdrawn by the management account to a new address, leaving only a pile of worthless ANKH tokens.
According to subsequent investigations, neither the Copper platform nor the Balancer smart contracts were hacked or destroyed. In other words, the LBP creator Beerus' wallet account was either hacked as he said, or he staged it himself. Sisyphus claimed that his email address had never sent this email.
Who is lying? We can infer from some side information. First, not only Beerus received the email, but other VC contacts also received it. The difference is that Beerus received the PDF email at 07:20 am, while others received it half an hour later, and some even several hours later. One possible explanation is that the attacker sent mass emails to confuse the target of the attack, and also reserved time in advance for Beerus to open the PDF to attack the computer.
Furthermore, when analyzing other received PDFs afterwards, there were no visible anti-spoofing warnings. SPF will not flag a Gmail address unless the address is not actually from Gmail; based on the photo, it is very likely that the address sent actual emails. In other words, these emails were really sent from Sisyphus's real email address - and Sisyphus swore that he had never sent the email, and even pretended to be stupid and asked in the group "What does this mean?"
In addition, analysis of other people's emails revealed that no Trojan virus was loaded - in fact, it was possible that only Beerus's emails had the virus. Afterwards, he submitted his computer to the Hong Kong police to prove his innocence (there is no latest progress at present, and the incident seems to have come to nothing).
The question is, how did the attacker know that Beerus had LBP management rights? No one knew that Beerus was the (only) person in control, except for some insiders. In fact, Convex, a member of the Anubis team, mentioned this in the group chat: "Why did Beerus even receive malware? It doesn't make sense for him to be a target. As we all know, aureliusBTC and I are the developers, more like the ones who control the private keys. Outsiders have no idea about Beerus's specific situation."
Interestingly, Sisyphus asked Beerus: "Dude, what did you click on?" At this time, Beerus had not yet revealed to everyone that he clicked on the malicious email PDF. No one else knew about it, so how did Sisyphus know?
After the LBP funding pool was drained, Sisyphus accused Beerus of implementing Rug on the project and said, "You ruined my reputation." In addition, Sisyphus also published the attacker's IP address and mentioned that it was from Hong Kong, where Beerus lived. In fact, this IP address came from a third-party VPS provider, which can rent servers in different regions and has no reference value. Later, Beerus was exposed by investors. He was the son of Zhang Shunzheng, a well-known figure in the Hong Kong horse racing industry, at the age of 19.
There is another detail. Max Zim, an early participant of PEPE mentioned in the previous article, also participated in the release of Anubis. Afterwards, he also defended Sisyphus on Twitter. After all, the two have a close relationship.
3. Sisyphus opens another smurf account, and his real identity is Kevin Pawlak, head of OpenSea Ventures
As we mentioned earlier, Sisyphus, who claimed to have invested $420,000 in the Anubis project, was not disappointed at all after the Rug project. After publishing a short essay to shirk his responsibility, he no longer paid attention to the subsequent progress.
On November 6 (a week after the attack), Sisyphus opened another account on Twitter, using the pseudonym "0xMagallan" (now deregistered). This account has been extremely active in the past two years, with more than 5,000 posts and participation in various project marketing. The account contains two wallet addresses: ferdinand-magellan.eth and ukrainedonations.eth.
In fact, there are many controversial points about Sisyphus (Kevin Pawlak). For example, he once bought the expensive NFT Etherrock 72, fragmented it into PEBBLE tokens on the NFT fragmentation protocol Fractional, and sold it at a very high premium. Priced in ETH, the PEBBLE token has fallen by more than 99% from its high point. The project was shut down in 2023 and all operations were terminated; PEBBLE's official website pebble.xyz has also expired and is in the sales stage.
It seems that no one has ever seen the real Sisyphus and 0xMagallan, and there has never been any relevant information on the Internet. However, "NFTethics" has confirmed their true identity through various on-chain information and multiple sources. It is Kevin Pawlak, the head of OpenSea Ventures.
Kevin Pawlak
First, the timestamps on the pawlak.eth and sisyphus.eth addresses match exactly. On-chain data shows that they both minted Zorbs (ZORB) within 1 minute, and they also minted sismo.eth DAO (SDAO) within 10 minutes. Other on-chain operations were also short, and the accounts were basically active at the same time.
Interestingly, Kevin Pawlak often uses the alias "Sisyphus" to post critical posts about OpenSea - perhaps trying to put some pressure on them so that Opensea can launch a project from which he can benefit the most, or maybe just complaining.
More people, including TheBlock reporter Tim Copeland, confirmed that Sisyphus's true identity is indeed Kevin Pawlak - in fact, his identity is well known in small circles. Now, he has renamed his wallet to pawlak.eth. The wallet address is: 0xBB5BB336d1Db8471B77F936C210B15fa2A5b3cbb.
Kevin Pawlak is smart, an Intel Science Talent semifinalist, has a degree in chemical engineering, and wants to be a surgeon/scientific researcher, but people who know him mention his dark side: ruthless, amoral, sociopath, and can lie without conscience/remorse.
Last October, Kevin Pawlak purchased another property in New York for $3.3 million. According to sources, Kevin Pawlak recently bought a Rolls-Royce and Lamborghini (worth more than $1 million) in France and privately flaunts his wealth and lavish lifestyle.
At present, Kevin Pawlak (Sisyphus) has not responded directly to the outside world's doubts. If there is any latest development, Odaily Planet Daily will also pay attention to the report as soon as possible.