$3 400 000 USD

JUNE 2024

GLOBAL

GEMHOLIC ECOSYSTEM

DESCRIPTION OF EVENTS

"zkSync is a Layer-2 scaling solution developed by Matter Labs, aimed at reducing costs, speeding up transactions, and providing security on Ethereum using ZK Rollups technology."

 

"The zkSync project Gemholic had its funds locked for over a year because of a mistake in the sales contract. Matter Labs, the team behind Ethereum layer-2 scaling solution #zkSync, identified the issue as stemming from the .transfer() function in the GemstoneIDO smart contract, which is part of a project run by the GemholicECO ecosystem."

 

"Gemholic was also quick to make a commitment, writing on its official Twitter account, “We understand that many people have lost confidence, but we still believe that the ZKsync team can get things done. We need everyone to trust us. Once the agreement is finalized, we will launch marketing activities and project pre-release. We will also refund excess payments.”"

 

"The team behind ZkSync, @the_matter_labs rescue[d] the @GemholicECO after a botched token sale, allowing them to retrieve 921 $ETH ($1.7M) raised."

 

""Last year, Gemholic raised 921 ETH on ZKsync. However, due to the technical differences between ZKsyncs Era network and the Ethereum mainnet at the time, Gemholics fundraising method when it was launched on ZKsync was to directly copy the Ethereum contract code. Due to the lack of sufficient testing of the ZKsync architecture differences, the transfer() function in the Gemholic contract generated fees exceeding the gas limit on ZKsync, resulting in passive lock-up of the raised funds.

 

Eden Au, director of research at The Block, noticed the issue and tweeted, “A project on ZKsync raised 921 ETH ($1.7 million) in a token sale, but the funds are forever trapped in a smart contract. The Transfer() function works on Ethereum and other EVM chains, but not on ZKsync.”"

 

"The smart contracts were deployed on zkSync without any prior checks. However, the developers from ConsenSys warned about using the Solidity transfer function in 2019. This function uses a fixed amount of hard-coded gas, which makes them fail because the transfers currently use more.

 

zkSync also warns about this limitation and its impact on smart contracts. Furthermore, the team examined the source code of “dozens of popular crypto projects”, finding all of them compliant with the new dynamic system."

 

"More than a year later, the value of the 921 ETH raised by Gemholic has tripled to more than three million US dollars. On June 7, ZKsync started the mainnet upgrade. In the v24 version, ZKsync added a function that allows the transfer() function to be called normally when gas is not specified to improve compatibility with Ethereum."

 

"The project gemholic on zkSync has run away, and its Twitter and Telegram accounts have been deleted. A total of 921 ETH of user assets, about 350w u, were stolen."

 

"Gemholic, a crypto project, is accused of a rug pull after moving $3.5M in recently recovered funds and vanishing from social media."

 

"The community discovered that Gemholic withdrew 921 ETH from the project contract the day after the V2 upgrade and bridged to the Ethereum mainnet. Subsequently, screenshots circulated in the community showed that Solomon, the founder of Gemholic, deleted all TG group messages, and the Gemholic official Twitter account was also deleted. It is obvious that the project party ran away with the money after unwinding."

 

"Community members are currently trying to trace the Gemholic contract creator’s address, which is supposedly funded by Binance.

 

The cryptocurrency community is concerned following a suspected rug-pull incident involving the Gemholic project and the zkSync network.

 

Several users affected by the alleged Gemholic scam have taken to X to raise awareness. NSerec, the founder of Zkmarkets, confirmed that Gemholic stole $3.5 million.

 

In the X post, NSerec(@NSerec) claimed that Gemholic had deceived its investors for a year by falsely promising refunds. Once the funds were finally unlocked, the team executed what appeared to be a rug pull. NSerec revealed that the address of the contract creator was supposedly funded by Binance and asked community members who have insights on how Binance might assist in reaching out to them.

 

KYC provider silence Despite completing Know Your Customer (KYC) verification with SolidProof, the verification service has not publicly addressed the situation. NSerec believes that the silence is possibly an effort to prevent fear, uncertainty and doubt (FUD) from spreading among the investors."

 

"According to NSerec, a #KYC provider must either admit that they didn’t do a good job checking the people involved, or they should report the fraudsters to the authorities and tell the public what happened. If SolidProof keeps ignoring this problem, their service shouldn’t be trusted.

 

The Zkmarkets(@zkmarkets) founder said that if SolidProof doesn’t deal with the Gemholic scam, the people affected should hold SolidProof responsible. He even suggested that if they don’t take action, people should start calling them “UselessProof” instead of “SolidProof.”"

 

SolidProof has "provided all necessary information to the official cybersecurity authorities in Vietnam and have requested direct contact with the Vietnam Blockchain Association. Additionally, [they] are open to collaborating with Binance and other relevant entities to trace the withdrawn funds and hold the responsible parties accountable."

 

"The Gemholic team employs various mixing techniques that make a portion of the funds difficult to trace, except through extensive forensic investigations. However, our analysis has traced nearly $800,000 ending up in a centralized exchange and demonstrated the dwindling effectiveness of Tornado Cash as a mixer. In fact, we observe that a significant portion of the funds was initially laundered through the protocol sanctioned by OFAC, but the money flow then led us to cross-chain bridges and to the newcomer in the galaxy of privacy protocols: RailGun, now widely used by scammers worldwide."

 

Funds are likely to be traced and recovered.

 

Explore This Case Further On Our Wiki

Gemholic raised 921 ETH worth of funds to create a new blockchain ecosystem. Those funds were then locked due to an issue with their smart contract deployed on zkSync. This took over a year to resolve via an update to the zkSync algorithm. Once it was complete, the Gemholic team nearly immediately withdrew the funds, and started transferring them through TornadoCash. It seems very certain that both founders will be brought to justice given the low anonymity set of TornadoCash, and that they subsequently used centralized exchanges following that point.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.