PolkaMetaverse Fake Audit: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
No edit summary
(Another 30 minutes complete.)
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/polkametaversefakeaudit.php}}
{{Case Study Under Construction}}[[File:Polkametaverse.jpg|thumb|PolkaMetaverse]]PolkaMetaverse is currently claiming to be audited when no such audit has been performed, according to Peckshield. It remains to be seen what will come of this project and any investments. The whitepaper claims a multi-sig but no one has looked into the code.
{{Unattributed Sources}}


[[File:Polkametaverse.jpg|thumb|PolkaMetaverse]]PolkaMetaverse is currently claiming to be audited when no such audit has been performed, according to Peckshield. It remains to be seen what will come of this project and any investments. The whitepaper claims a multi-sig but no one has looked into the code.
== About PolkaMetaverse ==
 
<ref name="polkametaverse-5657" /><ref name="polkametaverse-5658" /><ref>[https://icoholder.com/en/polkametaverse-1012003 Polkametaverse - ICOHolder] (Jul 18, 2023)</ref><ref>[https://airdropalert.com/polkametaverse-airdrop Polkametaverse Airdrop - Airdrop Alert] (Jul 18, 2023)</ref><ref>https://www.95pm.com/index.php/category-23.html (Jul 18, 2023)</ref><ref>[https://thebittimes.com/token-POKA-BSC-0x05c0d4A8372fc666F0326397532054ADd28386F3.html Polkametaverse (POKA) - The Bit Times] (Jul 18, 2023)</ref>
This is a global/international case not involving a specific country.<ref name="peckshieldtwitter-5656" /><ref name="polkametaverse-5657" /><ref name="polkametaverse-5658" /><ref name="polkametaverse-5659" /><ref name="bscscan-5660" /><ref name="polkametaversetwitter-5661" /><ref name="polkametaversetwitter-5662" />


== About PolkaMetaverse ==
"Polkametaverse is a Next-generation NFT platform." "Polkametaverse is a new generation of decentralized exchange, using a Layer 2 scalability engine, supporting leveraged transactions, and providing lower transaction rates. POKA is the governance token of Polkametaverse, with a total supply of only 100,000,000. POKA will be listed on Hotbit, Binance Trust Wallet, Bybit and Coinbase exchanges. The estimated listing price of POKA is $30." "A new generation of decentralized exchange using a Layer 2 scalability engine. Trade Perpetual Contracts with low fees, deep liquidity, and up to 100× more Buying Power."
"Polkametaverse is a Next-generation NFT platform." "Polkametaverse is a new generation of decentralized exchange, using a Layer 2 scalability engine, supporting leveraged transactions, and providing lower transaction rates. POKA is the governance token of Polkametaverse, with a total supply of only 100,000,000. POKA will be listed on Hotbit, Binance Trust Wallet, Bybit and Coinbase exchanges. The estimated listing price of POKA is $30." "A new generation of decentralized exchange using a Layer 2 scalability engine. Trade Perpetual Contracts with low fees, deep liquidity, and up to 100× more Buying Power."


Line 19: Line 16:
"Use your wallet send BNB to the Pre-sale address. Our system will send tokens to your wallet."
"Use your wallet send BNB to the Pre-sale address. Our system will send tokens to your wallet."


"@polkametaverse claims audited by PeckShield, which is not true. The audit report posted on their website is forged."
Polkametaverse claimed to be audited by Peckshield<ref name="polkametaverse-5659" />.


This is a global/international case not involving a specific country.


The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
=== Early Promotions on Twitter ===
 
<ref name="polkametaversetwitter-5661" /><ref name="polkametaversetwitter-5662" /><blockquote>Airdrop from our side for the community Please share your BNB address here and we will send 500 POKA tokens to first 100 People</blockquote><blockquote>Airdrop is Live <nowiki>https://polkametaverse.io/#airdrop</nowiki> Every participant can get 10 POKA tokens by participating in airdrop. Copy and share your referral link to your friends .After the airdrop ends, POKA tokens will be automatically distributed to your submitted BNB wallet address.</blockquote>
Include:
 
* Known history of when and how the service was started.
* What problems does the company or service claim to solve?
* What marketing materials were used by the firm or business?
* Audits performed, and excerpts that may have been included.
* Business registration documents shown (fake or legitimate).
* How were people recruited to participate?
* Public warnings and announcements prior to the event.
 
Don't Include:
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.


== The Reality ==
== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
Polkametaverse was created by the same individuals who created other fraudulent projects like DYDX<ref>[https://cryptoleda.com/scam-alert/is-polkametaverse-a-scam-project/ Is Polkametaverse (POKA) a Scam Project? - CryptoLeda] (Jul 18, 2023)</ref>.


* When the service was actually started (if different than the "official story").
"@polkametaverse claims audited by PeckShield, which is not true. The audit report posted on their website is forged."<ref name="polkametaverse-5659" />
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.


== What Happened ==
== What Happened ==
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
The Polkametaverse project was created by a fraudulent team with a number of false claims including listing on Binance. The website included a fake smart contract audit by Peckshield. Peckshield has denied auditing the project.
{| class="wikitable"
{| class="wikitable"
|+Key Event Timeline - PolkaMetaverse Fake Audit
|+Key Event Timeline - PolkaMetaverse Fake Audit
Line 55: Line 34:
!Event
!Event
!Description
!Description
|-
|January 11th, 2022 2:49:59 PM MST
|Promotional Tweet
|Polkametaverse tweets to promote their airdrop<ref name="polkametaversetwitter-5661" />.
|-
|January 12th, 2022 10:56:29 AM MST
|Promotional Tweet
|Polkametaverse tweets to promote their airdrop<ref name="polkametaversetwitter-5662" />.
|-
|-
|January 15th, 2022 3:34:00 PM MST
|January 15th, 2022 3:34:00 PM MST
|Main Event
|PeckShield Reports Fraudulent Audit
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|Peckshield posts a tweet reporting that the smart contract audit is not true<ref name="peckshieldtwitter-5656" />.
|-
|
|
|
|-
|-
|
|
Line 67: Line 58:
== Technical Details ==
== Technical Details ==
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
<ref name="bscscan-5660" /><ref>https://bscscan.com/address/0x669be6bdb16c26ad99fca4c1ee6b814ede5676c9 (Jul 18, 2023)</ref>
=== Fake Audit Report ===
<ref name="polkametaverse-5659" />


== Total Amount Lost ==
== Total Amount Lost ==
Line 74: Line 70:


== Immediate Reactions ==
== Immediate Reactions ==
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
TBD
 
<ref name="peckshieldtwitter-5656" /><blockquote>#ScamAlert We notice that a project named so-called @polkametaverse claims audited by PeckShield, which is not true.  The audit report posted on their website is forged. Thanks!</blockquote>


== Ultimate Outcome ==
== Ultimate Outcome ==
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
TBD


== Total Amount Recovered ==
== Total Amount Recovered ==
Line 85: Line 83:


== Ongoing Developments ==
== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
TBD
== Individual Prevention Policies ==
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}
Third party audits should be verified at the source. Almost all smart contract auditing services publish their audits online.
 
{{Prevention:Individuals:Safe Smart Contract Usage}}
 
The risk in a smart contract can be reduced by storing most funds offline, and only bringing those assets needed for the specific transaction.
 
{{Prevention:Individuals:Store Funds Offline}}


{{Prevention:Individuals:End}}
{{Prevention:Individuals:End}}
Line 93: Line 97:
== Platform Prevention Policies ==
== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}
{{Prevention:Platforms:Placeholder}}
{{Prevention:Platforms:Cryptocurrency Safety Quiz}}


{{Prevention:Platforms:End}}
{{Prevention:Platforms:End}}
Line 98: Line 104:
== Regulatory Prevention Policies ==
== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}
{{Prevention:Regulators:Placeholder}}
{{Prevention:Regulators:Cryptocurrency Education Mandate}}


{{Prevention:Regulators:End}}
{{Prevention:Regulators:End}}


== References ==
== References ==
<references><ref name="peckshieldtwitter-5656">[https://twitter.com/peckshield/status/1482481256084344838 @peckshield Twitter] (Jan 15, 2022)</ref>
<references>
 
<ref name="peckshieldtwitter-5656">[https://twitter.com/peckshield/status/1482481256084344838 Peckshield - "#ScamAlert We notice that a project named so-called @polkametaverse claims audited by PeckShield, which is not true.  The audit report posted on their website is forged. Thanks!" - Twitter] (Jan 15, 2022)</ref>
<ref name="polkametaverse-5657">[https://polkametaverse.io/ POKA] (Jan 15, 2022)</ref>
<ref name="polkametaverse-5657">[https://polkametaverse.io/ Polkametaverse Homepage] (Jan 15, 2022)</ref>
 
<ref name="polkametaverse-5658">https://polkametaverse.io/whitepaper.pdf (Jan 15, 2022)</ref>
<ref name="polkametaverse-5658">[https://polkametaverse.io/whitepaper.pdf https://polkametaverse.io/whitepaper.pdf] (Jan 15, 2022)</ref>
<ref name="polkametaverse-5659">[https://web.archive.org/web/20220111153347/https://polkametaverse.io/assets/audit-report-v1.2.pdf <nowiki>[Fake] SMART CONTRACT AUDIT REPORT for Polkametaverse Safety Module - PolkaMetaverse Website</nowiki>] (Jan 15, 2022)</ref>
 
<ref name="bscscan-5660">[https://bscscan.com/address/0x316a2EaF194bB77928D8bc321e5C10d0e4987A0B Polkametaverse Deployer Address - BSCScan] (Jan 15, 2022)</ref>
<ref name="polkametaverse-5659">[https://polkametaverse.io/assets/audit-report-v1.2.pdf https://polkametaverse.io/assets/audit-report-v1.2.pdf] (Jan 15, 2022)</ref>
<ref name="polkametaversetwitter-5661">[https://web.archive.org/web/20220111214959/https://twitter.com/polkametaverse/status/1481019279524995074 polkametaverse - "Airdrop from our side for the community Please share your BNB address here and we will send 500 POKA tokens to first 100 People" - Twitter Archive January 11th, 2022 2:49:59 PM MST] (Jan 15, 2022)</ref>
 
<ref name="polkametaversetwitter-5662">[https://web.archive.org/web/20220112175629/https://twitter.com/polkametaverse/status/1481322905585823750 polkametaverse - "Airdrop is Live https://polkametaverse.io/#airdrop  Every participant can get 10 POKA tokens by participating in airdrop. Copy and share your referral link to your friends .After the airdrop ends, POKA tokens will be automatically distributed to your submitted BNB wallet address." -  Twitter Archive January 12th, 2022 10:56:29 AM MST] (Jan 15, 2022)</ref>
<ref name="bscscan-5660">[https://bscscan.com/address/0x316a2EaF194bB77928D8bc321e5C10d0e4987A0B https://bscscan.com/address/0x316a2EaF194bB77928D8bc321e5C10d0e4987A0B] (Jan 15, 2022)</ref>
</references>
 
<ref name="polkametaversetwitter-5661">[https://twitter.com/polkametaverse/status/1481019279524995074 @polkametaverse Twitter] (Jan 15, 2022)</ref>
 
<ref name="polkametaversetwitter-5662">[https://twitter.com/polkametaverse/status/1481322905585823750 @polkametaverse Twitter] (Jan 15, 2022)</ref></references>

Revision as of 17:46, 18 July 2023

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

PolkaMetaverse

PolkaMetaverse is currently claiming to be audited when no such audit has been performed, according to Peckshield. It remains to be seen what will come of this project and any investments. The whitepaper claims a multi-sig but no one has looked into the code.

About PolkaMetaverse

[1][2][3][4][5][6]

"Polkametaverse is a Next-generation NFT platform." "Polkametaverse is a new generation of decentralized exchange, using a Layer 2 scalability engine, supporting leveraged transactions, and providing lower transaction rates. POKA is the governance token of Polkametaverse, with a total supply of only 100,000,000. POKA will be listed on Hotbit, Binance Trust Wallet, Bybit and Coinbase exchanges. The estimated listing price of POKA is $30." "A new generation of decentralized exchange using a Layer 2 scalability engine. Trade Perpetual Contracts with low fees, deep liquidity, and up to 100× more Buying Power."

"Polkametaverse joined hands with Kusama and StarkWare which employed StarkEx, a Layer 2 scalability engine that aims to improve the trading on platform. In simple words, the impact will be similar to the upcoming Eth 2.0 upgrade, as the gas costs will become zero, minimum trade sizes will be reduced, and trading fees will be lower."

"The purpose of Polkametaverse is to provide secure trading services with low gas costs and fees. To achieve this, the platform is now moving towards Layer 2 with the help of StarkWare to increase its trade settlement capacity."

"We present a set of protocols that allow several types of financial products to be created, issued, and traded for any pair of underlying ERC20 tokens. Our approach uses off-chain order books with on-chain settlement to allow creation of efficient markets. All described protocols are fair and trustless, creating truly open markets that are not governed by a central authority. The protocols are extensible by anyone, requiring no special permissions to be used with other smart contracts."

"Please share your BNB address here and we will send 500 POKA tokens to first 100 People." "Every participant can get 10 POKA tokens by participating in airdrop. Copy and share your referral link to your friends .After the airdrop ends, POKA tokens will be automatically distributed to your submitted BNB wallet address."

"Use your wallet send BNB to the Pre-sale address. Our system will send tokens to your wallet."

Polkametaverse claimed to be audited by Peckshield[7].


Early Promotions on Twitter

[8][9]

Airdrop from our side for the community Please share your BNB address here and we will send 500 POKA tokens to first 100 People

Airdrop is Live https://polkametaverse.io/#airdrop Every participant can get 10 POKA tokens by participating in airdrop. Copy and share your referral link to your friends .After the airdrop ends, POKA tokens will be automatically distributed to your submitted BNB wallet address.

The Reality

Polkametaverse was created by the same individuals who created other fraudulent projects like DYDX[10].

"@polkametaverse claims audited by PeckShield, which is not true. The audit report posted on their website is forged."[7]

What Happened

The Polkametaverse project was created by a fraudulent team with a number of false claims including listing on Binance. The website included a fake smart contract audit by Peckshield. Peckshield has denied auditing the project.

Key Event Timeline - PolkaMetaverse Fake Audit
Date Event Description
January 11th, 2022 2:49:59 PM MST Promotional Tweet Polkametaverse tweets to promote their airdrop[8].
January 12th, 2022 10:56:29 AM MST Promotional Tweet Polkametaverse tweets to promote their airdrop[9].
January 15th, 2022 3:34:00 PM MST PeckShield Reports Fraudulent Audit Peckshield posts a tweet reporting that the smart contract audit is not true[11].

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

[12][13]

Fake Audit Report

[7]

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

TBD

[11]

#ScamAlert We notice that a project named so-called @polkametaverse claims audited by PeckShield, which is not true. The audit report posted on their website is forged. Thanks!

Ultimate Outcome

TBD

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

TBD

Individual Prevention Policies

Third party audits should be verified at the source. Almost all smart contract auditing services publish their audits online.

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

The risk in a smart contract can be reduced by storing most funds offline, and only bringing those assets needed for the specific transaction.

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Polkametaverse Homepage (Jan 15, 2022)
  2. https://polkametaverse.io/whitepaper.pdf (Jan 15, 2022)
  3. Polkametaverse - ICOHolder (Jul 18, 2023)
  4. Polkametaverse Airdrop - Airdrop Alert (Jul 18, 2023)
  5. https://www.95pm.com/index.php/category-23.html (Jul 18, 2023)
  6. Polkametaverse (POKA) - The Bit Times (Jul 18, 2023)
  7. 7.0 7.1 7.2 [Fake] SMART CONTRACT AUDIT REPORT for Polkametaverse Safety Module - PolkaMetaverse Website (Jan 15, 2022)
  8. 8.0 8.1 polkametaverse - "Airdrop from our side for the community Please share your BNB address here and we will send 500 POKA tokens to first 100 People" - Twitter Archive January 11th, 2022 2:49:59 PM MST (Jan 15, 2022)
  9. 9.0 9.1 polkametaverse - "Airdrop is Live https://polkametaverse.io/#airdrop  Every participant can get 10 POKA tokens by participating in airdrop. Copy and share your referral link to your friends .After the airdrop ends, POKA tokens will be automatically distributed to your submitted BNB wallet address." - Twitter Archive January 12th, 2022 10:56:29 AM MST (Jan 15, 2022)
  10. Is Polkametaverse (POKA) a Scam Project? - CryptoLeda (Jul 18, 2023)
  11. 11.0 11.1 Peckshield - "#ScamAlert We notice that a project named so-called @polkametaverse claims audited by PeckShield, which is not true. The audit report posted on their website is forged. Thanks!" - Twitter (Jan 15, 2022)
  12. Polkametaverse Deployer Address - BSCScan (Jan 15, 2022)
  13. https://bscscan.com/address/0x669be6bdb16c26ad99fca4c1ee6b814ede5676c9 (Jul 18, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=PolkaMetaverse_Fake_Audit&oldid=4835"