Zodiac DAO Rug Pull: Difference between revisions

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Zodiac DAO

The ZodiacDAO was a collateralized reserve currency. The liquidity, website, Twitter, Medium, and Telegram have disappeared. There is limited information on how much was lost and no apparent recovery plan.

About Zodiac DAO

^{[1][2][3][4][5][6][7][8]}

"Zodiac is a belt of the heavens within about 8° either side of the ecliptic, including all apparent positions of the sun, moon, and most familiar planets. It is divided into twelve equal divisions or signs which each carry its deep meanings."

ZodiacDAO has launched an advanced OlympusDAO fork with features such as Rebased, NFT, GameFi, and Web3. It operates as a decentralized protocol based on the $ZD token, collateralized and supported by the Zodiac DAO, serving as the reserve currency on the Binance Smart Chain (BSC) network. Zodiac employs the Algorithmic Reserve Currency algorithm for price stability and utilizes Protocol Owned Liquidity (POL)^[9]. Community ownership is emphasized, enabling $ZD holders to make decisions through on-chain voting and holding activities. ZodiacDAO addresses issues faced by other DAOs and aims to bring innovation to DeFi 2.0. Pre-sold tokens are locked in a Liquidity Pool to prevent Pump & Dump scenarios^[9]. The protocol involves Staking and Bonding strategies, and it integrates NFT and GameFi components with anti-inflation mechanisms for price stability and value growth^[9].

"ZodiacDAO is a DeFi 2.0+ decentralized reverse currency protocol based on the $ZD token. We use the POL (Protocol Owned Liquidity) to make sure that $ZD is back into ZodiacDAO treasury stable and sufficiently."

"Singapore, Singapore–(Newsfile Corp. – January 2, 2022) – ZodiacDAO Launches an advanced OlympusDAO fork containing Rebased, NFT, GameFi and Web3. Zodiac is a decentralized protocol based on the $ZD token – collateralized and backed by the Zodiac DAO. ZD will be the reserve currency on the BSC network. In order to maintain price stability, Zodiac will use the Algorithmic Reserve Currency algorithm and will also be supported by the POL (Protocol Owned Liquidity) for the most sufficiency. Zodiac will be community owned; $ZD holders decide on Zodiac’s future via on-chain voting and HODL-ing activities."

"Their GameFi is currently under development and anti-inflation will be applied as well, so people can play, earn, and rest assured about the stable price of ZD along with their great marketing strategy."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

• Known history of when and how the service was started.
• What problems does the company or service claim to solve?
• What marketing materials were used by the firm or business?
• Audits performed, and excerpts that may have been included.
• Business registration documents shown (fake or legitimate).
• How were people recruited to participate?
• Public warnings and announcements prior to the event.

Don't Include:

• Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
• Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

• When the service was actually started (if different than the "official story").
• Who actually ran a service and their own personal history.
• How the service was structured behind the scenes. (For example, there was no "trading bot".)
• Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

^[13]

"We’ve received inbounds that may indicate high risks regarding to a project named Zodiac DAO. The twitter account is gone and we wish the community DYOR enough before interacting with the dApp."

CertiK Security Leaderboard Tweet

The CertiK Security Leaderboard shared a Tweet to warn the community^[11].

"#zodiacdao has been identified as a #rugpull. Their twitter account @zodiacdao_bep20 has been deactivated.

The team is currently looking into it.

DO NOT interact with this project!"

Karma Finance YouTube Video

YouTube channel Karma Finance reports on the rug pull and resulting price crash^[12]. The price was reportedly trading well above the $10-$20 mark, but at the time of the video there was a 100% drop and the website is completely "banished". It references the "CertiK Security Leaderboard" post confirmation and reports that the community is closely monitoring the situation.

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

Any time that you are promised any profit or benefit in exchange for an initial payment, smart contract approval, or deposit, pay special care as to whether the entity making that offer is trustworthy, actually who they say they are, and has the means to fulfill what they're promising. There are no magic algorithms providing guaranteed returns from trading or mining. Trading on average will lose money. Mining is expensive and complex. No one is going to immediately send back more than you sent them. NFT projects will rarely announce a surprise mint in only a single location. Are you fully prepared for the event your money is kept and nothing is delivered in return?

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References