Oyster Protocol Bruno Block Exit Scam
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
The Oyster Protocol was a new way to monetize a website without having to use banner ads. The protocol launched and raised funds in 2017. An exploit left in the smart contract by Bruno Block, the protocol's creator, allowed for a large "directorship" transfer within the smart contract. Tokens were subsequently liquidated for $300k via the KuCoin exchange via a non-KYC account. It appears that the Oyster Protocol team has migrated to start working on a new Opacity project with the same mission.
This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8]
About Oyster Protocol
"Goodbye Banner Ads. Hello Oyster. The future of website monetization and distributed storage, built on IOTA Tangle and Ethereum."
"Advertisements have always been a fundamentally weak proposition. They are intrusive, tangential, privacy invasive, and distract from the cleanliness of a website.
Making matters worse, creative content publishers are suffering due to the advent of ad blockers and a general disregard to what advertisements have to offer."
"Website visitors contribute a small portion of their CPU and GPU power to enable users' files to be stored on a decentralized and anonymous ledger.
In return, the website owners get paid indirectly by the storage users and website visitors can enjoy an ad-free browsing experience."
"Earlier today, it was discovered that the transferDirector function was utilized on the Oyster Protocol token contract. This allowed the new director to re-open the ICO for PRL and re-issue new tokens (1 ETH = 5000 PRL / .04 per PRL). The individual in question then sent these tokens (upwards of 3M PRL) to KuCoin where the tokens were market sold. They were able to extract ~$300,000 in funds prior to us being able to shut down trading and withdrawals on KuCoin."
"Despite Oyster passing three separate smart contract audits, we were told by Bruno Block, the original founder and chief architect of the project, that the directorship of the token contract had to remain open so that the peg could be adjusted over time. This ultimately turned out to be a trapdoor mechanism in the contract that was eventually exploited. This contract was written by Bruno Block prior to the ICO, at which point Bruno was the only member of the team. We relied on the auditors involved here for assurance that the smart contract was safe. Bruno was the only one who had the ability to transfer directorship within the PRL smart contract. After our initial review, we are inclined to believe that these were solely the actions of Bruno Block and that he did this now to avoid detection from KuCoin KYC procedures (that will be implemented on November 1st). These KYC procedures would have limited withdrawals on Non-KYC’ed accounts to no more than 2 BTC per day and would have prevented this from happening. This was well-orchestrated and well-executed (at a time when he knew a majority of the KC team would be offline). This also caught the entire team outside of Bruno Block by surprise, as the team collectively holds ~5% of the total supply in personal wallets. The team has been working tirelessly on this since day 1, without pay at some points in time. This project has been built on the back of hard work and raw determination and we will not let Bruno’s role as a bad actor in all of this undermine a project that the entire rest of the team is completely devoted to."
Reaching out to victims of Bruno and Oyster PRL by JasonOPQ in Opacity
It was the day, Bruno started dumping the tokens
Bruno Block exit scammed. In order to continue, the rest of the team created Opacity."
Bruno moving funds. by Halunen in Oyster
"4 months ago /u/itslevi predicted that a cryptocurrency called Oyster was a scam, even getting into an argument with the coins anonymous creator "Bruno Block". Yesterday, his prediction came true when the creator sold off $300,000 of the coin by exploiting a loophole he had left in the contract."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| October 29th, 2018 4:46:57 PM MDT | Post Oyster Update | The Oyster Update is posted ot Medium explaining/announcing the dumpage. |
| October 30th, 2018 8:39:23 AM MDT | Reddit Discussions | Discussions start up on Reddit about the exit scam event. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $300,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
The total amount recovered is unknown.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Adverbiet comments on Reaching out to victims of Bruno and Oyster PRL (Feb 28, 2023)
- ↑ Adverbiet comments on What coins that used to be hyped are no longer active or in development? (Feb 28, 2023)
- ↑ Adverbiet comments on Bruno moving funds. (Feb 28, 2023)
- ↑ Adverbiet comments on 4 months ago /u/itslevi predicted that a cryptocurrency called Oyster was a scam, even getting into an argument with the coins anonymous creator "Bruno Block". Yesterday, his prediction came true when the creator so...ract. (Dec 28, 2023)
- ↑ Adverbiet comments on Smart Contract & What is Going on Right Now. (DO NOT BUY OYSTER ANYWHERE) (Dec 28, 2023)
- ↑ https://coinmarketcap.com/currencies/oyster/ (Dec 28, 2023)
- ↑ Oyster Update (Dec 28, 2023)
- ↑ Oyster - The future of website monetization and distributed storage, built on IOTA Tangle and Ethereum. (Dec 28, 2023)