Zodiac DAO Rug Pull
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
The ZodiacDAO was a collateralized reserve currency. The liquidity, website, Twitter, Medium, and Telegram have disappeared. There is limited information on how much was lost and no apparent recovery plan.
About Zodiac DAO
Github: [4]
ZodiacDAO promised an advanced OlympusDAO fork including features like Rebased, NFT, GameFi, and Web3[5]. Based on the $ZD token and backed by the Zodiac DAO, Zodiac promised a decentralized protocol aiming to bring innovation to DeFi 2.0[5]. It aimed to address issues faced by other DAOs and OlympusDAO[5]. The project claimed to avoid the "Pump and Dump" problem by fully adding pre-sold tokens to a Liquidity Pool (LP) and vesting them for whitelisters[5]. The protocol involves profit distribution through staking ZD tokens, and bonding offers leverage for more ZD tokens[5]. It promised NFT rewards and anti-inflation mechanisms to maintain the ZD token value[5].
ZodiacDAO has launched an advanced OlympusDAO fork with features such as Rebased, NFT, GameFi, and Web3. It operates as a decentralized protocol based on the $ZD token, collateralized and supported by the Zodiac DAO, serving as the reserve currency on the Binance Smart Chain (BSC) network. Zodiac employs the Algorithmic Reserve Currency algorithm for price stability and utilizes Protocol Owned Liquidity (POL)[6]. Community ownership is emphasized, enabling $ZD holders to make decisions through on-chain voting and holding activities. ZodiacDAO addresses issues faced by other DAOs and aims to bring innovation to DeFi 2.0. Pre-sold tokens are locked in a Liquidity Pool to prevent Pump & Dump scenarios[6]. The protocol involves Staking and Bonding strategies, and it integrates NFT and GameFi components with anti-inflation mechanisms for price stability and value growth[6].
According to CoinMarketCap, "ZodiacDAO is a DeFi 2.0+ decentralized reverse currency protocol based on the $ZD token. We use the POL (Protocol Owned Liquidity) to make sure that $ZD is back into ZodiacDAO treasury stable and sufficiently."[7]
"Singapore, Singapore–(Newsfile Corp. – January 2, 2022) – ZodiacDAO Launches an advanced OlympusDAO fork containing Rebased, NFT, GameFi and Web3. Zodiac is a decentralized protocol based on the $ZD token – collateralized and backed by the Zodiac DAO. ZD will be the reserve currency on the BSC network. In order to maintain price stability, Zodiac will use the Algorithmic Reserve Currency algorithm and will also be supported by the POL (Protocol Owned Liquidity) for the most sufficiency. Zodiac will be community owned; $ZD holders decide on Zodiac’s future via on-chain voting and HODL-ing activities."
"Their GameFi is currently under development and anti-inflation will be applied as well, so people can play, earn, and rest assured about the stable price of ZD along with their great marketing strategy."
Twitter: [8]
Medium: [9]
Website: [10]
The Reality
The GameFi and anti-inflation features were still reportedly under development at the time of the launch[5].
What Happened
TBD
| Date | Event | Description |
|---|---|---|
| December 23rd, 2021 11:04:00 PM MST | Last Github Update | The project completed their last Github update to the "Zodiac Supply Endpoint"[11]. |
| January 2nd, 2022 3:06:35 AM MST | Zodiac DAO Press Release | A press release is made by the Zodiac DAO project announcing their project launch and describing the protocol, which is picked up by the Hanover Post[5]. The post specifically mentions how the project's unique launch approach is designed to prevent pump and dump and maintain the value of the ZD token. |
| January 4th, 2022 12:41:00 PM MST | CertiK Community Leaderboard | The CertiK Community Leaderboard shares a tweet which reports that the Zodiac DAO project has rugpulled and their Twitter account is deactivated. They advise the community to not interact with this project and state they are looking into it further[12]. |
| January 5th, 2022 1:45:01 AM MST | Karma Finance Video | YouTube channel Karma Finance reports on the rug pull and resulting price crash[13]. The price was reportedly trading well above the $10-$20 mark, but at the time of the video there was a 100% drop and the website is completely "banished". It references the "CertiK Security Leaderboard" post confirmation and reports that the community is closely monitoring the situation. |
Technical Details
TBD
Total Amount Lost
The total amount lost is unknown. TBD
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
"We’ve received inbounds that may indicate high risks regarding to a project named Zodiac DAO. The twitter account is gone and we wish the community DYOR enough before interacting with the dApp."
CertiK Security Leaderboard Tweet
The CertiK Security Leaderboard shared a Tweet to warn the community[12].
"#zodiacdao has been identified as a #rugpull. Their twitter account @zodiacdao_bep20 has been deactivated.
The team is currently looking into it.
DO NOT interact with this project!"
Karma Finance YouTube Video
YouTube channel Karma Finance reports on the rug pull and resulting price crash[13]. The price was reportedly trading well above the $10-$20 mark, but at the time of the video there was a 100% drop and the website is completely "banished". It references the "CertiK Security Leaderboard" post confirmation and reports that the community is closely monitoring the situation.
Ultimate Outcome
TBD
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
Ongoing Developments
TBD
Individual Prevention Policies
The Zodiac DAO project smart contract was not independently reviewed. Individuals should ensure that project funds are stored in a proper multi-signature wallet with keys held by reputable individuals.
Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.
Any time that you are promised any profit or benefit in exchange for an initial payment, smart contract approval, or deposit, pay special care as to whether the entity making that offer is trustworthy, actually who they say they are, and has the means to fulfill what they're promising. There are no magic algorithms providing guaranteed returns from trading or mining. Trading on average will lose money. Mining is expensive and complex. No one is going to immediately send back more than you sent them. NFT projects will rarely announce a surprise mint in only a single location. Are you fully prepared for the event your money is kept and nothing is delivered in return?
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Members of the Zodiac DAO team could have ensured that funds were stored in a proper multi-signature wallet with reputable key-holders, which would have prevented the theft of the funds without the consent of the vast majority of key holders. For other wallets and exchanges, increased user education can help users avoid participating in risky projects.
Zodiac DAO Platform
The Zodiac DAO team could have ensured that funds were stored in a proper multi-signature wallet with reputable key-holders. This would require multiple members of the team to approve any funds from being spent outside of the intended development path.
All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.
Other Wallets And Exchanges
Increased user education can help users avoid participating in risky projects, and point users to the right tools to validate projects. An industry insurance fund can assist affected users.
Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
The incident could have been prevented through a third party review of the project, which would have uncovered the insecure storage of funds outside of a multi-signature wallet and checked into the team. An industry insurance fund can facilitate proper reviews and assist in the event of loss.
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ ZodiacDAO - DappRadar (Jan 6, 2022)
- ↑ Introducing ZodiacDAO, an Advanced OlympusDAO Fork Contains: Rebased, NFT, Gamefi and Web3 (Jan 6, 2022)
- ↑ Introducing ZodiacDAO, an Advanced OlympusDAO Fork Contains: Rebased, NFT, Gamefi and Web3 (Jan 6, 2022)
- ↑ Zodiac DAO Github (Aug 28, 2023)
- ↑ 5.0 5.1 5.2 5.3 5.4 5.5 5.6 5.7 Introducing ZodiacDAO, an Advanced OlympusDAO Fork Contains: Rebased, - Hanover Post (Jan 6, 2022)
- ↑ 6.0 6.1 6.2 Introducing ZodiacDAO, an Advanced OlympusDAO Fork Contains: Rebased, NFT, Gamefi and Web3 - Yahoo Life (Aug 28, 2023)
- ↑ ZodiacDao - CoinMarketCap Archive May 23rd, 2022 6:38:30 PM MDT (Jan 6, 2022)
- ↑ ZodiacDao Twitter Archive December 24th, 2021 4:36:56 PM MST (Aug 30, 2023)
- ↑ ZodiacDao Medium Archive December 24th, 2021 4:36:58 PM MST (Jan 6, 2022)
- ↑ ZodiacDAO Finance Archive January 2nd, 2022 7:27:10 AM MST (Jan 6, 2022)
- ↑ Zodiac Supply Endpoint - Zodiac DAO Github (Aug 28, 2023)
- ↑ 12.0 12.1 CertiK Security Leaderboard - "#zodiacdao has been identified as a #rugpull. Their twitter account @zodiacdao_bep20 has been deactivated." - Twitter (Jan 6, 2022)
- ↑ 13.0 13.1 Karma Finance News - Zodiac DAO Rugpull -Big Crash, Website Twitter Closed- ZodiacDao Plummets after Listing ZD fall down - YouTube (Jan 6, 2022)
- ↑ CertiK Blockchain Security Leaderboard (Jan 4, 2022)