Crypto Sleuth Alerts to Scammer Network Behind DeFi Protocols Including Magnate, Kokomo, Solfire, and Lendora

By Jody McDonald April 15, 2024 In DeFi, Scams, Twitter
Haker guy in hoodie and crypto currency concept on dark background. 3d rendering
  • A crypto investigator on X, ZachXBT, has alleged that lending protocol Leaper Finance is run by a group responsible for several previous rugpull scams.
  • ZachXBT also identified two other currently active DeFi protocols run by the same scam group, warning users to immediately withdraw all funds.
  • The group responded to the claims by trolling the investigator, then promptly closing down their X accounts and taking their scam project’s websites offline.

As interest in crypto picks up, so too does the number of scammers looking to take advantage of investors’ FOMO. 

An example of this increasing scammer activity came yesterday when X user and crypto investigator ZachXBT issued a warning regarding the DeFi lending protocol known as Leaper Finance, which runs on the Ethereum layer 2 network Blast. 

Related: Controversy Over Layer-2 BLAST as Paradigm Says Launch ‘Crossed Lines’ 

By tracing on-chain transactions, ZachXBT was able to link accounts associated with Leaper Finance to a group responsible for a number earlier rug pulls, which included dodgy projects such as Magnate, Kokomo, Lendora and Solfire.


According to ZachXBT these earlier scams have netted the group stolen assets valued in the tens of millions of dollars.

Scam Group Identified Through On-Chain Tracing

In his X post, ZachXBT laid out in detail how he traced transactions from the account that funded the liquidity pool on Leaper Finance back to an account which held the stolen funds from the Magnate scam.

The complicated series of transactions involved multiple bridges between various Ethereum layer 2s — first to Polygon, then to Base — before the funds finally got bridged to Blast and deposited into the Leaper Finance liquidity pool.

ZachXBT says in total 294 ETH, currently valued at close to US$1 Million, were deposited into the protocol to make it appear legit, giving the impression that many users already trust the protocol and therefore baiting new users.

The crypto investigator said that in the past the group has let the total value locked (TVL) in their scam protocols grow to seven figures before pulling the rug and stealing all user funds.

More Scams Linked To Group

In a series of follow-up posts, ZachXBT linked several more currently active DeFi protocols to the group — these protocols were:

  • Zebra Lending on the Ethereum Layer 2, Base, which he said had US$311,000 TVL; and
  • Glori Finance on the Ethereum Layer 2, Arbitrum, which had US$1.4 million TVL.

These alerts also included on-chain tracing showing the group’s ties to these projects. The crypto investigator warned anyone with funds locked in these protocols to remove them immediately.

Group Attacks Investigator

ZachXBT also said the group behind these scams started trolling him after his warnings, claiming that they were from the notorious North Korean hacking group, Lazarus, and saying they fear yet admire the investigator.

After the trolling, the X accounts of Leaper Finance and Glori Finance were deactivated and the websites for all three projects were taken offline.

Related: Australia Proposes “Scams Code Framework” in Wake of $3 Billion in Losses 

ZachXBT said this group has been running lending protocol rug pull scams since at least 2021.

Jody McDonald

Jody McDonald

Jody is a Brisbane-based freelance writer who specialises in writing about business, technology, and the future of work.

You may also like