Get the Finder app πŸ₯³

Track your credit score, free

Free

Oyster Protocol (PRL) founder exit scams with contract backdoor

Posted: 30 October 2018 4:54 pm
News

So long and thanks for all the fishiness.

Oyster Protocol was, and possibly still is, designed to solve the current problem with websites losing revenue to adblockers. It was, and possibly still is, intended to function as an alternative revenue source for websites by utilising its users' computing power in a non-intrusive way for the purpose of providing computing resources for a decentralised computing network.

In a clam shell it was, or possibly still is, a form of browser-based cryptocurrency mining that uses the consumed computing power for something other than mining Monero.

But now the anonymous project founder and chief developer, known only as Bruno Block – presumably not his, her or their real name – has made the executive decision to exit scam, by emptying $300,000 of PRL from a platform smart contract, selling it on KuCoin and then going radio silent.

The exit itself took the form of Bruno re-opening the crowdsale contract, buying PRL tokens from it, then taking the funds back from their own contract and buying more. It was essentially free money in the form of PRL tokens which could then be sold on exchanges.



An unusual situation

This is surprising given the relative prominence of Oyster Protocol, which enjoyed a market cap over $200 million near its peak and has consistently tended to ride above $100 million throughout the year. Other than the rarity of such a high profile project being knocked down by its own founder and lead developer, the remaining Oyster Protocol team members have noticed some other interesting pieces in their postmortem:

  • The backdoors used for the exit were built in right from the start, written by Bruno. Security audits uncovered them, but Bruno used their trusted position to insist that they were necessary and should remain.
  • The exit took place now, with KuCoin planning to implement KYC procedures on 1 November. Another few days and this may not have been possible.

juicy crypto words

The backstory seems to be that Bruno created the project with the intention of giving it a red hot go, hiring on more team members, investing in multiple security and smart contract audits, building a devoted community and generally doing things right.

At the same time, they also made sure to leave a backdoor so they could take the money and run later if it all goes south. The introduction of KYC procedures at KuCoin may have forced their hand, and created a now or never moment. That Bruno opted for the "now" option over a potential $300,000 might suggest a lack of faith in the project.

"Despite Oyster passing three separate smart contract audits, we were told by Bruno Block, the original founder and chief architect of the project, that the directorship of the token contract had to remain open so that the peg could be adjusted over time. This ultimately turned out to be a trapdoor mechanism in the contract that was eventually exploited. This contract was written by Bruno Block prior to the ICO, at which point Bruno was the only member of the team," explains Oyster Protocol CEO William Cordes.

"We relied on the auditors involved here for assurance that the smart contract was safe. Bruno was the only one who had the ability to transfer directorship within the PRL smart contract. After our initial review, we are inclined to believe that these were solely the actions of Bruno Block and that he did this now to avoid detection from KuCoin KYC procedures (that will be implemented on November 1st). These KYC procedures would have limited withdrawals on Non-KYC'ed accounts to no more than 2 BTC per day and would have prevented this from happening."

Down but not necessarily out

In the wider scheme of things, the crew at Oyster Protocol notes that $300,000 represented only about 1.5% of the market cap at the time. But since news broke PRL prices quickly plummeted by over 65%.

"While this is far from ideal, this will most definitely not be a deathknell for the project," Cordes insists.

The team is also interested in obtaining any information that would lead to the unmasking of Bruno Block, he says.

"Despite working alongside him for the last 10 months, Bruno has always maintained his anonymity. After I took over the CEO role, Bruno's activity within the project dropped off sharply. If you have any information on who Bruno may be or where these funds may be directed towards, please reach out to us via e-mail to discuss further.

"In the interim, our team will be working around the clock to remedy this situation. We don’t know why Bruno did what he did or what his intentions were at the end of the day, outside of profiting from a loophole that he intentionally left in the smart contract. While I still take full responsibility for this all transpiring, I had no reason to believe Bruno would do something like this to harm the project and much of the work that he had a significant role in creating. We will not let his selfish actions today damage the long-term viability of the project."

The odds of any one cryptocurrency project succeeding in the still-immature cryptocurrency world are slim. And when something like this happens, and a project needs to regain confidence and keep the lights on with a sunken token price, the odds get even slimmer.

The good news is that Oyster has now ditched its suspiciously anonymous lead developer, which might inspire a bit more confidence going forwards. In hindsight, it was almost like Bruno Block was up to something.


Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, ADA

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Crypto explained


Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site