The NFT Rug Pull: Tracing Ethereum Smart Contract Deployers

Background

An NFT collection raised $2M in Ethereum through a public mint. Within 48 hours, the project's social media accounts were deleted, the website went offline, and the treasury wallet was drained. Over 3,000 buyers were left with worthless tokens.

Investigation Methodology

1. Smart Contract Forensics: We decompiled the smart contract and analyzed the deployer wallet address, tracing all historical transactions.
2. Wallet Clustering: The deployer's wallet was linked to a cluster of 7 other wallets through shared gas funding patterns and sequential transactions.
3. Identity Leak Detection: Every transaction from the wallet cluster was analyzed for interactions with KYC-required services.

Key Findings

• The deployer wallet received initial gas funding from a centralized exchange account — a critical OPSEC failure, as the exchange holds KYC records.
• One wallet in the cluster had interacted with an ENS domain that was publicly linked to a real name through a GitHub profile.
• The same individual was connected to two previous rug pulls that had gone uninvestigated.

Outcome

The intelligence package was delivered to the FBI Cyber Division and the SEC's crypto enforcement unit. The centralized exchange confirmed they would cooperate with the subpoena. Estimated total impact: 3,000+ victims, $2M+ in losses.