The creators of the SheriFF Systems scam token have launched a new project

The creators of the SheriFF Systems scam token have launched a new project

The specialists at AMLBot conducted an investigation of the new Cezar Hard Fork token scam project, which was recently deployed on the Binance Smart Chain.

On November 14, the Cezar Hard Fork project held a token sale, with transactions being conducted using the smart contract under the 0x33951CD588D386c4b5Cfd23AEe0960c0438cD315 address, which was activated on November 11.

Based on the analysis described below, we can deduce that the project’s token was sold for BNB and immediately withdrawn via Tornado.cash. A total of more than 1,000.00 BNB were withdrawn.

Part of the funds, numbering around 1,650 BNB could be located at the 0xebAB9E6dB38D849E7EEE63b41B203B426DA1f554 address at the time of writing.

Our team will continue to closely monitor the transactions of this wallet. In the meantime, we will delve into the sequence of events that were included in the investigation of the given scam project.

All transactions that have taken place using the smart contract address 0x33951CD588D386c4b5Cfd23AEe0960c0438cD315: verified transactions with known wallets

data-for-knowwn-wallets

The first thing our team did was verify the first transaction.

first-transaction-for-wallets

We can see that the first transaction was executed from the address 0xdb783c187d251e47543d8b37050432f7f4a83b83. More on the address will be provided later on. The wallet made only 35 transactions with the native BNB coin on the BSC blockchain. The first transaction was made on November 14, 2022, and no transactions were found at this address in other EVM blockchains.

binance-smart-chain

Wallet analysis:

Our team checked all incoming and outgoing transactions for BEP-20 tokens and internal transactions for the wallet in question.

Transactions by tokens:

Transactions-by-tokens

Internal transactions:

Internal-transactions

The stream of operations indicates that the wallet is selling its Cezar tokens on PancakeSwap for BNB. This raises interesting questions regarding where the BNB tokens were transferred.

In addition, it is clear that the wallet received BNB from Tornado Cash. This means that the owners of the project are trying to hide their tracks.

Our team tracked outgoing transactions in BNB to exchange resources.

Only 5 wallets were identified that hosted the outbound BNB:

1.0xebAB9E6dB38D849E7EEE63b41B203B426DA1f554

2. 0xdE7c129a68C307109ED930ab9AA9EF5812F02B74

3.0x4925b8e1215A3135508053D5713767B578da8726

4. 0x2bb4eDCF2619E958dcF6827b28b2F54c8CF7c119

5. 0x851975C5566b90dB15DfF8D2c36095F0Cb11Bc69

The team performed in-depth analysis of each wallet separately.

1. Wallet 0xebAB9E6dB38D849E7EEE63b41B203B426DA1f554

adress

The records indicate that over the past 2 days, BNB was sent from wallet 0xdb783c187d251e47543d8b37050432f7f4a83b83 to wallet 0xebAB9E6dB38D849E7EEE63b41B203B426DA1f554 a total of 5 times. At the same time, the funds remained in the wallet at the time of writing.

More in-depth analysis reveals that this wallet had previously sent 1.53 BNB to wallet 0xf7C7baa166944C05FA5A6104e65a123516431080. Our team analyzed the transaction history for wallet 0xf7C7baa166944C05FA5A6104e65a123516431080.

adresss-2

The records clearly show that after receiving 1.53 BNB, the funds were transferred to the FTX exchange wallet.

2. Our team then analyzed wallet 0xdE7c129a68C307109ED930ab9AA9EF5812F02B74

adress-3

2 BNB were transferred to this address, after which the funds were sent to wallet 0x4925b8e1215A3135508053D5713767B578da8726. This is one of the 5 addresses that the Cezar Hard Fork token wallet is associated with.

3. Analysis of wallet 0x4925b8e1215A3135508053D5713767B578da8726

Analysis-of-wallet
internal-txns
Bep-20-token-txns

The data shows that this wallet exchanged Cezar tokens for BNB and exchanged BNB back for Cezar. As a result of the transaction, the wallet received 328 BNB and holds around 100,000,000 Cezar tokens.

275 BNB was sent to wallet 0xebAB9E6dB38D849E7EEE63b41B203B426DA1f554, which was already analyzed earlier. This confirms that the analyzed addresses are interconnected.

99 BNB was sent from wallet 0xdb783c187d251e47543d8b37050432f7f4a83b83.4.

4. Our team also analyzed wallet 0x2bb4eDCF2619E958dcF6827b28b2F54c8CF7c119

adress-4

835 BNB and 216 BNB were sent to this wallet, after which the funds were cycled through Tornado Cash.

In addition, we can see more transactions on Tornado Cash coming in before November 14. Our team also analyzed all internal and BEP-20 transactions for this wallet.

adress-5
adress-6

This wallet sold more SheriFF Systems coins through PancakeSwap. As a result, it received more than 1,000 BNB. Incoming internal transactions with Tornado Cash are also visible, indicating that the given wallet is used to withdraw funds via Tornado Cash.

5. Our team also analyzed wallet 0x851975C5566b90dB15DfF8D2c36095F0Cb11Bc69

adress-7

5.09 BNB were transferred to this wallet. After that, the amount was transferred to Tornado Cash.


The full layout of the course of the investigation.

Scheme

Mother Wallet - 0xdb783c187d251e47543d8b37050432f7f4a83b83

Cezar Hard Fork (Cezar) - 0x33951CD588D386c4b5Cfd23AEe0960c0438cD315

FTX Exchange - 0x41772eDd47D9DDF9ef848cDB34fE76143908c7Ad

In conclusion, it is possible to state that the Cezar Hard Fork is basically draining its wallets as soon as any funds are received. This kind of behavior is common for projects that have no intention of channeling token sale proceeds into the project for development. In addition, the use of Tornado Cash as an intermediary point of transfer clearly shows that the project is trying to clean up any traces of transfers to avoid connection to individual project founders.