In the past year, have you encountered a Rug Pull project? Have you encountered the "buy-in peak" due to the advocacy of KOLs? Or suffered losses caused by increasingly rampant phishing attacks? Or have you bought a newly launched token on a leading platform and it has been falling all the way? It is estimated that many users are sympathetic and have been hit by at least one of these scenarios. It can be said that this should be a reflection of the investment experience and true state of mind of most ordinary investors in the past period of time: whether it is on-chain security issues or asset shrinkage issues, it is hard for users to guard against it. Many pitfalls that were commonplace before have even begun to be industrialized. To put it bluntly, even the "leek roots" have been uprooted.
01
Ordinary users’ “fancy ways to lose money” 1) Industrialization trend of Rug Pull First, the schemes of Rug Pull to abscond with funds are becoming more and more high-end, and the most outrageous one is the ZKasino incident: On April 20, a community user found through comparison of the Wayback Machine historical pages that ZKasino deleted the sentence “Ethereum will be returned and can be bridged back at this point.” in the Bridge funds on its official website. At the same time, community users were unable to withdraw funds, the ZKasino official Telegram was banned by the administrator, and social media also stopped updating. The total amount of money absconded was more than 20 million US dollars.
But what’s interesting is that just one month ago in March, ZKasino just announced that it had completed its Series A financing at a valuation of $350 million. The specific amount was not disclosed, but several trading platforms and VCs participated in the investment… In addition, zkSync, which is nicknamed the “Rug Chain”, not only frequently has ecological project security incidents, but also has an increasingly obvious industrial trend of riding on hot spots and quickly completing harvests, just like the Rug Pull of the zkSync ecological DEX Merlin, which has the same name as Merlin, not long ago, affecting millions of dollars in funds. I can only emphasize again that the current many projects in the zkSync ecosystem are indeed uneven, and everyone should remain vigilant while participating in the experience of the zkSync ecosystem and guard against risks at all levels.
2) Rampant hacker/phishing attacks Recently, the most eye-catching case in the field of on-chain security is undoubtedly the "phishing attack with the same first and last numbers" that everyone seems to have become accustomed to: a giant whale address was phished by an address with the same first and last numbers, and lost 1,155 WBTC, up to more than 400 million yuan! Although the hacker chose to return the funds due to various factors, it still revealed the extremely high risk-return ratio of this phishing behavior of "three years of no business, a lifetime of business after opening". Moreover, similar phishing attacks have been industrialized in the past six months - hackers often generate a large number of on-chain addresses with different first and last numbers as a reserve seed library. Once a certain address transfers funds with the outside world, they will immediately find an address with the same first and last numbers in the seed library, and then call the contract to make a related transfer, casting a net all over the sky and waiting for the harvest. Because some users sometimes directly copy the target address in the transaction record and only check the first and last few digits, thus being caught, according to Yu Xian, the founder of SlowMist, for phishing attacks on the first and last numbers, "hackers play a net attack, willing to take the bait, a probability game." This is just a microcosm of the increasingly rampant hacker attacks. For ordinary users, in the colorful world of on-chain, tangible and intangible risks are increasing almost exponentially, while personal risk prevention awareness is difficult to keep up.
In general, there are endless forms of attacks on chains, wallets, DeFi, and even social engineering attacks are popular, making DeFi security risks like an asymmetric one-way hunt: for technical geniuses, it is undoubtedly an inexhaustible free ATM, but for most ordinary users, it is more like a sword of Damocles that may fall at any time. In addition to being vigilant and not participating in authorization casually, it is also more about luck. So far, C-end risks such as phishing and social engineering attacks are the most common ways for ordinary users to lose money in Web3, and the problem is getting worse due to the additional risk points of smart contracts. Behind every successful scam, there will be a user who stops using Web3, and the Web3 ecosystem will have nowhere to go without any new users, which is also one of the biggest damages to the crypto industry.
3) KOL’s fancy shouting orders For most ordinary users, following the social media shouting orders of various crypto KOLs is an important source of obtaining Alpha passwords. This also gave rise to the so-called "KOL Round" - as a role with greater influence on secondary market investors, KOLs can even obtain shorter unlocking periods and lower valuation discounts than institutional VCs: for example, Monad Labs recently completed a new round of financing with a large valuation of US$3 billion, and people familiar with the matter said that some KOLs in the industry were allowed to invest at an upper limit of one-fifth of Paradigm's valuation. So can following KOL shouting orders really guarantee a steady profit? According to a study conducted by researchers from Harvard University and others on the performance of crypto-related returns mentioned in approximately 36,000 tweets posted by 180 of the most famous crypto social media influencers (KOLs), covering more than 1,600 tokens, the following conclusions were not satisfactory: the average one-day (two-day) return of a KOL tweeting a certain token was 1.83% (1.57%), and the return of crypto projects outside the top 100 by market value was 3.86% after one day of tweeting. Moreover, the earliest time for returns to decline sharply was five days after the tweet was posted, with an average return of -1.02% from the second to the fifth day, indicating that more than half of the initial gains were eliminated within five trading days.
4) VC Tokens are falling after they are launched. Which one would you choose, a VC Token with high FDV (fully diluted valuation) and low circulation, or a Memecoin that is completely "dog" and responsible for its own profits and losses? The market has begun to change recently, and the trend of Meme has emerged as a new force, boosting the extreme prosperity of Solana and Base chain transactions, just like PEPE, which has firmly established its position as the leader of the new Memecoin, has set a new record. In fact, in today's market environment, in addition to short-term speculation, the general public's call for fairness represented by Meme has gradually become a trend, and funds are voting with their feet. Corresponding to this is the VC with extremely high FDV and falling trend after a series of recent launches on the top platforms. Typical representatives are AEVO, REZ, and even BN Megadrop's first project BounceBit's Token BB, etc. Since its listing, it has ended with a negative line almost every day, and all users who entered the market have been deeply trapped. In contrast, discussions and doubts about Memecoin and VC will inevitably become the mainstream of the community again. Meme at least has user flow to bring in continuous incremental funds and attention, while new projects with valuations of billions of dollars are all outdated concept products that are wrapped in grand narratives or old gameplays, and will inevitably be disliked by the community. This also sounded the alarm for VCs and project owners who are accustomed to path dependence.
02
Where should ordinary players go? In the article "Web3 sleepless, the "flower era" of the crypto world will never end?", it was mentioned that "what we love is not "Flower", but the era of opportunities everywhere". I believe that many friends in the crypto industry have thought about how to participate in this wave of the times if we have the opportunity to go back to 10 years ago? Hoard BTC? Be a miner? Found another Bitmain? Or become an early employee of BN? The best options seem to be countless. Nothing more than the past ten years of the crypto world, which is really a golden age that breaks through the limits of imagination, and has also given birth to waves of industry legends and bigwigs. In any case, the question of whether to make money or not is an eternal topic in the Web3 world and the lifeline of Web3 development. When trading platforms, market makers, VCs, project parties, and KOLs all start to make money, but only most ordinary users continue to lose money, it means that the deep-seated structural problems of the entire market have been deformed to a certain extent and are destined not to last long.
Again, behind every "fancy way of losing money", there may be a group of users who stop using Web3 products, stay away from VC Tokens, and choose to embrace Memecoins, which are more fair and grassroots. This is a kind of resistance of funds voting with their feet. Before some Web3 ecological applications really run through the value closed loop, ordinary users will have "nowhere to go". Of course, this may be the "twists and turns" that Web3 development must go through, and the encryption industry is still moving forward in exploration.
