Suspicious Transfers Behind AssangeDAO, Possible SoftRug?

SlowMist
7 min readApr 2, 2024

--

Background

On March 10, 2024, an operation involving the transfer of 100 ETH from an address marked as Censored: Clock Multisig (0x5DAEA26517788b1c0DDB0200c6Fa6d8248076143) to a new address reignited community attention and dissatisfaction. This address is linked to the decentralized autonomous organization AssangeDAO, prompting some community members to express concerns over a potential “Soft Rug Pull.” This article is jointly produced by SlowMist and RescuETH Rescue.

What is AssangeDAO?

Since its inception, AssangeDAO has attracted significant attention due to its association with the controversial figure Julian Assange. Assange founded WikiLeaks in 2006 and was detained in a London prison in 2010 after leaking documents involving various controversial incidents related to the US government. On December 10, 2021, the UK High Court ruled in favor of extraditing Julian Assange, potentially facing up to 175 years in prison in the United States. On the same day this decision was made, AssangeDAO was established in a Telegram group named after Assange. Shortly after the group’s creation, Assange’s brother, Gabriel Shipton, joined to actively protest and lobby for Assange’s release.

On February 3, 2022, mirroring the widely covered ConstitutionDAO (PEOPLE), AssangeDAO launched a fundraising campaign on the crowdfunding platform JuiceBox. According to its official website, AssangeDAO is a “crypto-punk” organization comprising Assange family members, with the sole purpose of freeing Assange from imprisonment. AssangeDAO aimed to raise funds to bid on a collaborative “Censored” series NFT titled “Clock 1/1,” created by Assange and digital artist Pak. This NFT, a silent clock counting the days Assange has spent in prison, was auctioned on a dedicated website. The proceeds from the NFT sale were intended to fund Assange’s legal defense and advocacy efforts to raise awareness of freedom of speech issues related to his case.

Similar to PEOPLE, for every 1 ETH donated, individuals received 1 million JUSTICE governance tokens. Due to the significant increase in the value of PEOPLE governance tokens previously, which yielded substantial profits for donors, this fundraising campaign attracted a large number of investors. In return, they received JUSTICE tokens, which could be used to vote on future DAO proposals. Making this fundraising campaign even more notable was a donation of 10 ETH from Ethereum founder Vitalik Buterin in February.

The first round of fundraising for AssangeDAO concluded on February 7, 2022, successfully gathering over 10,500 ETH. Following this, they quickly initiated a second round of fundraising, which has reached a total of 17,422 ETH to date, surpassing ConstitutionDAO’s 11,613 ETH. This makes AssangeDAO the highest-funded DAO in the history of JuiceBox.

MistTrack Investigations

According to data provided by RescuETH, the address marked as Censored: Clock Multisig (0x5DAEA26517788b1c0DDB0200c6Fa6d8248076143) is not only the multi-signature address of the German Wau Holland Foundation, but also the information on the chain shows that the funds on this address come from funds raised by AssangeDAO. This address received about 16,600 ETH in March 2022, and currently, this multisig address has a balance of 5,018.59 ETH left, having transferred nearly 12,000 ETH over two years.

Using the anti-money laundering tracking platform MistTrack for analysis, on April 8, 2022, the multisig address (0x5DA…143) transferred 580.745 ETH to a contract address (0xeD2…131), which then dispersed the funds to multiple addresses. Of this, 151 ETH remained at two addresses without being further transferred.

On May 9, 2022, the multisig address (0x5DA…143) transferred 34.99 ETH to a Kraken address (0x158…D11).

On the same day, May 9, 2022, the multisig address (0x5DA…143) transferred 829.64 ETH to a contract address (0x8a1…262), which after moving through four addresses, ultimately transferred 500 ETH to (0x323339bc28028da8cd11b584747ee8ec873616b4).

On May 11, 2022, the multisig address (0x5DA…143) transferred 124 ETH to a Coinbase address (0x9Ff…FE2).

It’s noteworthy that in all the transactions above, a test transfer of 0.01 ETH to the target address preceded the movement of large amounts of assets.

On June 3, 2022, the multisig address (0x5DA…143) transferred 50 ETH to the address (0x323339bc28028da8cd11b584747ee8ec873616b4).

From June 8, 2022, to February 16, 2024, the multisig address (0x5DA…143) transferred 150 ETH to various addresses approximately every half month, totaling 65 transactions and 9,750 ETH. Most of these were transferred to (0x323339bc28028da8cd11b584747ee8ec873616b4); however, starting from January 23, 2024, the last two 150 ETH transfers ultimately went to the address (0x2f988a4f26280a108a5761a889e63bd7f91d517e).

On March 6 and March 10, 2024, the multisig address (0x5DA…143) transferred a total of 200 ETH in two transactions to the address (0x2f988a4f26280a108a5761a889e63bd7f91d517e).

From the analysis above, it’s observed that the funds ultimately concentrated into two addresses:

- 0x323339bc28028da8cd11b584747ee8ec873616b4

- 0x2f988a4f26280a108a5761a889e63bd7f91d517e

Further analysis of the address (0x323…6b4) reveals:

- Its first transaction was in October 2020.

- Between March 2022 and November 2023, it transferred a total of 17,517 ETH to the Kraken platform.

- In December 2023, it transferred 337.5992 ETH to another collection address (0x2f988a4f26280a108a5761a889e63bd7f91d517e).

The address (0x2f9…17e) made its first transaction in July 2023, and between December 2023 and March 2024, it transferred 1,250 ETH to two Kraken addresses.

The current situation of fund transfers and balances is detailed below:

Conclusion

In the case of AssangeDAO, although its initial goals were noble, recent significant fund transfers have raised many questions, particularly regarding the ultimate destination of the funds. Those interested in further investigation can utilize our anti-money laundering tracking platforms MistTrack to monitor these funds independently.

The true intentions behind AssangeDAO remain unknown, and we await an official explanation or further disclosure of information from the organization itself. Investors should also be aware of the risks involved and conduct thorough research and evaluation before investing in any project, especially those involving Decentralized Autonomous Organizations (DAOs). Such projects often pose challenges in terms of transparency and execution. Any scenarios involving promises of high returns, unclear fund movements, or frequent transfers should be approached with caution. These could be early warning signs of risky behavior, and investors should not let the pursuit of high returns overshadow the potential risks.

About SlowMist

At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.

We offers a variety of services that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we wish to help spread awareness and raise the security standards in the blockchain ecosystem.

💬Website 🐦Twitter ⌨️GitHub

--

--

SlowMist
SlowMist

Written by SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.