Using Meme Coins to Launder Rug Pull Proceeds: Unmasking the Mastermind Behind PEPE
TechFlow Selected TechFlow Selected
Using Meme Coins to Launder Rug Pull Proceeds: Unmasking the Mastermind Behind PEPE
Why can't ordinary people be among the first to jump on board and catch the "10,000x coin"?
Navigating Web3 tides with focused insightsOriginal | NFTethics
Compiled by | Odaily Planet Daily
If you're a meme coin enthusiast, you've surely heard of PEPE—the hottest project this year—and perhaps also the associated wealth legends. For instance, some so-called "smart money" addresses reportedly invested just $100 in PEPE at launch and never sold, eventually achieving returns of tens of thousands of times their initial investment (verified by on-chain data).
Why can't ordinary people be among the first to jump on such "10,000x coins"? Because only the orchestrators behind these projects truly reap massive profits—they buy at the bottom and exit at the peak. In fact, the original intent behind many such meme projects may simply be laundering illicit funds.
Recently, X platform (formerly Twitter) user "NFTethics" published a series of detailed threads using meticulous on-chain analysis and various supporting evidence to uncover the true identity of the mastermind behind PEPE.
Here are the key takeaways from those posts:
1. The stolen funds from AnubisDAO, a rug pull that occurred in November 2021, were laundered through the massively popular PEPE project this year, with the operation orchestrated by the anonymous yet well-known DeFi investor Sisyphus.
2. Sisyphus’s real identity is Kevin Pawlak, former head of OpenSea Ventures, who now lives an extravagant lifestyle.
3. Sisyphus (i.e., Kevin Pawlak) was the actual mastermind behind AnubisDAO. He allegedly used hacking techniques to obtain the private keys of the project’s managers, transferred the funds, and successfully framed a scapegoat—escaping justice entirely.
The latest update: A spokesperson for OpenSea responded to the allegations: “Kevin Pawlak left in June 2023. His role at OpenSea was limited and non-managerial. We are unaware of his involvement in the AnubisDAO rug pull. Additionally, we have no connection to or information about these projects, as they predated his time at OpenSea.”
1. AnubisDAO Rug Pull Funds Laundered via PEPE Pump
Rewind to November 2021, when OlympusDAO copycat project AnubisDAO (token: ANKH) raised 13,256.4 ETH (worth ~$57 million at the time) through an LBP (Liquidity Bootstrapping Pool). But soon after, the team discovered that all funds had been transferred to a new address—just 20 hours into the 48-hour LBP window.
What role did our protagonist Sisyphus play in AnubisDAO? Publicly, he was a marketing ambassador; secretly, he was the real orchestrator (details below).
The day before the funds were drained, Sisyphus aggressively promoted AnubisDAO in its Discord community, claiming he’d already invested $420,000 (remember this number—it’s important) and planned to invest more. To reassure investors, he insisted the project would never rug, promising everyone would get their principal back even if development failed.
(Sisyphus’ community promotion)
Then, the very next day, the project rug-pulled. Sisyphus immediately posted a lengthy statement denying any responsibility and claimed he had contacted law enforcement in both the U.S. and Hong Kong, urging the hacker to return the funds. After that, he went silent—no further updates about AnubisDAO—suggesting the $420,000 loss meant little to him.
Of course, the hacker never returned the stolen funds. Over the past nearly two years, the stolen ETH has been continuously funneled through mixers and KYC-free platforms to launder it. One wallet (Anubis Rug 3) interacted directly with FixedFloat, a Seychelles-based KYC-free exchange—the gas fees for this wallet were paid by FixedFloat itself, as shown below:
(Anubis Rug 3)
Interestingly, early PEPE holders like Zach Testa (X handle: DegenHarambe) and Max Zim (X handle: SumFattyTuna) also received their initial capital from FixedFloat. Notably, Zach Testa bought PEPE within minutes of its contract deployment on April 14 and immediately tweeted about it. Three minutes later, Max Zim retweeted and also purchased PEPE. The entire sequence appears suspiciously smooth—as if carefully rehearsed.
Sisyphus maintains close ties with both Zach Testa and Max Zim. Reports suggest Zim was formerly Sisyphus’s roommate. Before the AnubisDAO rug pull, Sisyphus’s wallet had engaged in transactions with Zim’s, and the two even co-hosted a podcast episode—though Sisyphus did not appear on camera.
(Wallet interaction records)
On April 17, Sisyphus tweeted: “Over the weekend, someone turned 0.02 ETH into 63 ETH using a token called ‘pepe,’” linking to an address starting with 0x5DD. Zim immediately replied, engaging in conversation with Sisyphus.
Coincidentally, the 0x5DD address received its startup capital from FixedFloat on April 7. On that same day, another version of “PEPE” (referred to here as aPEPE) launched—with identical contract code and shared early investors as the current PEPE. For example, Zim purchased aPEPE at launch on April 7—but later claimed in a community interview that he had never heard of PEPE before. It seems Zim knew PEPE would surge from the beginning.
(Zim claims on air he had never heard of PEPE)
The coincidences don’t end there. Two minutes after the Anubis Rug 3 wallet transferred 3,000 ETH, Zim’s wallet began on-chain activity purchasing PEPE. Further investigation reveals that whenever wallets linked to the Anubis rug were active, Zim’s wallet consistently engaged in PEPE-related transactions.
(Zim’s wallet synchronized with Anubis Rug wallet activity)
Moreover, Anubis funds were primarily laundered through platforms like Stake. Meanwhile, wallets tied to PEPE transferred large amounts to Stake right after PEPE’s launch on April 14, then moved them to FixedFloat. Most of the stolen Anubis funds were withdrawn between March and July this year—perfectly overlapping with PEPE’s growth cycle. This deep correlation suggests the stolen funds may have been laundered through the PEPE pump.
To fully trace the stolen Anubis funds, cooperation from CEXs and OTC desks will be needed—some funds flowed into KYC-required platforms. Whether the Anubis theft is definitively linked to the PEPE hype still requires further evidence.
One additional detail: In August, the PEPE team experienced internal conflict, with several former members secretly removing multi-sig permissions to dump tokens. The official response was a vague public notice.
2. Sisyphus Orchestrated AnubisDAO and Engineered the Self-Rug
The blogger "NFTethics" obtained internal chat logs from the AnubisDAO team members in the days leading up to the hack.
According to the investigation, Sisyphus appears to have been the true leader behind the project—every decision required his approval, from the exact wording of tweets to technical and financial matters. The rug pull itself appears to have been self-executed by Sisyphus, who successfully framed another team member, "Beerus," as the culprit.
(Team roles)
In the team分工 chart, Sisyphus described himself as responsible for external PR and unifying DAO members, but in reality, he was giving orders.
Team member "AureliusBTC" said in a chat: “None of us truly understand LBP, but as long as Sisyphus does, we’re fine.” When another member, "Beerus," publicly announced a new team member joining Anubis, Sisyphus immediately instructed him to delete the post—which Beerus did. Sisyphus also mentioned in chats that he had connections with Alameda Research (SBF’s crypto firm), which had purchased Anubis’s ANKH token.
(Sisyphus explains LBP details)
Let’s revisit the incident where AnubisDAO’s liquidity was drained. Afterward, Sisyphus claimed publicly that “DAO members agreed to let Beerus deploy the LBP because others were unavailable or unwilling to take responsibility.” However, internal chats show no evidence for this. In fact, Sisyphus initially boasted about using “the best multi-sig ever,” but later claimed he couldn’t sign the transaction—suggesting he may have changed the multi-sig setup to give Beerus sole control, setting the stage for the attack. The timeline unfolds as follows:
-
Late night on October 28, Sisyphus said he was going to sleep for six hours, with his last message at 00:16;
-
He rejoined the chat the next morning at 07:18, answering a few questions;
-
At 07:20, Beerus—who controlled the LBP—received an email from Sisyphus’s email address containing a PDF with a SAFT (Simple Agreement for Future Tokens). Beerus later claimed this PDF contained malware that compromised his computer and stole the LBP access;
-
From 07:26 onward, Sisyphus communicated with Beerus, reminding him to stay awake until LBP ended, continuing until 07:44—four hours before the LBP concluded;
-
At 07:48, the LBP funds were drained—all ETH extracted to a new address, leaving only worthless ANKH tokens behind.
Post-incident investigations confirmed that neither Copper nor Balancer’s smart contracts were breached. Therefore, Beerus either had his account hacked as claimed—or staged the attack himself. Sisyphus insists his email address never sent that message.
(Beerus claims he received a malicious email)
Who is lying? Let’s examine indirect clues. First, not only Beerus received the email—other VC contacts did too. But while Beerus got the PDF at 07:20, others received it half an hour later, some even hours afterward. One plausible explanation: The attacker mass-emailed to obscure the target, deliberately giving Beerus time to open the infected file.
Second, analysis of other recipients’ PDFs showed no anti-spoofing warnings. SPF didn’t flag the Gmail address unless it wasn’t genuinely from Gmail. Based on metadata, the email likely originated from Sisyphus’s actual email account—yet Sisyphus adamantly denies sending it, feigning ignorance in the group chat with “What do you mean?”
Third, analysis of other emails revealed no malware—only Beerus’s appeared infected. He later submitted his computer to Hong Kong police to prove his innocence (no updates since—case seemingly dropped).
How did the attacker know Beerus controlled the LBP? Only insiders knew he was the sole person with authority. In fact, team member Convex questioned this in chat: “Why would Beerus even receive malware? It makes no sense for him to be targeted. Everyone knows AureliusBTC and I are the devs—more likely to hold keys. Outsiders wouldn’t know Beerus’s role.”
Curiously, Sisyphus asked Beerus: “Man, what did you click?” At that point, Beerus hadn’t disclosed clicking the malicious PDF—no one else knew. How did Sisyphus know?
After the drain, Sisyphus blamed Beerus for the rug, saying, “You’ve ruined my reputation.” He released the attacker’s IP address, claiming it traced to Hong Kong—where Beerus lived. In reality, the IP came from a third-party VPS provider, rentable across regions—thus meaningless. Later, investors doxxed Beerus as Chester Cheung, son of a prominent Hong Kong horse racing figure, then just 19 years old.
One more detail: Max Zim, an early PEPE participant mentioned earlier, also participated in AnubisDAO’s launch. Afterward, he defended Sisyphus on Twitter—unsurprising given their close relationship.
3. Sisyphus’s Alternate Identity Confirmed: Kevin Pawlak, Former Head of OpenSea Ventures
As previously noted, Sisyphus—who claimed to have lost $420,000 in AnubisDAO—showed no distress after the rug. After posting a denial, he ignored all follow-ups.
On November 6 (one week post-attack), Sisyphus created a new Twitter account under the alias “0xMagallan” (now deactivated). This account remained highly active over two years—posting over 5,000 times—engaging in various project promotions, linked to wallets ferdinand-magellan.eth and ukrainedonations.eth.
Sisyphus (Kevin Pawlak) has numerous controversies. For example, he once purchased the expensive NFT EtherRock #72, fractionalized it into PEBBLE tokens via Fractional.art, and sold them at extreme premiums. Priced in ETH, PEBBLE peaked and crashed over 99%. The project shut down in 2023, and pebble.xyz is now expired and for sale.
For years, no one saw Sisyphus or 0xMagallan in person—no photos or personal info online. Yet “NFTethics” verified his true identity as Kevin Pawlak, former head of OpenSea Ventures, through on-chain evidence and multiple sources.
Kevin Pawlak
First, timestamps on pawlak.eth and sisyphus.eth match perfectly. On-chain data shows both minted Zorbs (ZORB) within one minute of each other, and both minted Sismo DAO (SDAO) tokens within ten minutes. Other on-chain activities also align closely—both accounts operate in near-sync.
Interestingly, Kevin Pawlak frequently used the “Sisyphus” account to criticize OpenSea—perhaps to pressure the company into launching a project beneficial to him, or merely venting.
Multiple individuals, including The Block’s Tim Copeland, confirm Sisyphus is indeed Kevin Pawlak—in fact, his identity has long been an open secret in certain circles.
He has since renamed his wallet to pawlak.eth. Wallet address:
0xBB5BB336d1Db8471B77F936C210B15fa2A5b3cbb.
Kevin Pawlak is brilliant—an Intel Science Talent Search semifinalist with a degree in chemical engineering, originally aspiring to become a surgeon or research scientist. But those who know him describe a dark side: ruthless, unethical, antisocial—capable of lying without conscience or remorse.
Last October, Kevin Pawlak bought another property in New York for $3.3 million. Sources say he recently purchased a Rolls-Royce and a Lamborghini in France (worth over $1 million combined), privately flaunting his wealth and luxurious lifestyle.
(Kevin Pawlak’s new home)
As of now, Kevin Pawlak (Sisyphus) has not publicly responded to these allegations. Should there be any updates, Odaily Planet Daily will report them promptly.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
Odaily
