.svg)
Vidma conducts security review of official crypto donation channels provided by the Ukrainian government
.svg)
.svg)
.svg)
Vidma, a Ukrainian-based blockchain security audit firm, recently conducted transactions and legitimacy research on the official charity addresses provided by the Ukrainian government, including Send Putin to Jupiter, Uniswap donation page, and a previously announced airdrop.
The Vidma security team continues to do pro bono security reviews to investigate the charity foundations and projects raising funds for support of citizen relief efforts and the Ukrainian armed forces. The goal of our research is to help donors make informed decisions regarding the organizations and charities they support. You can read our previous reviews where we investigated the charity funds .Unchainfund , $UKE token , and UkrainianDAO .
Ukraine donation addresses provided on Government Website
All of the addresses were mentioned on the official page by Mykhailo Fedorov (@FedorovMykhailo), who is the Deputy Prime Minister and Minister of Digital Transformation for Ukraine.
All addresses are simple wallets — not contracts, not multisig (multi-signature). It’s not a security breach, however addresses with multisig are more secure to use as for making a transaction, as a couple of owners should sign it. Hence, it will be more difficult to hack a couple of wallets simultaneously in order to perform an illicit transaction.
- BTC — 357a3So9CbsNfBBgFYACGvxxS6tMaDoa1P
Info about funds allocation:
Transfers
Received tx: 14 568
Sent tx: 77
Most of the funds were transferred to 3CcF942kYVRotGrfYQxD4QNn4aKVywpRxb. This wallet has been active since 2018–11–12. It is hard to know for sure who owns and operates this wallet. The Vidma team didn’t detect any public mentions of this address to identify the destination organization or people who own it.
Account overview
Other transfers detected to:
Bc1qu4qcqp5xthrreedgk4s28kkqddpv4my53zx3uw — 2.03743 BTC
- ETH and USDT (ERC-20) — 0x165CD37b4C644C2921454429E7F9358d18A45e14
Info about funds allocation:
Assets (tokens) in wallet (219) ($49,374,059.92) including USDT($1,651,077.36), DAI($998,715.90), USDC($200,627.68), WETH($25,745.59).
Transfers List
Received tx: 14 568
Sent tx: 40
Most of the outgoing transfers were made to 0x77ab999d1e9f152156b4411e1f3e2a42dab8cd6d. This address has a tag — Kuna.io, which is a cryptocurrency exchange service focused on clients from Ukraine.
- Polkadot donations address:
1x8aa2N2Ar9SQweJv9vsuZn3WYDHu7gMQu1RePjZuBe33Hv
Info about funds allocation:
Withdraws of DOT:
- Solana donations address:
66pJhhESDjdeBBDdkKmxYYd7q6GUggYPWjxpMKNX39KV
No withdrawals were detected.
All addresses were created after the Russian invasion and serve for donation purposes only. They were not involved in any other activities (no initial balance, no transfer, or withdrawals yet).
Ukrainian Government Airdrop
On March 2nd, the official Ukraine Twitter account announced that everyone who donates to Ukraine crypto donations addresses will be airdropped some ERC20 token. However, the next day on March 3rd, Fedorov indicated they decided to cancel the airdrop and have plans to make NFTs to support the Ukrainian army.
Info about airdrop from Coindesk: https://www.coindesk.com/policy/2022/03/03/ukraine-government-cancels-airdrop-ahead-of-scheduled-snapshot/
During the course of these events and a rapid changing environment, a fraud took place as somebody created a fake token for potential Ukrainian airdrop as Coindesk reported:
https://www.coindesk.com/markets/2022/03/03/peaceful-world-token-may-be-spoofing-ukraines-airdrop/
Fake token fraud:
In the hectic events and lots of announcements, some of the fake tokens appeared in the ‘Ukraine Crypto Donation ’ address for so-called “airdrop”. The list of them are presented below:
- Peaceful World — 0x5183f41477c6EE95F88351D9EC17AA415D3F60Ba
- We want Peace — 0x818D1Ef5252723022F31b0ef35b84af91A9C4e8f
- Love and Peace — 0xbB292B0C75fF6e79b222ac09CC3A8796a1E6F867
- Peaceful World — 0xDF1515F18C03D7c66A89FCE5EEC378c56036c800
- No war in Ukraine! No war anywhere! Peace First! -0x9B8fb049e5a756c9bf3aBC1e08B3bD0838FdB564
Uniswap Donations
Mykhailo Fedorov, via his verified Twitter account, announced about the Uniswap “donate to Ukraine” feature on March 2
https://twitter.com/FedorovMykhailo/status/1498936977474965504
Uniswap made an interface that enables users to swap any ERC-20 token and donate it to the Ukrainian government in one transaction.
Uniswap made an announcement as well on their official Twitter account: https://twitter.com/Uniswap/status/1498632368298541059
Here is the ‘multicall’ function to swap tokens in one transaction. Address recipient is 0x165CD37b4C644C2921454429E7F9358d18A45e14 which is officially announced on the verified Twitter account of Ukraine.
Send Putin to Jupiter
The Ministry of Digital Transformation launched a fundraising portal to rebuild Ukraine called Send Putin to Jupiter. The account belongs to the State Enterprise DIIA, and the funds will be directed to the army and the restoration of infrastructure and it includes a public report on the website of the Ministry of Digital Transformation.
Website — https://putler.io/
*please note, that the website can’t be reached
Key points:
- Anyone wishing can donate UAH 99 or $ 2.99 on the portal https://putler.io/.
- Fedorov on his TG channel says that they have already gained $2 mln (post from 6 March)
- Looks like the site https://putler.io is down as of March 4th and still down as of March 10th. None from our team members can load it on the different browsers.
Our Summary
- All of the above reviewed crypto donation opportunities were announced on verified accounts of the Ukrainian government so there is no scamming but trustworthy ways for donation to Ukraine relief efforts.
- Ukrainian government directly owns the funds mentioned in above crypto wallets
- As most outgoing transactions go to Ukrainian based crypto exchange Kuna.io, you can find a useful official Twitter account of Kuna founder Michael Chobanian where he shares information about Ukrainian crypto donation — https://twitter.com/ChobanianMike
* Link to above tweet — https://twitter.com/ChobanianMike/status/1501622206589243397
- The Ukrainian government is not planning to issue any fungible tokens as Ukraine’s Ministry of Digital Transformation confirmed on his Twitter account, so there is a batch of scamming tokens already released and donors should be wary of this.
To find out more about Vidma and our blockchain security audit services — www.vidma.io
.png)
.png)
.png)
.svg)
