$100M BlackRock BUIDL fund trolled on-chain

BlackRock’s recently deployed $100 million Ethereum-based investment fund has prompted a meme-fuelled on-chain response from the crypto community.

The investment behemoth’s move into decentralized finance (DeFi) follows a wildly successful bitcoin ETF launch and echoes CEO Larry Fink’s previous comments that ETFs are “just stepping stones towards tokenization.”

The newly created BlackRock USD Institutional Digital Liquidity Fund (BUIDL) was launched in conjunction with Securitize, according to the Notice of Exempt Offering of Securities filed with the SEC last week.

But shortly after the funds were identified, on-chain trolls began sending memecoins and NFTs to Blackrock’s address.

Read more: Bitcoin ETFs have first net outflows in weeks 

A total of 36 deposits of just 0.000069 USDC were sent by big-dick-fink.eth, typically paying around $7 to $9 in gas fees for each transaction. The same user also repeatedly sent a link to a meme of Fink calling to “send it” via transaction input data, as well as registering the address via Ethereum Name Service (ENS) as bigdickfink.eth.

Other tokens sent to the BlackRock BUIDL address include PEPE, Mog Coin, and EGG, as well as GoblinTown and CryptoDickButt NFTs.

The address was also ‘tainted’ with ETH sent from Tornado Cash, a crypto mixer that’s sanctioned by the US Treasury.

Read more: Tornado Cash funds ‘at risk’ after hacker injects malicious code

Yesterday, CoinDesk reported that Tornado Cash developer Alexey Pertsev is to be accused of laundering $1.2 billion via the mixer at his upcoming trial in the Netherlands. Pertsev’s two co-founders, Roman Semenov and Roman Storm, are also facing charges in the US.

Old money, new threats

Moving money from traditional finance to the on-chain Wild West of DeFi will present plenty of novel risks for BlackRock.

Crypto auditor Charles Wang points out that the fund’s contract is a simple proxy, owned by a single externally-owned account (EOA), rather than a more secure multi-signature setup. He also notes that the proxy currently points to an unverified implementation.

A potential compromise of the EOA’s private key would be disastrous, and not uncommon.

Read more: Axie co-founder hacked for $10M two years after $625M Ronin attack 

As well as spear-phishing attempts, BlackRock will have to exercise caution when using DeFi projects. Constant phishing scams are regularly emptying users’ wallets, often of seven figures at a time, and hacks are rife across the sector.

Just yesterday, around $2 million was stolen from old Dolomite Exchange contracts, and Paraswap’s new router contract was found to contain a critical vulnerability, though the majority of at-risk funds were rescued.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XInstagramBluesky, and Google News, or subscribe to our YouTube channel.