$2 108 000 USD

JANUARY 2021

GLOBAL

POPCORNSWAP

DESCRIPTION OF EVENTS

"At the end of January, an exit scam was carried out by the PopcornSwap project, also based on the BSC blockchain, appropriating $ 2 million from liquidity pools." "PopcornSwap performed a liquidity siphon scam. This was nearly an instant rug-pull upon launch, stealing custody of over 2,000,000 USD in users’ tokens." "This was nearly an instant rug-pull upon launch, stealing custody of over 2,000,000 USD in users’ tokens merely three hours after their first Twitter post."

 

"Almost all the forks from PancakeSwap inherited a back door called the “Migrator” that allowed the dev to take all the staked assets in the farms. Yes, I’m not joking, PancakeSwap can really take all your staked assets if they really wanted to. I’m not suggesting they will, but its in their power to do so." "This was a legacy feature that came from SushiSwap on Ethereum because they needed to forcibly “migrate” Uniswap LPs into their own SushiSwap LP."

 

"Weibo user "Super Bitcoin" stated that another DeFi mine popcornswap on the Binance Smart Chain has gone. It is reported that some users said in the community that the project used cake's LP, the contract was open source but there was no audit, and the LP was run in less than two hours. Currently, there are more than 40,000 BNB in ​​the wallet and no action is taken."

 

"The project has now deleted all media and website pages, going ghost."

 

"According to Wu, Binance executives wondered if they should take any steps in this situation. As Wu writes in his article, Binance said the security team is "watching" the Popcornswap project but may not be able to succeed. Previously, Binance made a statement that it is unlikely that it will be possible to recover funds, and users should carefully choose projects for investment. Thus, at the moment, the responsibility rests with the users themselves."

PopcornSwap launched a project with a backdoor which allowed them to take user funds. (Part of a migration contract that is standard in PancakeSwap at this time.)

 

They decided they wanted to take everyone's funds. Since they were anonymous, nobody managed to hunt them down to get the funds back.

HOW COULD THIS HAVE BEEN PREVENTED?

Having a single address by an anonymous person able to take everyone's funds is not a suitable strategy to protect those funds.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.