QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$2 108 000 USD
JANUARY 2021
GLOBAL
POPCORNSWAP
DESCRIPTION OF EVENTS
"At the end of January, an exit scam was carried out by the PopcornSwap project, also based on the BSC blockchain, appropriating $ 2 million from liquidity pools." "PopcornSwap performed a liquidity siphon scam. This was nearly an instant rug-pull upon launch, stealing custody of over 2,000,000 USD in users’ tokens." "This was nearly an instant rug-pull upon launch, stealing custody of over 2,000,000 USD in users’ tokens merely three hours after their first Twitter post."
"Almost all the forks from PancakeSwap inherited a back door called the “Migrator” that allowed the dev to take all the staked assets in the farms. Yes, I’m not joking, PancakeSwap can really take all your staked assets if they really wanted to. I’m not suggesting they will, but its in their power to do so." "This was a legacy feature that came from SushiSwap on Ethereum because they needed to forcibly “migrate” Uniswap LPs into their own SushiSwap LP."
"Weibo user "Super Bitcoin" stated that another DeFi mine popcornswap on the Binance Smart Chain has gone. It is reported that some users said in the community that the project used cake's LP, the contract was open source but there was no audit, and the LP was run in less than two hours. Currently, there are more than 40,000 BNB in the wallet and no action is taken."
"The project has now deleted all media and website pages, going ghost."
"According to Wu, Binance executives wondered if they should take any steps in this situation. As Wu writes in his article, Binance said the security team is "watching" the Popcornswap project but may not be able to succeed. Previously, Binance made a statement that it is unlikely that it will be possible to recover funds, and users should carefully choose projects for investment. Thus, at the moment, the responsibility rests with the users themselves."
PopcornSwap launched a project with a backdoor which allowed them to take user funds. (Part of a migration contract that is standard in PancakeSwap at this time.)
They decided they wanted to take everyone's funds. Since they were anonymous, nobody managed to hunt them down to get the funds back.
HOW COULD THIS HAVE BEEN PREVENTED?
Having a single address by an anonymous person able to take everyone's funds is not a suitable strategy to protect those funds.
DeFi project TurtleDex completed an exit scam - World Stock Market (Jun 20)
SlowMist Hacked - SlowMist Zone (May 18)
Binance Coin (BNB) Today Historical Price Data | DigitalCoinPrice (Jul 10)
PopcornSwap Liquidity Siphon Rugpull (Jul 10)
@news_of_bsc Twitter (Jul 10)
PopcornSwap Liquidity Siphon Rugpull (Jul 10)
Goose Finance First To Remove Rugpull Migrator Code (Jul 10)
Popcornswap, SharkYield, Zap Finance, Tin Finance, Multi Financial — осторожно (Jul 10)
Worldwide crypto & NFT rug pulls and scams tracker - Comparitech (Dec 15)