$345 000 USD

OCTOBER 2020

GLOBAL

WINE SWAP

DESCRIPTION OF EVENTS

"On October 13, Wine Swap launched on BSC as an AMM platform." "Wine Swap [was] a yield farming platform launched on the Binance Smart Chain."

 

"The project was made available last month for fundraising, and strangely enough, within the first hour, a malicious actor decided that fleeing with the money was a smart choice."

 

"The victims, identified only by their on-chain BSC addresses, had sent a total of 19 different tokens to Wine Swap from 119 different addresses."

 

"The funds raised went into Wine Swap’s wallet address and a single individual then moved these funds, comprising 19 different crypto assets, into a personal wallet address. Binance noted that the funds went from the Binance Smart Chain, to the Binance Chain and finally onto the Ethereum network." "[W]ithin just 24 hours of the exit scam, the Binance team was able to identify the criminals and freeze 99% of the stolen funds, as those on Binance Bridge had already been frozen."

 

"Thereafter, the individual converted the stolen assets into BNB, ETH and stablecoins, but before they could liquidate these assets, Binance managed to convince them to return the funds to the exchange." "Binance’s security team followed the transactions and noticed a small portion ending on two digital asset exchanges. By this point, almost all funds were already converted into stablecoins, Binance Coin (BNB), Ethereum (ETH), and Chainlink (LINK)."

 

“With new DeFi products emerging daily, it is difficult to verify the legitimacy of each and every project. We will continue to emphasize the importance of conducting individual due diligence and research before participating to avoid cases such as Wine Swap.”

 

"The day after the scam, on October 14, the scammer was successfully identified and the individual contacted shortly thereafter. Knowing that they had been caught red-handed, they were quick to cooperate in an attempt to avoid the imminent consequences. This started the recovery process, with the scammer returning the proceeds directly so that they could be easily returned to the victims' addresses." "Binance identified and contacted the scammer. “Knowing that they had been caught red-handed, they were quick to cooperate in an attempt to avoid the impending consequences,” the exchange said."

 

"The Binance said its security team closely followed the transactions and managed to identify the malicious actor. By then, the scammer had nearly converted all of the funds into stablecoins, as well as Binance coin (BNB), ether (ETH) and Chainlink's LINK token. After being contacted by Binance, the scammer returned the funds to the exchange."

 

"In an announcement provided to CoinDesk on Thursday[, October 29th], Binance said it has gained custody of an estimated 99.9% of $345,000 worth of cryptocurrency stolen by purported automated market maker Wine Swap in October." "A Binance spokesperson said on Nov. 4 that the exchange had recovered 99.9% of the funds stolen."

 

"Analysis of the transfers to and from Wine Swap allowed us to identify which addresses fell victim to the scam and calculate exactly how much was owed to them," the exchange said.

 

"Binance now plans to refund the victims' addresses "within the next several days."" "With most of the funds now divided into a small selection of cryptocurrencies, the Binance OTC team helped convert the funds to their original tokens and amounts in preparation for redemption. As of this writing, this process is ongoing and transfers to victims' addresses are expected to be completed in the next few days."

A smart contract called Wine Swap was created which had a vulnerability that allowed a single person to take the funds which had been deposited for liquidity. This was utilized by that individual. They were caught and justice was threatened, and they returned the vast majority of the funds. These are being distributed back to affected users.

HOW COULD THIS HAVE BEEN PREVENTED?

It is never smart to place funds in the direct control of any single person, on a smart contract or otherwise. Instead, fund withdrawals should always run through a multi-signature withdrawal process where multiple trained and background checked human beings validate against fraud.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.