View source for BoosterToken Malicious Front-End

{{Case Study Under Construction}}[[File:Boostertoken.jpg|thumb|Booster Token Homepage]]The BoosterToken project swapped their front-end for a malicious front-end after getting a CertiK audit, enabling them to steal at least 120 BNB. Anyone who fell for the migration code on the website had their entire wallet drained of any funds. The website is presently offline and it does not appear that any recovery is likely.

== About BoosterToken ==
"Booster Token is a decentralized financial payment network that rebuilds the traditional payment stack on the blockchain. It utilizes a basket of fiat-pegged stablecoins, algorithmically stabilized by its reserve currency BOOSTER, to facilitate programmable payments and open financial infrastructure development. As of December 2020, the network has transacted an estimated $299 billion for over 2 million users."

"Bought a couple hundred dollars worth. This coin is awesome. Hasn't even been 24 hours. Sounds like a great project. Enjoy the moon, early buyers!"

Homepage: <ref name="boostertokenarchive-5329" />

Twitter: <ref name="boostertokentwitter-5324" />

CoinMarketCap: <ref name="coinmarketcap-5325" />

TheBitTimes: <ref name="thebittimes-5327" />

YouTube Video: <ref name="youtube-5328" />

== The Reality ==
While the booster token had an audit from CertiK, this doesn't vouch for anything but the security of the submitted smart contract. By directing users to interact with a different smart contract or wallet, this is meaningless<ref name="reddit-5326" />.

== What Happened ==
The Booster Token project launched with users directed to grant access to an Ethereum wallet owned directly by the Booster Team, rather than the Booster Token smart contract<ref name="certikorgtwitter-5320" />.
{| class="wikitable"
|+Key Event Timeline - BoosterToken Malicious Front-End
!Date
!Event
!Description
|-
|December 8th, 2021 10:56:00 AM MST
|CertiK Reports Malicious Front-End
|CertiK reports that "malicious frontend code was injected into @BoosterToken to mislead users into transferring the balance to an [externally owned account for the] Booster Team"<ref name="certikorgtwitter-5320" />.
|-
|December 8th, 2021
|Main Event
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|-
|December 8th, 2021 2:56:00 PM MST
|CertiK Report On Losses
|CertiK reports that they "have verified 3 of the scammers addresses" and that the loss is now ~ 120 BNB<ref name="certikorgtwitter-5333" />.
|}

== Technical Details ==


Exploiter Addresses: <ref name="certik-5321" /><ref name="certik-5322" /><ref name="certik-5323" />

== Total Amount Lost ==
The total loss was estimated at 120 BNB<ref name="certikorgtwitter-5333" />.<blockquote>"The total loss is now ~ 120 BNB."</blockquote><ref name="coinmarketcap-5330" />

The total amount lost has been estimated at $73,000 USD.

== Immediate Reactions ==
A warning tweet was issued by CertiK. Several users also commented on the matter on Twitter.

=== Warning Tweet By CertiK ===
CertiK reported on the issue<ref name="certikorgtwitter-5320" />.<blockquote>A malicious frontend code was injected into @BoosterToken to mislead users into transferring the balance to an [externally owned account] (Booster Team). The rugpull happened in the frontend, not from the smart contract. DO NOT engage</blockquote>


=== Reactions On Twitter ===
"This is not the Old booster account they deleted it and I took the @ we are investigating to see who was behing this attack... Revoke access to booster on BSC" "DONT MIGRATE ANYTHING ON THE WEBSITE IT WILL DRAIN YOUR ACCOUNT" "[T]hey are not just rug pulling they are stealing other tokens." "[T]hey took all I had in my wallet."

== Ultimate Outcome ==
CertiK performed some tracing to identify 3 wallets owned by the scammer(s).

=== CertiK Address Confirmation ===
A follow up tweet provided three addresses involved in the fraud<ref name="certikorgtwitter-5333" />.<blockquote>So far we have verified 3 of the scammers addresses: <nowiki>https://certik.com/skytrace/bsc:0xc8c4177aa32798ea53e1b8282e1f801a24f85ee9……</nowiki> - (31.72 BNB) <nowiki>https://certik.com/skytrace/bsc:0x9aa3fbd5e93798b1816a5bc4bd74219cc4a1a789-……</nowiki> (77.98 BNB) <nowiki>https://certik.com/skytrace/bsc:0x7433f75270fe707f6a7b1fdc7b93a2b398fc3b3d……</nowiki> - (9.3 BNB)

The total loss is now ~ 120 BNB

Keep the eye on the addresses using #SkyTrace</blockquote>

== Total Amount Recovered ==
There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

== Ongoing Developments ==
TBD
== Individual Prevention Policies ==
A high degree of diligence is needed when interacting with smart contracts. The user needs to ensure that the security of the smart contract has been assessed and that their funds are being sent to the correct smart contract.

{{Prevention:Individuals:Double Check Transactions}}

{{Prevention:Individuals:Safe Smart Contract Usage}}

{{Prevention:Individuals:End}}

== Platform Prevention Policies ==
Users need to be better educated on the risks and how to validate that they are interacting with the correct smart contract. Having a standard review process for all smart contract projects would ensure that the teams are generally better known. An industry insurance fund can assist in selecting validators and if any projects defraud users.

{{Prevention:Platforms:Cryptocurrency Safety Quiz}}

{{Prevention:Platforms:Regular Audit Procedures}}

{{Prevention:Platforms:Establish Industry Insurance Fund}}

{{Prevention:Platforms:End}}

== Regulatory Prevention Policies ==
Users need to be better educated on the risks and how to validate that they are interacting with the correct smart contract. Having a standard review process for all smart contract projects would ensure that the teams are generally better known. An industry insurance fund can assist in selecting validators and if any projects defraud users.

{{Prevention:Regulators:Cryptocurrency Education Mandate}}

{{Prevention:Regulators:Platform Security Assessments}}

{{Prevention:Regulators:Establish Industry Insurance Fund}}

{{Prevention:Regulators:End}}

== References ==
<references>
<ref name="certikorgtwitter-5320">[https://mobile.twitter.com/certikorg/status/1468640668788707329 <nowiki>CertiK - "A malicious frontend code was injected into @BoosterToken to mislead users into transferring the balance to an [externally ownde account] (Booster Team). The rugpull happened in the frontend, not from the smart contract." - Twitter</nowiki>] (Jan 7, 2022)</ref>
<ref name="certik-5321">[https://www.certik.com/skytrace/bsc:0xc8c4177aa32798ea53e1b8282e1f801a24f85ee9 CertiK Asset Tracing for Address bsc:0xc8c4177aa32798ea53e1b8282e1f801a24f85ee9] (Jan 7, 2022)</ref>
<ref name="certik-5322">[https://www.certik.com/skytrace/bsc:0x9aa3fbd5e93798b1816a5bc4bd74219cc4a1a789 CertiK Asset Tracing for Address bsc:0x9aa3fbd5e93798b1816a5bc4bd74219cc4a1a789] (Jan 7, 2022)</ref>
<ref name="certik-5323">[https://www.certik.com/skytrace/bsc:0x7433f75270fe707f6a7b1fdc7b93a2b398fc3b3d CertiK Asset Tracing for Address bsc:0x7433f75270fe707f6a7b1fdc7b93a2b398fc3b3d] (Jan 7, 2022)</ref>
<ref name="boostertokentwitter-5324">https://mobile.twitter.com/boostertoken (Jan 7, 2022)</ref>
<ref name="coinmarketcap-5325">https://coinmarketcap.com/currencies/booster-bsc/ (Jan 7, 2022)</ref>
<ref name="reddit-5326">[https://www.reddit.com/r/BoosterToken/comments/rbjqew/scam_token/ Scam Token! : BoosterToken] (Jan 7, 2022)</ref>
<ref name="thebittimes-5327">[https://thebittimes.com/token-BOOSTER-BSC-0x63ac110d2f77eb74f34c212aee417e621f16b856.html Booster Token( BOOSTER ) info, Booster Token( BOOSTER ) chart, market cap, and price | TheBitTimes.Com] (Jan 7, 2022)</ref>
<ref name="youtube-5328">[https://www.youtube.com/watch?v=8YfFrY1moFc BOOSTER TOKEN | EARN BIG MONEY FOR HOLDING - YouTube] (Jan 7, 2022)</ref>
<ref name="boostertokenarchive-5329">[https://web.archive.org/web/20211107040536/http://boostertoken.com/ Booster Token Homepage] (Jan 7, 2022)</ref>
<ref name="coinmarketcap-5330">https://coinmarketcap.com/currencies/binance-coin/historical-data/ (Jan 7, 2022)</ref>
<ref name="certikorgtwitter-5333">[https://mobile.twitter.com/certikorg/status/1468701100714962946 CertiK - "So far we have verified 3 of the scammers addresses ... The total loss is now ~ 120 BNB" - Twitter] (Jan 7, 2022)</ref>
</references>