Wine Swap Exit Scam
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
A smart contract called Wine Swap was created which had a vulnerability that allowed a single person to take the funds which had been deposited for liquidity. This was utilized by that individual. They were caught and justice was threatened, and they returned the vast majority of the funds. These are being distributed back to affected users.
This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13]
About Wine Swap
"On October 13, Wine Swap launched on BSC as an AMM platform." "Wine Swap [was] a yield farming platform launched on the Binance Smart Chain."
"The project was made available last month for fundraising, and strangely enough, within the first hour, a malicious actor decided that fleeing with the money was a smart choice."
"The victims, identified only by their on-chain BSC addresses, had sent a total of 19 different tokens to Wine Swap from 119 different addresses."
"The funds raised went into Wine Swap’s wallet address and a single individual then moved these funds, comprising 19 different crypto assets, into a personal wallet address. Binance noted that the funds went from the Binance Smart Chain, to the Binance Chain and finally onto the Ethereum network." "[W]ithin just 24 hours of the exit scam, the Binance team was able to identify the criminals and freeze 99% of the stolen funds, as those on Binance Bridge had already been frozen."
"Thereafter, the individual converted the stolen assets into BNB, ETH and stablecoins, but before they could liquidate these assets, Binance managed to convince them to return the funds to the exchange." "Binance’s security team followed the transactions and noticed a small portion ending on two digital asset exchanges. By this point, almost all funds were already converted into stablecoins, Binance Coin (BNB), Ethereum (ETH), and Chainlink (LINK)."
“With new DeFi products emerging daily, it is difficult to verify the legitimacy of each and every project. We will continue to emphasize the importance of conducting individual due diligence and research before participating to avoid cases such as Wine Swap.”
"The day after the scam, on October 14, the scammer was successfully identified and the individual contacted shortly thereafter. Knowing that they had been caught red-handed, they were quick to cooperate in an attempt to avoid the imminent consequences. This started the recovery process, with the scammer returning the proceeds directly so that they could be easily returned to the victims' addresses." "Binance identified and contacted the scammer. “Knowing that they had been caught red-handed, they were quick to cooperate in an attempt to avoid the impending consequences,” the exchange said."
"The Binance said its security team closely followed the transactions and managed to identify the malicious actor. By then, the scammer had nearly converted all of the funds into stablecoins, as well as Binance coin (BNB), ether (ETH) and Chainlink's LINK token. After being contacted by Binance, the scammer returned the funds to the exchange."
"In an announcement provided to CoinDesk on Thursday[, October 29th], Binance said it has gained custody of an estimated 99.9% of $345,000 worth of cryptocurrency stolen by purported automated market maker Wine Swap in October." "A Binance spokesperson said on Nov. 4 that the exchange had recovered 99.9% of the funds stolen."
"Analysis of the transfers to and from Wine Swap allowed us to identify which addresses fell victim to the scam and calculate exactly how much was owed to them," the exchange said.
"Binance now plans to refund the victims' addresses "within the next several days."" "With most of the funds now divided into a small selection of cryptocurrencies, the Binance OTC team helped convert the funds to their original tokens and amounts in preparation for redemption. As of this writing, this process is ongoing and transfers to victims' addresses are expected to be completed in the next few days."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| October 13th, 2020 | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $345,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
It is never smart to place funds in the direct control of any single person, on a smart contract or otherwise. Instead, fund withdrawals should always run through a multi-signature withdrawal process where multiple trained and background checked human beings validate against fraud.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Binance Recovers $344K From Scam DeFi Project Launched on Its Platform - CoinDesk (Jun 13, 2021)
- ↑ Cheated Investors of Binance-Launched DeFi Project Wine Swap To Get Stolen Funds Back (Jun 13, 2021)
- ↑ Binance recovers Wine Swap exit scam’s proceeds | Modern Consensus. (Jun 13, 2021)
- ↑ Binance Recovers Over $344,000 from Wine Swap Exit Scam : CryptoCurrency (Jun 13, 2021)
- ↑ Keeping DeFi SAFU: Binance Recovers Over $344,000 from Wine Swap Exit Scam | Binance Blog (Jun 13, 2021)
- ↑ Binance recovers funds from the Wine Swap exit scam - The Cryptonomist (Jun 13, 2021)
- ↑ Binance Recovers $345,000 (99.9%) of Stolen Funds in a DeFi Exit Scam (Jun 13, 2021)
- ↑ @JohnDoughBull Twitter (Jun 13, 2021)
- ↑ @DefiDebauchery Twitter (Jun 13, 2021)
- ↑ Binance Stops Possible Exit Scam on It's Blockchain - JRNY Crypto (Jun 19, 2021)
- ↑ Binance recovers shocking $345K amount from DeFi scam - CryptoStellar (Jun 19, 2021)
- ↑ Cómo se logró recuperar más de US$ 344.000 de la estafa de salida de Wine Swap - TyN Magazine (Jun 19, 2021)
- ↑ Binance Recovers $344K From Scam DeFi Project Launched on Its Platform - CoinDesk (Dec 27, 2021)