The shitcoin casino claims another set of victims.
Yesterday, DeFiLabs rugged $1.6M from its users on BSC via a backdoor function in their staking contract.
The project describes itself as “A decentralized financeplatform managed by AI” with a “Secure Stable High-Yield Return Staking Pool”.
A full-house on low-effort-buzzword bingo.
Random, previously unheard-of projects rugging on BSC is nothing new.
Mostly, a few to a few hundred thousand dollars go missing, socials get deleted, and a handful of degenerate gamblers barely notice they’ve lost one of their many longshot bets.
But at this stage in the cycle, and with much of retail long gone…
…who’s still YOLOing into this stuff?
As with most low-effort BSC rugs, there is no sophisticated hack to report in this case.
The stolen funds include BSC-USD (the vast majority), Cake, wrapped BTC and ETH, and BUSD.
Exploiter address: 0xee08d6c3a983eb22d7137022f0e9f5e7d4cf0be2
Rug contract: 0xdEDbd1804569F369e33e453Ee311F0F97dCd0Bde
Example tx: 0xcd255e0d…
Funds ($1.6M) consolidated here: 0x53ccFbC90A3fCDAfe9a2a50F798bEE7CcB5461b6
However, neither audit covered the vPoolv6 contract, despite the fact that both audits were conducted after the contract’s publication.
[the] platform is currently undergoing maintenance and updates. Unfortunately, we encountered an unexpected issue during this process. To ensure the safety of your assets and smooth operations, we have decided to temporarily suspend staking operations.
The message goes on to state that withdrawals are paused but, funnily enough, doesn’t mention the draining of the staking contract.
The team have promised an update in 48 hours…
…just enough time for the next rug to come along and everyone to forget.
Two months ago DeFiLabs helpfully published a ‘RISK WARNING!!’ to make sure users didn’t accidentally stray from their rug contract.
How considerate of them.
This incident is just one in a long line of rugpulls on BSC, with the last notable incident being the $2.36M lost on GMETA last week.
It’s all so tiresome.
Multiple repetitions of the same bug.
Centralised platforms losing tens of millions to compromised keys.
Hacks and rugs on little-known BSC projects popping up every few days.
It feels like 2021 again here at rekt.news.
We are so back.
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
Coinbase’s compliant and grown-up L2 is already a shitshow. BALD pulled the rug for $23M, and the deployer has some interesting connections... YOLO-mania is in full force while DeFi burns.
Kannagi Finance, a yield aggregator on zkSync pulled the rug on Saturday, dropping TVL from $2.1M to $0.17. The auditors may have highlighted 'centralised aspects' but, in this industry, who reads the fine print?
Swaprum, an Arbitrum-based DEX, pulled the rug for $3M on Thursday. Certik, the project's auditor, has since updated Swaprum’s security score to “Exit Scam”. Too little, too late?