Binance Smart Chain project exits scam! Involved parties remain silent, audit firm TechRate criticized as unreliable.
Binance Smart Chain has experienced several hacking incidents since June, with the latest involving StableMagnet Finance, an automated market maker protocol for stablecoins, which absconded with $22 million from users and poses a risk of asset theft for wallets that have interacted with the protocol.
Table of Contents
StableMagnet Finance Exit Scam
The blockchain security audit firm PeckShield pointed out on Twitter that StableMagnet on Binance Smart Chain (BSC) forked from Saddle Finance, and its SwapUtils code was not verified, deviating from the main Swap contract.
The project team has run away with $22 million and the amount is still increasing. Users have reported that Telegram, Twitter, and the website have all been shut down. Additionally, many users have approved the protocol, with over 1,000 users still having assets in the original mining pool 3Pool. PeckShield urges users to revoke authorization as soon as possible. Authorization can be revoked through BscScan
##StableMagnet #rugpull $22m and growing. Its SwapUtils library code is NOT verified and *DIFFERENT* from main Swap contract: https://t.co/Ls5XNA5UXf. @bscscan There is a need to verify the library code!
— PeckShield Inc. (@peckshield) June 23, 2021
TechRate Audit Firm
After the incident, the cross-chain investment protocol DeFiYield criticized the audit firm TechRate on Twitter, stating:
"After Stablemagnet's exit scam, we no longer consider any audits conducted by TechRate to be trustworthy. Many recent rug-pull projects have one thing in common: 'Audited by TechRate only.'"
1/3 After the last rugpull of Stablemagnet we will no longer consider any review/audit from TechRate as trustable. Many of the recent projects performing rug-pulls had the common pattern to be audited only by TechRate.
— DEFIYIELD.App (@defiyield_app) June 23, 2021
Eleven Finance Hacked
Eleven.finance was initially deployed on Binance Smart Chain (BSC) and later integrated with Polygon MATIC and Fantom, forming a multi-chain yield aggregator.
On 6/23, PeckShield pointed out that the machine gun pool in Eleven Finance related to Nerve was hit by a flash loan attack, with the attacker profiting nearly $4.6 million.
Similarly, on 6/20, on Binance Smart Chain, the hacker who executed a flash loan attack on Impossible Finance also attacked Eleven the next day, making nearly $520,000. PeckShield described this series of attacks as too fast to react to.
Silence from All Sides
In fact, the audit firm TechRate has previously experienced several cases of projects they audited running away, such as AladdinDEFI, raising doubts about TechRate. Despite concerns about audit firms, investors often ignore risks driven by profit motives, leading to their own losses.
As of now, parties involved such as TechRate and BSC have not made any statements on Twitter. Binance CEO Changpeng Zhao mourned the death of software tycoon John McAfee in a post, and Binance officially launched its NFT marketplace today.
Previously, Changpeng Zhao emphasized in an interview: "BSC is not something we built, it's the developer community."