Liquidity Siphon Rugpulls on The Binance Smart Chain

On top of the 2,000,000 USD PopcornSwap Rug-pull, two other De-Fi projects, Zap Finance and Tin Finance, have run off with user funds.

By
Greg Gotsis
on
January 29, 2021
Category:
BSC News

The never-ending weeks of crypto continue to become one, having upwards of three rug-pulls on the Binance Smart Chain (BSC), this week. On top of the 2,000,000 USD PopcornSwap Rug-pull, two other De-Fi projects, Zap Finance and Tin Finance, have run off with user funds. This article should be a testament to the speculative nature of crypto markets and the inherent smart contract risk that underlies all De-Fi protocols.

What Was Zap Finance?

Zap Finance displayed itself as a BSC-based De-Fi protocol, ultimately stealing custody of users’ LP tokens. Zap Finance marketed itself as a “De-Fi” lending and trading platform that aimed at a fair distribution through liquidity mining. This token promised aspects of frictionless yield generation and DEX AMM technology, which was all created piggy-backing off of other De-Fi protocols. The team began its launch on 1/28/2021, marketing the project’s fair distribution and the inception of liquidity rewards, which were all a sham.

This Rug-Pull method is one of the most commonly seen on the BSC, where the smart contract receives permission for unlimited spending of LP tokens. Nearly hours after opening the liquidity pools, the team swiped all liquidity and swapped the funds for BNB and BUSD. The following transaction displays the swap done using community LP tokens for BUSD and BNB.

Graphical user interface, text, application, emailDescription automatically generated

Another transaction followed this one, in total the following “fraudulent” transactions were made:

TX 1 and TX 2

Tx 1: 8660 BUSD

Tx 2: 307 BNB ($13,776)

Total: ~22,000 USD

Tin Finance Rugpull

There was also another more significant rug pull done by Tin Finance, making away with about $140,000 worth of liquidity. This project has also gone ghost since the incident, but there Twitter is still live. This rug-pull was structured in a bit of a differnt fashion, being that of a pre-sale scam; the project Tin Finance promised users a pre-sale of 100,000 USD in return for TIN tokens. This project used the Tin Finance contract deployer to siphon liquidity which was then converted to WBNB and bridged off of the BSC. Ultimately the team created a false ethos and promises of a pre-sale, to run off with users money.

Here are the subsequent transactions of the Tin Finance rug-pull:

https://www.bscscan.com/address/0xde508c7a6d374ecd29e0f45a92472ddc655394e7

https://www.bscscan.com/address/0x75b84a45fd046c01e3cd9ac725e991a8d28fe5f7


As previously stated when covering the PopcornSwap Rugpull-- this must serve as a fair warning of the high-risk nature of De-Fi projects. While smart-contracts give developers the tool to create robust protocols, innovating traditional financial services, there are unfortunately inherent risks. These can be defined as smart contract risks; while this code allows users to develop trustless and decentralized protocols, they are not perfect. Malicious developers can leave loopholes in code to siphon users’ money. This has been the case for the latest rug-pulls on the BSC, where malicious developers have siphoned over 2,000,000 USD. 

In other instances, developers may not recognize a critical error in their code. This is unavoidable as nothing is ever perfect, which was the case in the Harvest Finance hack. Unnoticed structural integrity in a smart contract can be easily exploited by malicious users who find vulnerabilities in the code and ultimately steal users’ funds.

Overall, smart contract risk is a prevalent issue in the De-Fi space on both the Ethereum Network and the Binance Smart Chain. At the same time, these are not insanely common occurrences, but they ever too frequent. We have published a few guides on the BSCNews website, authored by The Ape, which help users safeguard against these instances:

How To Spot a Potential RUG — Clear signs something is sketchy

How to Keep Your Funds SAFE — MetaMask Guide



Unfortunately, in the current De-Fi landscape, smart contract risks are very prevalent and should always be considered. As the space continues to mature, we can expect to see better audits, more educational awareness, and a general increase in safety. These tools are quickly developing with a large amount of insurance and audit protocols launching to help safeguard and protect users from these occurrences.

Overall it is vital to proceed with caution when purchasing highly speculative tokens. None of our articles are advice at the end of the day, and all financial decisions should be made on your behalf or from a professional financial advisor.


Tags:
No items found.
Greg Gotsis

Greg (GoonTrades) is BSC News' Chief Editor and is also a writer for the team. Currently enrolled as an economics major, he finds himself as a cryptocurrency researcher, writer, and technical trader.

Text Link

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.