BNB42 Rug Pull "Crime Scene Investigation": Centralization Problem Reappears

特邀专栏作者

2022-02-16 03:45

This article is about 1935 words, reading the full article takes about 3 minutes

BNB42 suffered a Rug Pull attack, with a total loss of about $2.76 million.

At 23:06 on February 14, 2022, Beijing time, the CertiK security technology team detected a contract owner/developer (0x9b74fde50f3fcd3a02fafea6a187092630d6eb8f) trading at https://bscscan.com/tx/0x749215ebe457aa681194684401257fe8fb Unauthenticated Bnb42 contract in 44daecb9f50a077b12c71e83cf9414 (0x7c8ffcfefff2e62a77bfa82bdba730cc0e8129cf) transferred about 6,445 BNB.

The contract owner transferred the BNB of the Rug Pull to 8 addresses.

This follows last week'sBabyMusk's price plummetsfraudster's address

fraudster's address

Fraudster address:

https://bscscan.com/address/0x9b74fde50f3fcd3a02fafea6a187092630d6eb8f

The first transfer address of Rug Pull BNB: https://bscscan.com/address/0xeccc6b23401099eb912c4bb1021f4b04995614cc

The second transfer address of Rug Pull BNB: https://bscscan.com/address/0xb77b672cfd045d29b09d0eca336f2311d147b46e

Third: https://bscscan.com/address/0x9d6fab1206dda7443869e6837678f5fc9a089938

Fourth: https://bscscan.com/address/0x3bca51032e61ab6adffce2079952e628daea5b8f

Fifth: https://bscscan.com/address/0x21274ca4e26e2e231d7231f4ad131970a57e09e7

Sixth: https://bscscan.com/address/0x6a433937fd0b4dec7dc2f332c55f43a1ee380a3e

Seventh: https://bscscan.com/address/0xf6d4933afa07c20dac9d6917c89e91656bcf54eb

first level title

Rug Pull Transactions

Rug Pull operation steps

https://bscscan.com/tx/0x749215ebe457aa681194684401257fe8fb44daecb9f50a077b12c71e83cf9414

Rug Pull operation steps

1. The contract owner 0x9b74fde50f3fcd3a02fafea6a187092630d6eb8f called the withdraw function to transfer in the transaction 0x749215ebe457aa681194684401257fe8fb44daecb9f50a077b12c71e83cf94146, 445.424785656563617736 BNB to your own address.

2. Contract owner transferred BNB to 8 different addresses listed above.

first level title

text

1. The owner of the contract deploys an unauthenticated contract, where the function withdraw only allows the owner to withdraw all BNB(eth.balance(this.address) wei) to the owner's address.

2. The decompiled Bnb42 contract is deployed at 0x7c8ffcfefff2e62a77bfa82bdba730cc0e8129cf

text

Contract Vulnerability Analysis

The Rug Pull issue is a centralization risk.

Compiled in CertiK2021 DeFi Security ReportWhereabouts of assets

Whereabouts of assets

The contract owner has Rug 6,445.424785656563617736 units of BNB in total.

text

The early warning of this incident was broadcast on CertiK official Twitter [https://twitter.com/CertiKCommunity] at the first time.

As a leader in blockchain security, CertiK is committed to improving the security and transparency of cryptocurrencies and DeFi. So far, CertiK has been recognized by 2,500 corporate customers, protecting more than $311 billion in digital assets from loss.

BNB

Safety

Welcome to Join Odaily Official Community

Subscription Group

https://t.me/Odaily_News

Chat Group

https://t.me/Odaily_CryptoPunk

Official Account

https://twitter.com/OdailyChina