In an unexpected turn of events, Binance has demonstrated its authority to freeze private wallet addresses on the BNB Chain, provided all its validators reach a consensus. This revelation came to light after a nefarious rug pull on the BNB Chain left users reeling from losing $2 million worth of BNB tokens, now valued at $11 million in today’s market. The incident, known as the PopcornSwap scam, underscores decentralized finance’s complexities and centralized exchanges’ role.
The PopcornSwap Exit Scam Unveiled
On January 28, 2021, PopcornSwap, a decentralized exchange built on the newly launched Binance Smart Chain (BSC), executed a sophisticated exit scam. It exploited a “pre-upgrade” function hidden within the exchange’s smart contract, allowing developers to approve themselves as spenders for every liquidity provider (LP) token. This loophole enabled the attacker, operating under the pseudonym “Fake_Phishing7,” to drain $2 million in cryptocurrencies, converting them into BNB.
The attack continued until the scammer made a final move, exchanging 250,913 Binance-pegged USD Coin for 5,536 BNB, leaving the criminal with approximately 48,511 BNB, initially worth $2 million and now valued at $10.8 million.
Victims Seek Binance’s Help
In the aftermath of the rug pull, affected users formed a Telegram group called “PopcornSwap Rugpull” to support one another and implored Binance to intervene by freezing the scammer’s address. Opinions within the community were divided, with some believing that Binance held the power to freeze private wallet addresses. In contrast, others maintained that it was beyond the capabilities of a centralized exchange.
Binance’s Initial Response and Subsequent Clarification
On January 29, 2021, Binance responded to one victim, “Richie,” mistakenly indicating that the scammer’s wallet had been frozen. They advised patience until the authorities resolved the situation. However, by October 2022, the stolen funds remained untouched, and Binance’s customer service appeared unresponsive, issuing generic responses and suggesting users contact the police.
Don’t miss out on exciting legal job openings – sign up for LawCrossing today.
Blockchain data revealed that contrary to the initial statement, the scammer’s address remained unfrozen until October 6, 2022. The attacker chose not to move the funds during this period, and Binance played no part in preventing access to the stolen assets.
The October 6, 2022 Freeze
In an unrelated attack on October 6, 2022, the BSC Token Hub bridge suffered exploitation, resulting in over $570 million theft. In response, BSC developers proposed a network hard fork that included freezing the PopcornSwap scammer’s address. This proposal received unanimous approval from all BNB Chain validators, prohibiting outgoing transactions from both the bridge exploiter’s and PopcornSwap scammer’s addresses. Notably, the proposal did not transfer the frozen funds to another address, disappointing victims seeking reimbursement.
Binance’s Perspective
In a recent conversation with Cointelegraph on August 31, 2023, a Binance representative clarified that Binance proposed the October 6, 2022 freeze but required validator consensus. Furthermore, Binance reiterated that they never had control of the stolen funds, emphasizing the decentralized nature of BNB Chain, where governance decisions are community-coordinated. The investigation remains open, with Binance prepared to assist law enforcement in identifying those responsible.
The PopcornSwap Scam as a Cautionary Tale
The PopcornSwap scam serves as a cautionary tale in decentralized finance, highlighting the inherent risks in smart contracts. Victims faced an uphill battle to recover their losses due to the unanimous consent required for chain forks. This incident also underscores the nuanced control that certain entities, even in decentralized ecosystems, can exert over users’ assets when necessary.
The case of the PopcornSwap scam reveals the intricate balance between decentralization and centralized intervention, shedding light on the evolving landscape of blockchain governance.
Don’t be a silent ninja! Let us know your thoughts in the comment section below.