Liquidity Siphon Rugpulls on The Binance Smart Chain

On top of the 2,000,000 USD PopcornSwap Rug-pull, two other De-Fi projects, Zap Finance and Tin Finance, have run off with user funds.

The never-ending weeks of crypto continue to become one, having upwards of three rug-pulls on the Binance Smart Chain (BSC), this week. On top of the 2,000,000 USD PopcornSwap Rug-pull, two other De-Fi projects, Zap Finance and Tin Finance, have run off with user funds. This article should be a testament to the speculative nature of crypto markets and the inherent smart contract risk that underlies all De-Fi protocols.

What Was Zap Finance?

Zap Finance displayed itself as a BSC-based De-Fi protocol, ultimately stealing custody of users’ LP tokens. Zap Finance marketed itself as a “De-Fi” lending and trading platform that aimed at a fair distribution through liquidity mining. This token promised aspects of frictionless yield generation and DEX AMM technology, which was all created piggy-backing off of other De-Fi protocols. The team began its launch on 1/28/2021, marketing the project’s fair distribution and the inception of liquidity rewards, which were all a sham.

This Rug-Pull method is one of the most commonly seen on the BSC, where the smart contract receives permission for unlimited spending of LP tokens. Nearly hours after opening the liquidity pools, the team swiped all liquidity and swapped the funds for BNB and BUSD. The following transaction displays the swap done using community LP tokens for BUSD and BNB.

Graphical user interface, text, application, emailDescription automatically generated

Another transaction followed this one, in total the following “fraudulent” transactions were made:

TX 1 and TX 2

Tx 1: 8660 BUSD

Tx 2: 307 BNB ($13,776)

Total: ~22,000 USD

Tin Finance Rugpull

There was also another more significant rug pull done by Tin Finance, making away with about $140,000 worth of liquidity. This project has also gone ghost since the incident, but there Twitter is still live. This rug-pull was structured in a bit of a differnt fashion, being that of a pre-sale scam; the project Tin Finance promised users a pre-sale of 100,000 USD in return for TIN tokens. This project used the Tin Finance contract deployer to siphon liquidity which was then converted to WBNB and bridged off of the BSC. Ultimately the team created a false ethos and promises of a pre-sale, to run off with users money.

Here are the subsequent transactions of the Tin Finance rug-pull:

As previously stated when covering the PopcornSwap Rugpull– this must serve as a fair warning of the high-risk nature of De-Fi projects. While smart-contracts give developers the tool to create robust protocols, innovating traditional financial services, there are unfortunately inherent risks. These can be defined as smart contract risks; while this code allows users to develop trustless and decentralized protocols, they are not perfect. Malicious developers can leave loopholes in code to siphon users’ money. This has been the case for the latest rug-pulls on the BSC, where malicious developers have siphoned over 2,000,000 USD. 

In other instances, developers may not recognize a critical error in their code. This is unavoidable as nothing is ever perfect, which was the case in the Harvest Finance hack. Unnoticed structural integrity in a smart contract can be easily exploited by malicious users who find vulnerabilities in the code and ultimately steal users’ funds.

Source :

Leave a Reply

Your email address will not be published. Required fields are marked *