StableMagnet and Others Rugpull $22M in Stablecoin Through Unverified Swap Code

StableMagnet is now draining funds directly from user wallets – if you have interacted with StableMagnet at all you must revoke all permissions now.

Warning All Users

The StableMagnet Automated Market Maker (AMM) has perpetrated a rugpull on their users in an initial attack valued upwards of $22 million. According to an analysis by REKT, that figure has now grown to $27 million and continues to rise. PeckShield, a blockchain security and data analytics company, is warning all users who previously interacted with StableMagnet must revoke any permissions granted immediately. In a Tweet the security experts stated how the attack affected users.

PeckShield stated, “StableMagnet Swap has been approved by many users to move funds:  If you interacted with it before, REVOKE NOW”, before estimating that a huge number of users could still be at risk. “Our calculation shows there are still 1000+ users who have non-zero allowance on the rugpulled StableMagnet.”

Novel Attack Vector

The rugpull from StableMagnet came thanks to a novel attack method. The problem cited by Rugdoc is that neither Etherscan nor BscScan verify linked library source code. This allowed the scammers at StableMagnet to deploy a different code library than the one cited in the source code. In this manner StableMagnet’s SwapUtils library wasn’t checked. Rugdoc on Twitter gave further insight as to the details of the exploit. 

RugDoc said, “The unverified linked library did not only contain code to drain all pairs, it also contained code to transfer more tokens to everyone who had approved StableMagnet. Please revoke your approvals as soon as possible using debank.com… Dopple and StableGaj are based upon the same protocol and their SwapUtils libraries are also UNVERIFIED. For the time being we recommend UNSTAKING and REVOKING APPROVALS until these contracts are verified.”

Multiple Rugs?

The rugpull

An anonymous source which spoke to REKT claims that the people behind the StableMagnet rugpull have also been behind a number of other similar crimes including Moon Here and WenMoon. There is no further way to corroborate that information at this time. Victims of the rugpull have now formed a community support group on Telegram and are seeking to piece together what information they can about the scammers.

Source : bsc.news

Leave a Reply

Your email address will not be published. Required fields are marked *