StableMagnet is now draining funds directly from user wallets – if you have interacted with StableMagnet at all you must revoke all permissions now.
Warning All Users
The StableMagnet Automated Market Maker (AMM) has perpetrated a rugpull on their users in an initial attack valued upwards of $22 million. According to an analysis by REKT, that figure has now grown to $27 million and continues to rise. PeckShield, a blockchain security and data analytics company, is warning all users who previously interacted with StableMagnet must revoke any permissions granted immediately. In a Tweet the security experts stated how the attack affected users.
PeckShield stated, “StableMagnet Swap has been approved by many users to move funds: If you interacted with it before, REVOKE NOW”, before estimating that a huge number of users could still be at risk. “Our calculation shows there are still 1000+ users who have non-zero allowance on the rugpulled StableMagnet.”
Novel Attack Vector
The rugpull from StableMagnet came thanks to a novel attack method. The problem cited by Rugdoc is that neither Etherscan nor BscScan verify linked library source code. This allowed the scammers at StableMagnet to deploy a different code library than the one cited in the source code. In this manner StableMagnet’s SwapUtils library wasn’t checked. Rugdoc on Twitter gave further insight as to the details of the exploit.
RugDoc said, “The unverified linked library did not only contain code to drain all pairs, it also contained code to transfer more tokens to everyone who had approved StableMagnet. Please revoke your approvals as soon as possible using debank.com… Dopple and StableGaj are based upon the same protocol and their SwapUtils libraries are also UNVERIFIED. For the time being we recommend UNSTAKING and REVOKING APPROVALS until these contracts are verified.”
An anonymous source which spoke to REKT claims that the people behind the StableMagnet rugpull have also been behind a number of other similar crimes including Moon Here and WenMoon. There is no further way to corroborate that information at this time. Victims of the rugpull have now formed a community support group on Telegram and are seeking to piece together what information they can about the scammers.
Source : bsc.news
Founded in 2020, BSCNews is the leading media platform covering decentralized finance (DeFi) on the Binance Smart Chain (BSC). We cover a wide range of blockchain news revolving mainly around the DeFi sector of the crypto markets. BSCNews aims to inform, educate and share information with the global investment community through our website, social media, newsletters, podcasts, research, and live ask me anything (AMA). Our content reaches hundreds of thousands of global investors who are active in the BSC DeFi space.