Keeping DeFi SAFU: Binance Recovers Over $344,000 from Wine Swap Exit Scam

2020-11-04

Binance is always working to ensure the security of our users and we take a proactive approach in protecting users’ funds, which also extends to public chains like BNB Smart Chain (BSC). Recently, the Binance Security team helped recover 99.9% of an estimated $345,000 worth of funds stolen as the result of an exit scam, exemplifying how we continue to put our users first and take action in the best interest of the industry and our community.

Since BNB Smart Chain (BSC) launched two months ago, many new decentralized finance (DeFi) projects have emerged to provide greater access to alternative financial solutions. However, as any new market emerges, so do troublemakers, and the DeFi space has been no exception. There have been a number of bad actors taking advantage of unsuspecting victims through exit scams and other illegitimate activities. 

With new technologies being developed and criminal activity becoming more sophisticated, we are constantly improving the measures we take to protect our users and the overall community. Our efforts have expanded beyond Binance.com to BSC projects and their users, and we are taking an active approach to keeping the DeFi space safe from bad actors.

One recent case involves an exit scam / “rug pull” conducted by an automated market maker (AMM), Wine Swap, where the Binance Security team was able to successfully recover an estimated 99.9% of roughly $345,000 worth of stolen cryptocurrencies. 

Wine Swap Exit Scam: How We Recovered Funds

On October 13, Wine Swap launched on BSC as an AMM platform. Within an hour of launch, it had already pulled the rug, making away with more than $345,000 in customer funds (value as of November 2). The victims, identified only by their on-chain BSC addresses, had sent a total of 19 different tokens to Wine Swap from 119 different addresses. When the exit scam was executed, funds remaining in the contract address were transferred to the creator’s address.

The Binance and BSC community developers were alerted to the fraud, and the Binance security team immediately took action. We followed the flow of funds from Wine Swap, which included cross-chain transfers from BSC, to BNB Beacon Chain, then to Ethereum. We observed a small portion of the scammer’s funds move to two exchanges, as well as Binance Bridge (formerly known as Panama), and funds were successfully frozen in these centralized exchanges after making contact. By this point, the funds had nearly all been converted into stablecoins, BNB, ETH, and LINK.

Analysis of the transfers to and from Wine Swap allowed us to identify which addresses fell victim to the scam and calculate exactly how much was owed to them.

On the day following the scam, October 14, we successfully identified the scammer and made contact with the individual shortly thereafter. Knowing that they had been caught red-handed, they were quick to cooperate in an attempt to avoid the impending consequences. This began the process of recovery, with the scammer returning the proceeds to us directly so that we could facilitate their return to the victim addresses.

With the majority of the funds now divided into a small selection of cryptocurrencies, the Binance OTC team helped in converting the funds back to their original tokens and amounts in preparation for the refund. As of writing, this process is ongoing and we expect our team to complete the transfers to the victim addresses within the next several days.

Takeaways from This Case and What It Means for DeFi

  • We couldn’t have completed this initiative without the efforts of all parties involved, both in and out of the Binance ecosystem. This includes the key roles of Binance’s Security, OTC, and Finance teams, as well as the teams at BSC, Binance Bridge, and the two exchanges that froze funds received from the scam.

  • With new DeFi products emerging daily, it is difficult to verify the legitimacy of each and every project. We will continue to emphasize the importance of conducting individual due diligence and research before participating to avoid cases such as Wine Swap. It is important to remember that scams ending with the full recovery of lost funds are very rare.

  • While the victims of this case are all Binance Smart Chain users, we are unable to confirm whether they are Binance.com customers, and their identities (beyond the addresses they used) remain unknown to us.

We will always take initiative to protect the interests of the greater cryptocurrency space to the best of our ability, even when such incidents occur outside of the Binance ecosystem, to ensure a safer community overall. We are happy to do our part and reinforce our core value of putting users first.