Beetsfarm Finance suspected of rug pull
Polygon-based Beetsfarm Finance, a DeFi project that specialises in yield farming, has been accused of fraud. The team behind RugDoc.io accused the developers of stealing more than £86,880 from Beetsfarm users.
RugDoc explained that their scanner, which is configured to search for unverified smart contracts, rated Beetsfarm as a ‘high-risk’ project.
Contract verification lets crypto investors make sure the compiled code matches the one uploaded to the blockchain. Under pressure from the community, the developers carried out the necessary procedure, after which the RugDoc scanner (named J) re-checked the smart contract.
“[J] promptly reviewed it again and the contract had the most red flags J had ever seen”.
RugDoc believes the Beetsfarm smart contact has a bug that lets anyone deposit and withdraw funds to third-party wallets. After a user approves the interaction with the contract, anyone can initiate a transaction from their wallet to the project administration address.
The base code of the project also has an emergency withdrawal of funds feature in place (emergencyWithdraw). RugDoc specialists found a similar exploit in it with one crucial difference. Instead of withdrawing assets to the user’s wallet corresponding to the ‘_wallet’ parameter, the function transferred them to the project administrators’ address, designated as ‘wallet’.
According to DappRadar, 289 unique users are registered on Beetsfarm, and the volume of transactions processed by its smart contract does not exceed $245,000 (~£177,390). With that said, almost all the transactional activity recorded by the service falls on 17th June.
According to experts, the project administration stole a significant amount of money due to the feature of unlimited funds transfer. Through the emergency withdrawal the users’ assets were then moved to the address which contains more than $123,000 (~£89,060) in various tokens.
Some users also reported that their LP tokens disappeared after being deposited.
There were no statements from the Beetsfarm team following the incident. The project’s Telegram channel was deleted, and its Twitter account was marked as ‘restricted’.
The team behind Beetsfarm Finance appear to have done a runner. Unfortunately, this isn’t the first such incident, and it is unlikely to be the last. Back in May, the team behind the DeFi100 decentralised finance protocol based on the Balance Smart Chain (BNB) was suspected of fraud amounting to $32 million (~£27.2 million).
Photographe, Vidéaste, webdesigner et enfin rédacteur pour CoinTribune: l’image, le digital et la blockchain sont mon dada.