News Close Look

This $11 million rug grab caused controversy because Binance hesitated to freeze BNB wallets.


It turns out that Binance can, in fact, freeze private wallet addresses on the BNB Chain, but only with the agreement of all its validators.

Users are conned out of $2 million ($11 million at today’s BNB pricing) via a BNB Chain rug pull. Users inquire about Binance. Binance claims to have frozen the cash but later backtracks on that claim. When Binance finally decided to take action to freeze the scammer’s wallet, which had risen to $10.8 million, the money had been sitting at the address for nearly two years. Previously, Binance has claimed that the decentralized architecture of BNB Chain prevented them from being able to freeze wallets outside of exchange addresses. Users are dissatisfied and demand more from Binance. This is how the PopcornSwap fraud came to be.

Stay in the know on crypto by frequently visiting Crypto News Today

A little-known “preUpgrade” function found in the exchange’s smart contract allowed the decentralized exchange PopcornSwap on the Build N Build (BNB) Chain to steal almost $2 million from liquidity providers’ assets on January 28, 2021. Users had faith that Binance, the company behind BNB Chain, would be able to block the con artists’ address. Since then, the BNB held in the scammer’s account has increased in value by nearly $10 million as users guessed whether or not the money had been frozen.

CryptoCaster Quick Check:

Contrary to what the public believes, Binance can freeze private wallet addresses on the BNB Chain with the approval of all validators, according to an investigation. Even though Binance eventually blocked the attacker’s address, the scam had already taken place almost two years prior to this. The attacker held money in the initial account during the two years in question, voluntarily refusing to shift it.

PopcornSwap rug pull on display

One of the first decentralized exchanges on the newly formed Binance Smart Chain (BSC), later known as the “BNB Smart Chain,” was PopcornSwap in 2021. In an effort to take advantage of the enormous trading volumes they anticipated to appear on BSC, some network members hurried to PopcornSwap to deposit liquidity. They did not, however, receive the record yields they had anticipated and instead lost every penny they had deposited. On Ethereum, PopcornSwap forked from Pancakeswap, which in turn forked from Sushiswap. And it so happened that Sushiswap had a “preUpgrade” method that let developers authorize themselves as spenders for each liquidity provider (LP) token, allowing them to drain all of the assets stored by the protocol.

Between 1:26 p.m. and 5:53 p.m. UTC, January 28, 2021 BSC address 0xFd6042Df3D74ce9959922FeC559d7995F3933c55 used the aforementioned function to drain the protocol’s $2 million worth of crypto, swapping all of it into the network’s native coin, BNB, in the process. PopcornSwap LPs had lost everything. The attack ended at 5:53 p.m. UTC, January 28, when Fake_Phishing7 initiated a final transaction swapping 250,913 Binance-pedgged USD Coin (USDC) for 5,536 BNB. This left the scammer with approximately 48,511 BNB, worth $2 million at the time (and $10.8 million now), held in its address.

PopcornSwap funds have remain unmoved for over two years. Source: BSC Scan

Victims seek assistance from Binance

The PopcornRugPull Telegram group was created by rug pull sufferers. They urged one another to contact Binance and report the fraud, requesting that Binance put a hold on the con artists’ address to prevent any money from being cashed out. Some individuals thought Binance could lock the con artist’s private wallet address. Others countered that since a centralized exchange cannot freeze a private wallet address, this was impossible.

A Popcornswap victim urging others to report the fraud. Source: Telegram.

Action is taken by the exchange.

Binance reacted to one of the PopcornSwap victims on January 29, 2021. A person by the name of “Richie” uploaded a picture of the email they had received. In it, the Binance customer support representative made the error of saying that “the scammer’s wallet has been frozen.” Richie and all other PopcornSwap members were advised by the customer care representative to wait “until the whole situation gets resolved by authorities.”

Caption: Binance customer support representative stating in early 2021 that the Popcornswap scammer’s address had been frozen. Source: Telegram.

However, as of October 2022, the missing money has not been recovered, and all attempts to contact customer care were received with boilerplate emails directing consumers to call the police. The exchange’s seeming callous response to consumers’ demands for payment baffled PopcornSwap victims. Blockchain data, however, demonstrates that, at the time of these accusations, neither Binance nor the company that had stolen customers’ money were in possession of any of the stolen monies.

Data from BNB Smart Chain demonstrates that the scammer’s address was not frozen before October 6, 2022, in contrast to the claim made by the customer support person for Binance. Instead, the money stayed in the attacker’s account and was never transferred to another network or deposited to a centralized exchange. The fraudster was unable to cash out their haul and never made money from the attack. However, this failure was not the result of any freezing action taken by Binance, but rather the scammer’s own lack of initiative.

The freeze on October 6, 2022

The BSC Token Hub bridge was taken advantage of on October 6, 2022, in an assault unconnected to the PopcornSwap scam. The exploiter issued 2 million BNB on Smart Chain without first depositing them to the Beacon Chain side of the bridge by taking advantage of a flaw in the bridge code. As a result, there were 2 million more BNB available overall on BSC.

In order to effectively keep the funds out of the grasp of BSC validators, the attacker instantly bridged $100 million of the exploited BNB to other networks. BSC developers responded by suggesting a network hard fork that would disable the bridge and lock in the exploiter’s address. The team included a line to the code freezing the PopcornSwap scammer’s address while creating this proposal.

All validators on the BNB Chain have unanimously endorsed this upgrade. As a result, after October 6, 2022, neither the PopcornSwap scammer’s addresses nor the bridge exploiter’s addresses are permitted to conduct any outward transactions. The new plan did not, however, include code for moving the frozen cash to a different location. According to victims, Binance could have taken additional steps to lessen the incidence.

Binance reacts.

An official from Binance verified that the October 6, 2022 proposal to freeze the address 0xFd6042Df3D74ce9959922FeC559d7995F3933c55, popularly known as “Fake_Phishing7,” was made by Binance in a conversation on August 31. The spokesman added that this was only a proposal that needed validators’ approval in order to be put into action. In this situation, all network validators voted unanimously to accept the proposal. They declared:

“At the request of PopcornSwap victims, Binance proposed blacklisting the attacker’s address alongside the BNB Bridge attacker in October 2022, which was submitted by the BNB Chain team and approved by network validators.”

Blockchain data and Binance both confirmed that the monies were never transferred into Binance’s hands. “We can confirm that the scammer did not transfer funds to Binance, and we don’t have control over the funds,” they said. According to its website, “BNB Chain is an open-source and decentralized ecosystem; wallets and/or their funds cannot be frozen at will [and] governance decisions are coordinated by the community.”

According to Binance, the inquiry is still ongoing, and the exchange is prepared to cooperate with law enforcement if it may be of help. The statement continued, “This case is still being investigated, and our investigations team is always prepared to support law enforcement in their search for those responsible.”

A warning from the Pocornswap scam

More than $2 million of the victims’ hard-earned money was lost as a result of the PopcornSwap fraud. They looked to Binance for assistance after learning that it had created BNB Smart Chain. Because blockchains are decentralized, the exchange declined to assist. With the support of BNB Chain validators, Binance then changed direction and froze the con artist’s private address.

Another lesson to be learned from the PopcornSwap fraud is the dangers of employing smart contracts. Since forks of a blockchain effectively require unanimous approval to be established, the victims would have a difficult time getting paid by validators if a smart contract contains a flaw that permits an attacker to siphon off users’ funds. Blockchains are designed in this manner. Also, keep in mind that, despite their decentralized promises, entities can, if they so choose, exert control over users’ assets.CRYPTOCASTER® - DECENTRALIZED FREEDOM!

We hope you appreciated this article. Before you move on, I was hoping you would consider taking the step of supporting CryptoCaster’s journalism. 

From  Elon Musk, Larry Fink(BlackRock) to Jamie Dimon(JP Morgan Chase) a number of billionaire owners have a powerful hold on so much of the hidden agendas’ which eludes the public concerning the paradigm shift juxtaposed by cryptocurrency and web3 emerging technologies. CryptoCaster is different. We have no billionaire owner or shareholders to consider. Our journalistic efforts are produced to serve the public interest in crypto development and institutional disruptions – not profit motives.

And we avoid the trap that befalls much U.S. and global media – the tendency, born of a desire to please all sides, to engage in false equivalence in the name of neutrality and retail consumer protection. While fairness and transparency dictates everything we do, we know there is a right and a wrong position in the fight against fiat global banking interest and monetary reconstruction precipitated by the emerging crypto ecology.

When we report on issues like the FTX, Binance and Ripple crisis, we’re not afraid to name who or what is uncovered. And as a crypto sentinel, we’re able to provide a fresh, outsider perspective on the global monetary disruption – one so often missing from the insular American and European media bubble. 

Around the world, readers can access the CryptoCaster’s paywall-free journalism because of our unique reader-supported model. That’s because of people like you. Our readers keep us independent, beholden to no outside influence and accessible to everyone – whether they can afford to pay for news and information, or not.

We thankyou for the on-going support our readers have bestowed monetarily. If you have not considered supporting CryptoCaster, if you can, please consider supporting us just once from $1 or more of Bitcoin (satoshi) or Eth, and better yet, support us every month with a little more. Scroll further down this page to obtain CryptoCaster’s wallet addresses.

Thank you.

Kristin Steinbeck
Editor, CryptoCaster

Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.

Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
MATIC – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
LITECOIN – ltc1qxsgp5fykl0007hnwgl93zr9vngwd2jxwlddvqt


You may also like