An unnamed ethical hacker told how he tracked down a group of DeFi scammers responsible for the $27 million StableMagnet rug heist. He enlisted the help of the cops. Part of the monies were eventually recovered and returned to investors.
The rug pull was the consequence of a new offensive strategy. Because Etherscan and BscScan do not validate library source code, the StableMagnet hackers were able to utilize a different code library than the one specified in the source code. On the platform, no one checked the SwapUtils library.
Investors were misled by StableMagnet into believing they would receive significant returns on stablecoin deposits. The platform made off with millions of dollars invested by over 1000 members.
Before the attack, the vigilante hacker double-checked the code to ensure the project was authentic, as he was thinking about investing himself. He did, however, overlook a couple of tweets regarding system weaknesses.
He took the loss personally and set out to find the con artists. In an interview with CoinTelegraph, he stated:
“I just felt like this was the only opportunity in my life — to have a very meaningful impact in a situation where most people are not going to have the time and the gusto to do that kind of thing.
He began by identifying a GitHub account and then moved on to the scammers’ family members via social media. The swindle was eventually traced back to a gang of Chinese people in Hong Kong. He also discovered that they were going to Manchester’s Chinatown.
He stated that he did not want them imprisoned because he was opposed to centralized authorities joining the decentralized environment.
He eventually got Manchester police involved, but not before purchasing a one-way ticket to the English city. To his surprise, the police reacted quickly and arrested some of the perpetrators. A portion of the money was recovered. The cops discovered bits of a USB gadget worth approximately $9 million.
Following that, other members of StableMagnet collaborated with the ethical hacker, and the majority of the cash was refunded. He concludes by saying:
“Once that occurred, it was believable to the other project people (scammers) that I wasn’t BSing about finding them and knowing where they were and being able to get them caught. It’s not a good idea to scam, at least not on Binance Smart Chain.”