Decoding Magnate Finance’s $6.4 Million Rug Pull

Updated at: June 17, 20244 Mins Read

Author:

Summary

On the 25th of August, Magnate Finance executed an exit scam ( Rug Pull ). The scam was made possible when the developer modified the price oracle address to manipulate the prices directly. The TVL was dropped by around $6.4 Million.

The deployer is also linked with past rug pulls of –

  • Solfire’s $4.8 Million on January 23, 2022
  • Kokomo Finance’s $5.5 Million on March 27, 2023

The complete scam happened on BASE chain, an Ethereum L2 built by Coinbase.


Vulnerability Analysis & Impact

On-Chain Details

Deployer Address 0x4bdac0b6eeda6211f43178899cb73670b1952c40

Mainnet 0x4bdac0b6eeda6211f43178899cb73670b1952c40

Contract Address 0x6a8fbf751c92a8c922428c0ffc5a89e709f7e505

Attack Transaction 0x39555e75d76b294248a434fdfe9640e0cfe3f22bd7fceb675fd4ef4b5e02f719


Exit Scam Steps

  • The scammer first changed the provider through their Multi-Sig Wallet
  • After then, the address of Price Oracle was changed to directly manipulate the price.
  • Then they used cDAI to borrow other tokens and exited the scam.
Exit Scam Steps

After the Incident

  • After the hack, they quickly deleted their website and social media accounts, including Twitter, Telegram and Website.
website
social media account
  • The scammer has successfully bridged the stolen funds to different chains. See here.
  • These are the addresses on the BASE chain where the funds are currently residing

0xa146dffe1c304a8a3de74c460ffe8dc73e5ce6e1

0x0664faf5afecde5958d8b32258e012c3788006a3


Price Impact

The price of MAG tokens dropped by 86% after the incident.

magnate finance price chart

Why QuillAudits For Web3 Security?

  • QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of hundreds of protocols in funds.
  • Our team of highly skilled auditors have secured over 1M lines of code and $30B in amount.
  • Over the course of multiple years, QuillAudits has been proven to be one of the top choices for protocols to get their codebases audited.

Partner with QuillAudits

  • OG Program (Opportunities for Listing Managers, KOLs, Top Advisors and Investors with access to early stage Web3 projects)
  • WAGSI Program(Claim audit credits to avail exclusive discounts on our auditing package, and additional credits for our automated web3 security infra- QuillShield)
SUPPORT

Need Integration Support?

Talk to an expert

QUILLSHIELD

Explore QuillShield

Get Free Audit Credits

QUILLCHECK

Visit QuillCheck

Detect Rug Pulls on the Go

Subscribe to our Newsletter

Your weekly dose of Web3 innovation and security, featuring blockchain updates, developer insights, curated knowledge, security resources, and hack alerts. Stay ahead in Web3!