A closer look at the “Lucky Star Rug Pull”, a $1M Cryptocurrency Heist

Singapore, October 11th 2023 — Navigating through the vast Decentralized Finance (DeFi) and Non-Fungible Token (NFT) space requires sharp awareness and a skeptical eye. An example that underscores this imperative is the recent “Lucky Star Rug Pull” incident that took place on the Binance Smart Chain (BSC) Mainnet. This event, reported by news sources like Cointelegraph or projects like CertiKAlert, entails the unauthorized withdrawal of LSC tokens, subsequently exchanged for BUSD and accumulated at a single address, costing the stakeholders an estimated $1 Million.

Our in-house research team at Uppsala Security assessed the case to uncover any noteworthy findings.

Incident Breakdown

The strategy employed by the malicious actor(s) appears rather straightforward yet carefully executed. LSC tokens were illicitly withdrawn, converted to BUSD, and ultimately consolidated into a single address (0x23f8c805306Bf27AB8bf3cEbEce4B778acfFd896).

In a brief, here’s how the event unfolded:

• Withdrawal of LSC tokens from the system
• Swap of LSC tokens to BUSD
• Consolidation of BUSD at a single address
• 
  

The wallet addresses involved in this operation, swapping LSC tokens to BUSD and funneling them into the consolidation address, are as follows:

1. 0x9Ef72Ee68a7c841986A0C60e0FDbAE4e27446Deb
2. 0x895c414F17Ef676dd9c18D55D3358D411ba79574
3. 0xFA24FcAff5A51965F762101c2BD4E46302a2Bd64
4. 0x8789DA3886386740DD775C95E18820BEe339a48A

Examining the consolidation address reveals an interesting aspect: it harbors a history of other incoming funds prior to this incident. Could it be a mere coincidence or an intentional confusion tactic? Or does this address serve as a confluence point for funds derived from other criminal activities?

The intersection between multiple streams of incoming funds, presumably from various illicit endeavors, suggests a plausible continuity among them. This intriguing convergence propels an inquiry: is there a common threat actor masterminding multiple cyber-attacks?

Image captured from the Crypto Analysis Transaction Visualization (CATV) Dashboard.

On December 18th 2023, it was observed through CATV that funds were laundered to known entity MEXC Global Exchange.

The Lucky Star incident serves as a grim reminder for stakeholders, developers, and investigators within the cryptocurrency ecosystem to forge ahead with elevated diligence and skepticism. Deploying advanced security protocols, conducting rigorous smart contract audits, and fostering a culture of security awareness among users are paramount.

About the Crypto Analysis Transaction Visualization (CATV) Tool

The Crypto Analysis Transaction Visualization (CATV), developed exclusively by Uppsala Security’s expert team, serves as a sophisticated yet seamless forensic tool that offers in-depth insights into cryptocurrency transaction flows. This tool is designed to trace both inbound and outbound transactions linked to a specific wallet. CATV empowers users to effectively track, analyze, monitor, and graphically visualize cryptocurrency transactions, highlighting the flow of tokens and their interactions with various entities like exchanges and smart contracts.

About 

Uppsala Security is a leading provider of innovative security tools and services, specializing in Crypto Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF), Transaction Risk Management, Regulatory Compliance, and Transaction Tracking. With a team of experts dedicated to staying ahead of emerging threats, Uppsala Security empowers organizations with the knowledge and tools to safeguard their operations in the fast-paced world of cryptocurrencies.