1. Scammer’s wallet with all the lost fund was officially blacklisted since 06/10/2022.

2. I will publish a script to calculate all the individual loss according to onchain data.

3. This is only my personal idea, nothing is finalized at the moment.

What happened on 28/01/2021 (the day of Rug Pull)?

Roughly 10 hours after the launch of the Popcornswap’s yield farming, the scammer sent a transaction to the “masterchef” smart contract which enabled the scammer to pull all the assets out of the staking contract. The scammer then converted all the stolen assets into 48,510.94 BNB via various approaches and stored them all at address 0xFd6042Df3D74ce9959922FeC559d7995F3933c55. However, those BNB remain untouched since that day. Normally other scammers who conducted such Rug Pulls would have transferred stolen assets as fast as possible into Ethereum network and eventually into tornado cash. It is unknown why in this Popcornswap case the scammer chose to leave all the funds at the origin phishing wallet.

When and why the scammer’s wallet blacklisted?

On 06/10/2022, the entire BNB chain halted due to the most serious exploit on BSC ever that attackers making off with an estimated $100 million worth of cryptocurrency. Around 8 hours later, core devs from the BNB chain community released a urgent fix v1.1.15 which freezes the wallet address of this hacker. In both the announcement from BNB chain community blog and release note from Github, they only stated “several blacklist addresses are prohibited for further transactions due to the exploit.”, but indeed, with the help of Symbiotic from Binance Angel, the wallet of Popcornswap scammer was also frozen, which could clear be found out in the corresponding code under directory ./bsc/core/types/blacklist.go. At the day of publication of this article, the link is:

https://github.com/bnb-chain/bsc/blob/cb131fabe5fb9570180e7030a293a984f17c2446/core/types/blacklist.go.

Status quo is, although BNB chain community mentioned there would be an on-chain governance / vote to determine further actions, there is actually zero public information or news related to such governance/vote after nearly two months.

What should we do?

No matter governance / vote or not, no matter which legal approach should be taken, there are two things are crystal clear: 1. the Popcornswap scammer now has ZERO chance to move the fund, 2. If we victims would retrieve the lost fund, we need to reach a consensus and try our best. Hereby I would like to propose a solution which I would briefly illustrate the steps.

1. Each victim should make sure the seed words or private key of the BSC wallet which was involved in the Popcornswap scam is still available.

2. Submit your stolen wallet address and telegram handle (a google form would be created for this later)

3. Prepare the scan of the initial police report and all related files from local law enforcement department.

4. Keep an eye on the latest activities from BNB chain community blog/twitter/forum and communicate in our telegram group.

What should we expect? When refund?

The refund of Popcornswap would be unprecedent for BSC in many ways.

As far as I know Binance Angel (I believe they are part of BNB chain community) helped many victims to get the stolen fund back from BSC rugpulls. In most of those cases, Binance Angel team made contacts with scammers via multiple approaches, scammers’ identifies were somehow revealed and they returned fund under the pressure from underlying legal enforcement.

But in our case, the total 48,510 BNB would remain untouched unless the BNB chain community decides to revoke the freeze. Assuming the freeze is finalized, the refund of those BNB would be processed through BNB Pioneer Burn Program. The BNB burn program was carried out quarterly, we would expect the earliest refund happen in 01/2023 since the latest BNB burn was performed on 13/10/2022.

We might also be asked to go through a KYC process w/o police reports or similar supportive materials. In the statement of BNB chain community on 06/10/2022, they mentioned a community or an on-chain governance vote to decide further actions, however Popcornswap was not in the context. It is hard to say whether an on-chain governance is necessary in our situation.

How to calculate the individual lost and the according BNB refund amount?

It might be hard to reach a consensus regarding the calculation of lost fund and BNB refund amount.

The determinant Transaction of Popcornswap Rugpull happened at 01/28/2021 05:46:31 PM +UTC, blockheight 4392031 on BSC, hash: 0x983161aa0987f15dc25c40b8ecbf3c701324911000782736246ac2b9a17a8257.

I would manually take a snapshot of Binance USDT spot pair prices, while all stable coins would be calculated as 1USD. For example, Bob staked 1.5 ETH and 47.8 BNB into Popcornswap, at the time of Rug Pull, the price of ETH was around 1,344.78 USD while BNB was around 42.2 USD, so the total amount that Bob lost was 2,689.58 USD. And I would write a script which could calculate the stolen value of all the relevant addresses. Assuming the all the calculated lost value is 2.2M USD, so Bob’s lost value equals roughly 0.1222% of the total value, then Bob’s refund BNB amount would be 59.30 BNB.

All in all, there are still many uncertainties until we get the refund. This is just an early reminder of what I would do and what I suggest the whole community to do. I would likely to focus on the code of calculating firstly, but all the suggestions would be appreciated. I would adjust some parameters according to the discussion in telegram group.

Surely I reported to binance, and they asked for the exact TxID, which one? I checked on the emerald explorer, found the tx but there was absolutely no useful info in that tx. Then I switched to Oasisscan, checked the paratime Tx.. yes I found the one which looks legit.. binance address, my wallet, exact number, should be fine. But after 10 days, binance reached out to me “Dear user, your deposit TXID is under the type "Paratimes" which is expired after a certain time and hardly found, please contact your withdrawal platform to get a stable TXID which will not be expired and then come to us and we'll help to check for you. Thanks!“

I clicked on the txid I provided, the page turned into null value after several days.. so called “unstable TXID“..

This is not rare, and not only happens on binance, as well as gate.io, kucoin, mexc.. There are quite a number of similar complaints in oasis telegram group each day, and no feasible solution was available..

So I turned to binance again, nicely described again my whole story in detail via service chat, and provide the STABLE TxID on Oasisscan (but not paratime!), now follow this carefully:

1. go to oasis scan, search your binance deposit address;

2. find those Tx with this roothash.Executor.. type, this means the transactions using the paratime withdraw function from emerald layer to consensus layer;

3 there would be too much contents there, but just search that binance deposit address within the page (e.g. Ctrl + F5 on windows), and you will see lines like these, well both address and amount of tokens matched.

I filed a ticket the third time according to this issue using this Tx, and asked nicely to the service guy in chat to push this ticket quicker. And within one hour, I got the mail that the Tx was manually checked and ACCEPTED, fund recovery processing..

Oasis network launched their EVM Compatible layer (layers in Oasis are called paratime) “Emerald” at end of 2021, but total TVL on Oasis remained low until the launch of YuzuSwap. Users must firstly download the official chrome extension wallet to get the personal wallet address on the main “Consensus“ layer, but then… you must import the PRIVATE KEY of your own ERC20 wallet to be able to use their EVM layer. “The Oasis Network is the world's first scalable, privacy-enabled blockchain…“ etc.etc.. but we need your private key, that’s not strange at all, right?

Anyway, native rose tokens could be withdrawn directly from binance, then bridged to that imported ERC20 address on Emerald layer through the oasis extention wallet, while other assets could be bridged via wormhole (only from ethereum!). Everything works well and assets are bridged almost instantly.

To avoid the deposit issue, just bridge rose firstly to your own consensus wallet, then send to CEXs.