Decoding Magnate Finance’s $6.4 Million Rug Pull

Summary

On the 25th of August, Magnate Finance executed an exit scam ( Rug Pull ). The scam was made possible when the developer modified the price oracle address to manipulate the prices directly. The TVL was dropped by around $6.4 Million.

The deployer is also linked with past rug pulls of –

• Solfire’s $4.8 Million on January 23, 2022
• Kokomo Finance’s $5.5 Million on March 27, 2023

The complete scam happened on BASE chain, an Ethereum L2 built by Coinbase.

Vulnerability Analysis & Impact

On-Chain Details

Deployer Address 0x4bdac0b6eeda6211f43178899cb73670b1952c40

Mainnet 0x4bdac0b6eeda6211f43178899cb73670b1952c40

Contract Address 0x6a8fbf751c92a8c922428c0ffc5a89e709f7e505

Attack Transaction 0x39555e75d76b294248a434fdfe9640e0cfe3f22bd7fceb675fd4ef4b5e02f719

Exit Scam Steps

• The scammer first changed the provider through their Multi-Sig Wallet
• After then, the address of Price Oracle was changed to directly manipulate the price.
• Then they used cDAI to borrow other tokens and exited the scam.

After the Incident

• After the hack, they quickly deleted their website and social media accounts, including Twitter, Telegram and Website.

• The scammer has successfully bridged the stolen funds to different chains. See here.
• These are the addresses on the BASE chain where the funds are currently residing

0xa146dffe1c304a8a3de74c460ffe8dc73e5ce6e1

0x0664faf5afecde5958d8b32258e012c3788006a3

Price Impact

The price of MAG tokens dropped by 86% after the incident.

Why QuillAudits For Web3 Security?

• QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of hundreds of protocols in funds.
• Our team of highly skilled auditors have secured over 1M lines of code and $30B in amount.
• Over the course of multiple years, QuillAudits has been proven to be one of the top choices for protocols to get their codebases audited.