The BSC on-chain project StableMagnet ran away and lost USD 24 million. On August 12, the Greater Manchester Police Department announced that it had arrested the suspects of the StableMagnet Finance team who had previously taken away $22 million of users on the BSC. The police found a large amount of stolen Ethereum in the encrypted disk ~ $9M. According to statistics, the remaining amount was returned (overal ~$22M was recovered) and it is now beginning to reconnect with the legitimate owner. However, as demonstrated by the StableMagnet rug pull, Etherscan and BSCScan do not perform verification of linked libraries when verifying the correctness of posted source code.

This means that a smart contract can claim that it is using functions from one smart contract while actually using a different one. This lulls users into a false sense of security because they believe that they have reviewed a protocol’s source code and it looks legitimate. The StableMagnet owners took advantage of this oversight to hide a backdoor in their smart contract that enabled them to drain value from the protocol. Also, the hidden backdoor enabled the attackers to transfer more tokens to all wallets that had approved StableMagnet, enabling the attackers to steal even more value from its users. Following https://cointelegraph.com/news/cyber-vigilante-hunts-down-defi-scammers-running-away-with-25m-rug-pull most money was eventually recovered.