$146 000 USD

JUNE 2021

GLOBAL

BEETSFARM FINANCE

DESCRIPTION OF EVENTS

"First Polygon yield farm with auto decreasing emission rate!" "It ain't much but it's honest work!"

 

"We are first ever Polygon yield farm with a supply hard cap built into our contract! The emission rate of BEET automatically decreases over time asympotically reaching 0, guaranteeing that the total supply will never surpass 51 000 tokens."

 

"Your trust and peace of mind is critical to us: BeetFarm has been built ground-up with security in mind. It made us sad to see the amount of rugpulls, scams, exploits and hacks that were going around."

 

"Our mission is to provide the highest quality product where the safety of your funds is the most important. We know very well that only transparent cooperation allow us to create something big."

 

"As a Goose Finance fork, our base code has been audited numerous times. We’re using the most secure, audited and battle-tested code, to better protect your funds."

 

"Migrator functions have been removed: no rug-pulls here!" "The Migrator is often used by malicious developers/hackers to steal users' funds. This is impossible on BeetsFarm, as the migration capability has been completely removed from our code."

 

"We are here to stay, we have ambitions to become a top Polygon farm, we will be honored if you participate in this project with us!"

 

"Every farm is a copy and paste. Difference is in the approach to the project. carefully prepared documentation, own idea for emission rate, clearly stated marketing strategies and roadmap, answering questions on a telegram, etc."

 

"According to DappRadar, 289 unique users are registered on Beetsfarm, and the volume of transactions processed by its smart contract does not exceed $245,000 (~£177,390). With that said, almost all the transactional activity recorded by the service falls on 17th June."

 

"Polygon-based Beetsfarm Finance, a DeFi project that specialises in yield farming, has been accused of fraud. The team behind RugDoc.io accused the developers of stealing more than £86,880 from Beetsfarm users."

 

"BeetsFarm Finance project stole $100K+ users funds after calling a backdoored emergency withdraw function." "RugDoc service specialists accused the developers of stealing more than $ 120,000 from users."

 

"To imagine the scale of what the programmers saw, think about the fact that a smart contract gives anyone access to your wallet after you have approved the interaction with this very smart contract. In other words, anyone can make a transaction from your wallet to the project team's wallet."

 

"The base code of the project also has an emergency withdrawal of funds feature in place (emergencyWithdraw). RugDoc specialists found a similar exploit in it with one crucial difference. Instead of withdrawing assets to the user’s wallet corresponding to the ‘_wallet’ parameter, the function transferred them to the project administrators’ address, designated as ‘wallet’."

 

"According to experts, the project administration stole a significant amount of money due to the feature of unlimited funds transfer. Through the emergency withdrawal the users’ assets were then moved to the address which contains more than $123,000 (~£89,060) in various tokens." "Users are sounding the alarm on social media, claiming that their LP tokens disappeared right after they made a deposit. Meanwhile, the amount on the developers' wallet has already exceeded $146,000 and is still growing."

 

"Following the "classics" of scams, the Beetsfarm developers keep a mysterious silence, and the team's Telegram channel has already been deleted. There are only a couple of entries left in their Twitter account, but access to it is also partially limited by the social network."

 

"There were no statements from the Beetsfarm team following the incident. The project’s Telegram channel was deleted, and its Twitter account was marked as ‘restricted’."

BeetsFarm Finance made a multitude of claims centered around gaining the trust of the user, and in the end, the only difference between a secure contract and the insecure one they set up was a single underscore.

 

After gaining the trust and permissions of a vast swath of users, the project used the terms of their contract to withdraw all the user's funds from their connected wallets.

HOW COULD THIS HAVE BEEN PREVENTED?

The most secure form of storage is offline multi-signature wallets held by known trained background checked individuals - not smart contract hot wallets written and launched by an anonymous individual or team.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.