The Lucky Star Currency (LSC) project’s deployer account orchestrated a substantial heist, siphoning over $1 million worth of tokens from the project, ultimately converting them into Binance USD (BUSD) using the PancakeSwap platform.
According to a report dated October 9th by CertiK, a blockchain security firm, the astrology-themed nonfungible token (NFT) project, Lucky Star Currency (LSC), has allegedly perpetrated an exit scam, absconding with more than $1 million in funds. This misdeed was executed through the project’s deployer account, which executed the “withdrawToken” function on both the NFTMerge and AwardCenter contracts, effectively depleting them of over $1 million worth of LSC tokens. These illicitly obtained tokens were subsequently exchanged for the Binance USD (BUSD) stablecoin and discreetly funneled into another account.
Lucky Star Currency is a project with a focus on NFTs, purportedly founded by astrologers. Its contracts encompass an Award Center and an NFT Marketplace, and its target audience is the Chinese cryptocurrency investment market. The project’s promotional efforts were visible on X (formerly Twitter), under the username AstrAstrol75591, as well as through their Telegram channel. As of October 9th, both the project’s website and user interface have been taken offline.
Prior to the alleged rug pull, Lucky Star Currency enjoyed extensive promotion on the Chinese news app Toutiao and the Q&A platform Zhihu.
Around 02:52 a.m. UTC, an address on the BNB Smart Chain (0x9Ef72Ee68a7c841986A0C60e0FDbAE4e27446Deb) drained over 1.6 million LSC from the AwardCenter contract belonging to Lucky Star Currency. In a subsequent transaction, an additional 1.4 million LSC was illicitly extracted from the project’s NFTMerge contract. After successfully draining the funds, the attacker adroitly exchanged them for over $1 million in BUSD through PancakeSwap before transferring them to account 0x23f8c805306Bf27AB8bf3cEbEce4B778acfFd896. Notably, this account has been the recipient of BUSD from various sources for the past 82 days, suggesting the possibility of multiple scams depositing funds into it.
CertiK’s investigation reveals that the contracts subjected to the heist had been falsely presented on Telegram as the official contracts of the Lucky Star Currency project.
Furthermore, blockchain data unequivocally identifies the attacking account as the deployer of the AwardCenter contract.
It’s worth noting that the company that promoted this project claimed to have an office located in Shenzhen City, China.
Rug pulls from Chinese projects have become an alarming recurring issue within the Web3 space. Centralized cryptocurrency exchanges are deemed illegal in China, raising concerns that users who deposit their assets into Chinese protocols with centralized components may face the risk of having their funds confiscated by law enforcement.
A staggering loss of over $100 million occurred in July when the China-based Multichain protocol saw all its users’ assets drained into an attacker’s account. The protocol’s team alleges that their CEO has been apprehended by the authorities, but victims are left grappling with uncertainty, seeking answers regarding the fate of their funds and the prospects of reimbursement.
