Add Robinhood Markets (HOOD) to the list of parties affected by crypto frauds – the online brokerage’s social media profiles on Wednesday promoted the launch of RBH, a new scam token on the BNB Chain.
The crypto ecosystem was quick to presume that Robinhood’s social accounts, which have 1.6 million followers across Instagram, Twitter and Facebook, had been hacked, and that the launch of the RBH token on the Binance Smart Chain was a fraudulent crypto project.
Binance CEO Changpeng Zhao said the situation “looks like Robinhood account got hacked” and stressed the importance of critical thinking when assessing the promotion of a coin on the BNB Chain.
Even though the Robinhood tweet has since been taken down, 61 addresses hold RBH, according to BscScan, and $16,335 worth of wrapped BNB had been transferred in exchange for the “new” token in a PancakeSwap liquidity pool, as of press time.
“Based on our ongoing investigation, we believe the source of the incident was via a third-party vendor,” said Robinhood in a statement after becoming aware of the unauthorized posts from its social media profiles.
While the amount of money lost remains relatively low compared to the massive hacks that occurred in 2022 – the $325 million from the Wormhole bridge attack and $200 million from the Nomad bridge exploit being two of them – these efforts are likely to continue.
This is not the first time Binance has had to warn about hacks targeting its users. Roughly 12% of all BEP-20 tokens, the standard token on BNB chain, are connected to scams, according to crypto risk monitoring firm Solidus Labs.
Moreover, when conducting a trade between wrapped
BNB (wBNB) and RBH on PancakeSwap, a crypto exchange built on the BNB Chain, users are warned before executing the trade that the RBH token comes from an “unknown source” and is “high risk.”
How it happened:
Today’s scam started when a Binance hot wallet that holds $19.6 million in various tokens sent the scammer some BNB, the native token for Binance, worth roughly $1,000 (Tx1 and Tx2).
Afterwards, the scammer conducted several test transactions to create BEP-20 tokens (Tx3, Tx4) and to add liquidity for PancakeSwap pools (Tx5, Tx6) before triggering a transaction that minted 100 million RBH tokens into its address.
The scammer then activated a transaction to add the 100 million RBH tokens and 3.1 wrapped BNB tokens as liquidity into the PancakeSwap liquidity pool.
The grift culminated when Robinhood posted the launch of the scam token on its social media accounts, which increased the volume sales in the liquidity pool composed of the two assets: wBNB and RBH.
Roughly $3.7 billion were lost to various attacks, hacks and scams in 2022, per Blockchain Security Firm CertiK. It remains to be seen how 2023 will fare. DYOR always.
Source: CoinDesk