We have the following information:
The presale page, which contains the presale address:
The scam transaction:
https://www.bscscan.com/tx/0x5816a95856ed25705d517fa39f7b858ea81e09f3f4f1d7fc67b97f10fb03e38e
The victim transaction history:
https://www.bscscan.com/address/0xfccbf5ea52d4e7e16b9efe5a19fddcb624190a62
Metamask state log file:
The user claiming they “press the contribute button, and the fund gone to a new random wallet”
The transaction history on their phone:
The user also initially claimed that they only used one device, but later said that they used 2 (PC and mobile)
In the MetaMask state log file, we found one transaction that was sent to the correct presale address:
{
"id": "46275c60-c26a-11ed-a0f2-f70ee20142b7",
"networkID": "56",
"chainId": "56",
"origin": "www.pinksale.finance",
"status": "submitted",
"time": 1678799721766, // Tuesday, March 14, 2023 1:15:21.766 PM UTC+0
"transaction": {
"from": "0xfccbf5ea52d4e7e16b9efe5a19fddcb624190a62",
"data": "0xd7bb99ba", // "contribute" function name
"gas": "0x2de05", // 187909
"gasPrice": "0x12a05f200", // 5000000000 (5 gwei)
"nonce": "0x5fd", // 1533
"to": "0x36cdfd953d469ae9ce8805fcf8b05eeafaf6329d",
"value": "0x9403e96db88690000" // 170650000000000000000 (170.65 BNB)
},
"deviceConfirmedOn": "metamask_mobile",
"verifiedOnBlockchain": false,
"rawTransaction": "0xf8758205fd85012a05f2008302de059436cdfd953d469ae9ce8805fcf8b05eeafaf6329d8909403e96db8869000084d7bb99ba8193a05d3ce11cf93366d55b9f1513d1c2c9e4e7d64785cf5228b459da81120b02c3c8a0271bd0048658c9d1f3e492142b2a21447b726c8de118cf59f761f45e9d295481",
"transactionHash": "0x2ad462cd745029a87a6e80f2cc85e2e2d3ee1e5a6ebc8c6532c69de9a90aeca2",
"insertImportTime": false
}
(comments were added to convert hex values into decimals for easy viewing)
Some important information: