The astrology-themed nonfungible token (NFT) project Lucky Star Currency (LSC) has performed an exit scam for over $1 million, according to an Oct. 9 report from blockchain security firm CertiK.

The project’s deployer account called the “withdrawToken” function on both the NFTMerge and AdwardCenter contracts, removing over $1 million in LSC from them. These tokens were then swapped for the Binance USD (BUSD) stablecoin and sent to another account.

Lucky Star Currency is a project that focuses on NFTs and claims to be founded by astrologists. Its contracts include an Award Center and an NFT Marketplace. It is marketed toward the Chinese crypto investment market. The team promotes the project on X (formerly Twitter) under the username AstrAstrol75591. It also has a Telegram channel. As of Oct. 9, the project’s website and user interface are offline.

Before the alleged rug, Lucky Star Currency was heavily promoted on the Chinese news app Toutiao and Q&A platform Zhihu.

At approximately 02:52 a.m. UTC, BNB Smart Chain address 0x9Ef72Ee68a7c841986A0C60e0FDbAE4e27446Deb removed over 1.6 million LSC from the AwardCenter contract for Lucky Star Currency. In a second transaction, an additional 1.4 million LSC was drained from the project’s NFTMerge contract. After draining the funds, the attacker swapped them for over $1 million in BUSD via PancakeSwap and then sent them to the account 0x23f8c805306Bf27AB8bf3cEbEce4B778acfFd896. This account has been receiving BUSD from various sources for the past 82 days, implying that there may be more than one scam depositing funds into it.

According to CertiK, the contracts that were drained have been listed on Telegram as the project’s official contracts.

Admin Telegram post stating the official addresses for LSC contracts ‘NFTMerge’ and ‘AwardCenter.’ Source: CertiK

In addition, blockchain data shows that the attacking account is the deployer for the AwardCenter contract.

Related: Chinese DeFi protocol WDZD Swap exploited for $1.1M: CertiK

The company that promoted the project claimed to have an office in Shenzhen City, China.

Lucky Star Currency’s office in Shenzhen, China. Source: CertiK, Telegram

Rug pulls from Chinese projects have become a recurring problem in the Web3 space. Running a centralized cryptocurrency exchange is illegal in the country. Because of this, users who deposit into a Chinese protocol that has centralized elements may risk having their funds confiscated by the police.

Over $100 million was lost in July when the China-based Multichain protocol drained all of its users’ funds into an attacker’s account. The team alleges that police have arrested their CEO, but victims are still searching for answers as to what happened to their funds and how they can be reimbursed.