Who is Jason Lee — Did he steal MILLIONS from various DeFi Projects?

6 min readNov 4, 2021

Here is a story of a guy who has stolen millions from multiple projects, with a valid LinkedIn account/valid GitHub till this point.

There are two stories I am publishing about him.

The Part I has been told to us by the owner of Whale token. *not taking his name for security reasons*

Part II is about the exploitation of PartDoge’s contract.

But before you read both the stories, meet the person we have identified from the information currently at hand to us and from our experience, Jason Lee who is a serial scammer and is out there in the open waiting to scam another project.

Here is his resume.

PART I

*taken from previous article of project which was exploited by Jason who has now returned funds after the below was written providing data about his movement*

Feel like playing detective? Love a good mystery? Well I have two stories to share with you full of intrigue, spies, assassins’…well.. okay it isn’t that interesting. But it should shed light on one of the most prolific scammers in the NFT Space today.
Meet Jason Lee: https://www.linkedin.com/in/jason-lee-10800420b/

(in the first hour of this being published he removed his LinkedIn Profile, and then put it back online without his picture) *now the profile has been taken down*
GitHub: https://github.com/pudgePenguin (was previously under a different name)
Discord: 0xJason or Punk1004.eth (he uses both — more on that later)

I like to start at the end (love Quentin Tarantino so here is a recorded phone call where he admits to doing everything in this post + tries to get more (his balls should be in a museum… anyone know where he is so we can make that happen)…
Listen to the call: https://www.screencast.com/t/ozUr4S70p

Image taken from zoom call on 11/3/2021 — That’s me on the right So what did he do to deserve so much attention? The easy answer..
Copy from our contract with read exploit for .env file, what the heck does that mean?
He tried to put a backdoor on our contract giving himself the ability to withdraw from our contract. We found and and stopped it.

Then concerned about what else he might do we reviewed the code and decided to withdraw our funds and launch a new contract. When we did… POOF like the Magic Dragon in was gone (or was that PUFF)..
Our contract: https://etherscan.io/address/0xfe212549ed8d3aa4d8ed16bcfcaf248003aa8f7f
Our wallet: https://etherscan.io/address/0xbb5719ea8161ed1a040814ce6f9d19846800b6ee
His wallet: https://etherscan.io/address/0xeeec10555c9ad858fec614fa58a4b5999d57d20b
Next step: https://etherscan.io/address/0xb1208c8ac6f7c043fd76ccab6aaa0ea87f91af0a
Next step: https://etherscan.io/address/0x93f7264e8a8dc03456912c7e28b9fb6cfe682c23
Then out to Binance.

So now you may ask “How in the heck did you let him do this to you, why did you give him your seed phrase?”
We didn’t. That little screenshot of our contract above shows he put a read command in for our .env file which holds our seed phrase. Sneaky little F-er.
Aww man sucks for you… well, yes.. yes it does.. BUT WAIT THERE’S MORE!

As of yesterday 11/4/2021 (Nov 4th for the rest of the world.. why do Americans have to make everything so difficult?). He was working for YAM finance (yam.finance) (I will use their names because.. well I hope they are being truthful that they fired him. He’s still using the same Github so it won’t be hard to tell).

The team at YAM finance (yam.finance) was great.. WAS is the important word.
First they pointed out that the GitHub I shared with them was a copy of punk1004 (I said this would get interesting).. oh no someone copied his GitHub.. must be a scammer.. well…
So they confirmed the person in the picture and on the recording WAS in fact the same Jason working for them… WOW.. this dude has some balls. His GitHub is somewhat legit (if you get to the source version) and his LinkedIn is somewhat legit (based on the companies he’s worked for).. One thing.. is is NOT from Boston like it says.
So they say they fired him. In all fairness he doesn’t appear to be in their Discord BUT they deleted the above conversation (have you ever heard of screenshots).. That seemed a little fishy to me.
Oh the stories we’ll tell our grandchildren.
BUT WAIT THERE’S MORE.
Post to Dev Discord Server made the above post into a Dev Discord Server.. I’ve had at least a dozen people respond with horror stories. They even made a new connection!
Our friend Jason’s resume…Check out his reference..
Okay they worked together. Are they one in the same.. or are they working toether?https://www.linkedin.com/in/maxsim-boiko-jin-1877b7205/ — The jury is still out on this one.. but feel free to do a little research and let me know what you come up with. Oh the stories we will tell.

End of Part I

PART II

Now coming to our story, we started a token called PartyDoge and we hired Jason Lee to help us with the contract and deployment.

He developed the contract, and pretty much did the same thing of stealing the private key of the owner by asking him to provide the seed phrase in the .env file and then hacked the seed phrase.

And then there was a wait from his side to strike.

So, on 2nd Nov 5:00 PM UTC, 2021 we filled the public sale of 800 BNB, next day was the launch. Now that money had flown in, some 8–10 hours before the launch, he transferred the ownership of the contract to his account, and then set the marketing wallet to one of his accounts.

Once he became the owner, he activated PinkSale to unlock the tokens, but was unaware that the safety mechanisms would send 70% of the raised BNB to LP and not to him. However, the remaining marketing budget of 30% went to the below wallet instead of the PartyDoge wallet since he updated it through the contract:

0x099336af1b84fe02f1fe695820024f46cb27b1af

Let’s try to understand the whole story little more technically.

Our Party Doge Contract Address - 0x755aC080dee047b364b485D36eD8275Ae2373F71

Initial ownership was with HR, one of the founders of Party Doge. HR’s address — 0xb37069bd1d35532ac9e39b8d55ff5d6d7fd88ab2

Jason then changed ownership and marketing address to one of his address es— 0x099336af1b84fe02f1fe695820024f46cb27b1af (Jason’s Address)

Below are the transaction hash for both the activities.

Ownership change transaction hash/link — 0x7155b8f9f22164486f3223068f2b99b62caa279923657336c08d25b5376e92b2 (https://bscscan.com/tx/0x7155b8f9f22164486f3223068f2b99b62caa279923657336c08d25b5376e92b2)

Marketing address change transaction hash/link — 0xec0f08ae84001868ebf459e23bbf2fe69e7f80666a18668bdd4126e2d6e351aa (https://bscscan.com/tx/0xec0f08ae84001868ebf459e23bbf2fe69e7f80666a18668bdd4126e2d6e351aa)

Next, he transferred 249.034052 BNB from this account to his account (0x099336af1b84fe02f1fe695820024f46cb27b1af) — transaction hash/link (https://bscscan.com/tx/0x37cbb6ebdd442850c0d60b0122480771b82be22ae2cf7a007a9713364c583cf4)

After doing all these, he moved 248 BNB to another account (0xD073258096D885004653AA374c46995F887dEF6A) — Transaction hash/link (https://bscscan.com/tx/0x02304662e4fc7b2da90a2d8db6a55c971eda8d2a928697c8f3a2cfecf4b4ac75)

Later transferred Marketing wallet amount to another account 0x93f7264E8A8dc03456912C7e28B9Fb6cFE682C23 account in there phases from his account (0x099336af1b84fe02f1fe695820024f46cb27b1af)

1. 73 BNB
2. 16.528120135015537 BNB
3. 10.252710896194789 BNB

These three transactions can be found here (https://bscscan.com/address/0x93f7264e8a8dc03456912c7e28b9fb6cfe682c23)

So total BNB stolen— 249.03+73+16.528+10.252 = almost 348.81 BNB

And this is not it, he has even dumped Party Doge tokens worth $40K till now. Transaction hash here.

https://bscscan.com/tx/0x1d412902827f16ef2dcc5e587a32efc6b9b3ab1c9e88d6f45b5274d133cebf54

End of part II.