On-chain investigator Specter has issued a community alert flagging CodexField, a project on BNB Chain, as a potential scam and rug pull, alleging that it raised more than $85 million from users and is moving those funds through a pattern that looks nothing like ordinary treasury management. The allegations are unproven, but the project’s reaction to the scrutiny has only deepened the concerns.
The alert, and a telling response
In his investigation, Specter said on-chain tracing showed CodexField, a project he noted had been heavily promoted by BNB Chain, had generated over $85 million to date.
He then flagged what he called unusual fund movements: wallets linked to the project bridging $17.3 million in USDT from the TRON network to Ethereum, then swapping the funds for the DAI stablecoin on Polygon via Bitget Swap. Of that sum, roughly $6.5 million had been moved with about $10.8 million still in process, and the original funds, he said, had been bridged to TRON from Ethereum around six months earlier from a wallet tied to a CodexField deposit contract.
What turned suspicion toward alarm was the project’s response to being investigated. In a follow-up, Specter reported that CodexField had changed its handle on X to @CodexField_AI and taken down all of the subdomains that had been used to collect deposits.
“The timing of these changes immediately after the investigation raises serious questions and further strengthens my concerns that the project may be a scam and potential rug pull,” he wrote, again calling on Binance’s leadership and BNB Chain to examine the project’s activity.
It is worth stating plainly that a name change and a website takedown are not proof of fraud, and CodexField has not publicly responded to the allegations or offered an explanation of its fund movements. But the sequence — the quiet withdrawal of the deposit infrastructure the moment questions were raised — is the opposite of the transparency a legitimate project under scrutiny would typically offer.
The red flags stacking up
The specifics Specter documented form a familiar pattern. CodexField operated a “CodexForge Hashrate Staking” product that asked users to deposit USDT in multiples of 100, with a minimum of $100 to participate—a structure promising returns on “hashrate” that mirrors a long-running category of high-yield deposit schemes, where users hand over stablecoins against the promise of mining-like yields.
That model, common among fraudulent operations, concentrates user funds in team-controlled contracts rather than any transparent, auditable pool. The domain and contract picture compounded the concern.
Specter noted that the blockchain security tool BlockSec MetaSuites labeled CodexField’s deposit contract as “Fake CodexField,” yet his own investigation concluded the contract appeared to be operated by the CodexField team themselves—a confusing state of affairs in which the “official” and “fake” versions blur together.
The project ran multiple near-identical domains and subdomains, spanning both .co and .com variants, all funneling user deposits, and Specter pointed to community members who had earlier asked the team whether the .co domain was even official because users were reporting the site was scamming people. A YouTube tutorial had circulated showing users how to deposit through one of those domains using the very contract flagged as fake.
Then there is the money trail itself, which Specter argued is the clearest signal. Rather than a straightforward treasury, he described funds being bridged across multiple chains, passed through intermediary wallets, and ultimately routed to centralized exchanges, with two TRON wallets alone depositing more than $3.4 million to exchanges. Cashing user deposits out to exchanges through a maze of intermediary hops is a hallmark of an operator preparing to disappear with the funds, not one managing a business.
The accountability question, and a warning for users
The episode raises an uncomfortable question about BNB Chain, which Specter said had promoted the project. A chain lending its promotional weight to a project now facing credible rug-pull allegations does not make the chain culpable for any fraud, but it does underscore the responsibility that comes with such endorsements, and Specter’s repeated tagging of CZ and BNB Chain amounts to a public demand that they investigate what they helped elevate. As of publication, neither had issued a public response to his findings, and the allegations against CodexField remain unproven claims based on on-chain analysis rather than established fact.
For users, the practical guidance is straightforward and urgent. Anyone with funds deposited in CodexField should treat the situation with extreme caution, and prospective participants should steer clear until the team provides a transparent, verifiable explanation of the fund movements, as Specter documented an explanation that has not yet been provided.
The broader lesson is one this category of scheme keeps teaching: products promising steady returns on “staking” or “hashrate” in exchange for stablecoin deposits, gated behind a low minimum to widen the pool of victims, deserve deep skepticism, particularly when the operator’s fund flows lead to exchanges rather than any auditable reserve. Victims of such schemes should also be wary of the “recovery” services that inevitably follow, promising to retrieve lost funds for an upfront fee—these are almost always a second scam. In a space where a project can vanish by simply renaming an account and deleting a webpage, the burden of proof sits with the operator, and CodexField’s silence, so far, speaks loudly.
Also Read: India’s Crypto Crackdown: Surat Engineer Held in ₹24.72 Cr Fraud Probe
