DeFiDeFi hackers hit BNB Chain-based meme coin launchpad Four.Meme Tuesday morning, forcing the suspension of its token liquidity pool on PancakeSwap.
The attack was initially flagged by blockchain security firm SlowMist, which revealed the Four.Meme exploit was carried out using a vulnerability in the platform’s smart contract.
🚨SlowMist Security Alert🚨
The attacker purchased a small amount of tokens before launch through the 0x7f79f6df function of @four_meme_, and used this feature to send tokens to a specified PancakeSwap Pair address that had not yet been created.
The attacker exploited a critical flaw in Four.Meme’s liquidity mechanism that enabled them to “bypass transfer restrictions and manipulate liquidity pool pricing,” smart contractsmart contract audit firm QuillAudits told Decrypt.
This marks the second time in the last two months that Four.Meme has experienced an attack, which previously saw $183,000 stolen due to a different vulnerability that allowed a bad actor to manipulate liquidity on PancakeSwap.
How the exploit worked
On this occasion, the attacker first acquired a small amount of Four.Meme tokens before the official launch using the “0x7f79f6df” function.
“Instead of holding or transferring them traditionally, they sent the tokens to a non-existent PancakeSwap Pair address,” QuillAudits' report said.
Like many decentralized exchangesdecentralized exchanges, PancakeSwap, which recently saw a surge in popularity, needs a special address (called a pair address) to match up the two tokens in a trading pair (for example, Four.Meme tokens and BNB).
PancakeSwap, a decentralized exchange on Binance Smart Chain, has the largest trading volume over the past 24 hours—beating even Ethereum-based competitor Uniswap.
And according to CoinGecko, all that volume has sent the price of its CAKE token surging as much as 40% in the past day. This comes after Binance delisted Tether from its centralized exchange, prompting an increase in Tether volume on PancakeSwap, and an unrelated surge of interest in meme coins on Binance Smart Chain.
CAKE is up 37%...
Normally, this address is created when the tokens are launched and traded.
In this case, the attacker sent the tokens to an address that didn't exist yet—meaning the pair for the Four.Meme token on PancakeSwap hadn't been created.
Since the pair address didn’t yet exist, the attacker was able to create it themselves. By doing so, the attacker was able to add liquidity (tokens for trading) at an incorrect price, which let them manipulate the system and steal funds from the liquidity pool.
The hacker withdrew 69 BNB from a FixedFloat hot wallet “0x47…c95,” three days before the attack. They deployed multiple contracts to facilitate the attack.
The attacker then sent the stolen 67.3 BNB to one wallet address, “0x4c…805,” and 205 BNB to another, “0x88…456,” the report noted. The 205 BNB was then split and moved across four wallets.
Following the attack on the meme coin platform, the stolen funds of over $174k were moved across several wallets to obfuscate the trail.
The hacker then laundered the stolen funds through PancakeSwap’s $BROCCOLLI 3 contract, QuillAudits said.
A total of 192 WBNB was swapped and distributed across several PancakeSwap contracts, including PancakeSwap DCA 32 (0x77C1dF8...), PancakeSwap MuBrocolli (0xcaC54d89...), and others.
Four.Meme’s response
In response to the breach, Four.Meme halted the launch function and issued an emergency statement.
“We will compensate affected users and provide a damage submission form to collect relevant information,” the platform tweeted on Tuesday.
Currently, https://t.co/IRnIR1BwDd is under attack, and the launch function has been suspended for emergency investigation.
We will compensate affected users and provide a damage submission form to collect relevant information.
A few hours later, Four.Meme announced that operations had resumed after the platform had conducted security checks, asking affected users to file their claims.
Four.Meme's platform has seen a significant increase in activity since its creation, with a total of 74,607 unique tokens being launched on the platform, per data from Dune Analytics.
While the platform has taken steps to prevent future incidents, both attacks point to the ongoing risks facing decentralized platforms, especially those handling large amounts of liquidity in meme coin markets.
Last month, zkLend, a decentralized money lending platform on the Starknet blockchain, fell victim to a major attack, losing $9.5 million in crypto assets.
zkLend later offered the hacker a 10% bounty (around 3,300 ETH, worth approximately $8.78 million) in exchange for the return of the stolen funds.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Solana decentralized exchange Raydium has deployed its native token launchpad, which is designed to rival the popular Pump.fun. This comes almost a month after Pump.fun deployed its own decentralized exchange, cutting ties with Raydium in the process.
LaunchLab by Raydium offers a more sophisticated token creation process, compared to Pump.fun’s simplistic approach. The new launchpad allows for deployers to toy with the token supply, how many tokens will be sold on the bonding curve, and how muc...
A desperate man commits an act of self-inflicted violence on a livestreaming site in the hopes of collecting a windfall of digital money from strangers. Sound familiar?
No, we’re not talking about outrageous exploits related to meme coin trading sensation Pump.fun. Or well, not explicitly. We’re outlining the plot of an episode in the latest season of “Black Mirror.”
The first installment of the hit Netflix sci-fi series’ latest season, which debuted Thursday, centers on a plot that appears rip...
Decentralized exchange Hyperliquid delisted perpetual futures for the Solana-based meme coin JELLYJELLY on Wednesday, describing the move as critical to ensuring its network’s integrity amid a looming liquidation crisis.
Hyperliquid uses its own high-speed blockchain, built upon the Ethereum layer-2 network Arbitrum, and the project said its networks’ validators had convened to take “decisive action,” in a post on X (formerly Twitter).
The decision came after a Hyperliquid user opened a $6 milli...
