Security Alert: Critical Vulnerability in Four.Meme Meme Coin Launchpad on Binance Smart Chain
Vulnerability Exploited, Attackers Drained $183,000 in Assets
A critical vulnerability has been identified in Four.Meme, a meme coin launchpad on Binance Smart Chain (BSC), by blockchain security firm SlowMist. The vulnerability allowed attackers to manipulate PancakeSwap v3 pools, enabling them to exploit token launches and drain pool assets.
How the Attack Worked
The vulnerability stemmed from Four.Meme’s failure to implement price verification checks, allowing malicious users to create pools with deliberately skewed prices before scheduled token launches. When new tokens migrated to PancakeSwap v3 and added liquidity, they automatically adopted these manipulated price points, enabling attackers to drain pool assets.
Financial Losses
According to blockchain security company PeckShield, the attack resulted in attackers making off with approximately $183,000. This highlights the need for enhanced security measures in the meme coin launchpad space.
Response from Four.Meme
In response to the attack, Four.Meme announced the suspension of token liquidity pools on PancakeSwap to safeguard user assets. The development team is actively working on addressing the issue and will restore liquidity once a fix is implemented. On-chain trading remains operational.
Statement from Four.Meme
"Rest assured, internal funds are SAFU and unaffected by this attack. We will continue to monitor the situation and provide timely updates to the community. Thank you for your understanding and support!"
User Engagement and Popularity
Four.Meme initially gained market attention following the volatile performance of the Test (TST) token. The platform’s popularity surged dramatically, with data compiled by Dune analytics revealing user growth reaching 11,473 unique addresses on February 9. However, as of February 11, user engagement has significantly contracted to 5,301 addresses.
Wider Industry Concerns
The latest attack has raised concerns regarding the security of meme coin launchpads, echoing a pattern of similar incidents in the industry. This event is reminiscent of the May 2022 flash loan attack on Solana-based meme coin launchpad Pump.fun, which resulted in $2 million in losses.
Increasing Illicit Activities in Web3
The rise in cryptocurrency adoption has led to an increase in the variety of illicit on-chain activities. SlowMist’s January report revealed Web3 security incidents climbed to $98.19 million in losses across 40 hacking attacks, with $87.94 million in damages and $1.47 million successfully recovered. Notable incidents include a $70 million hot wallet breach at Singapore-based exchange Phemex and a $7.2 million exploit of P2P trading platform NoOnes’ Solana bridge.
Conclusion
The Four.Meme attack serves as a wake-up call for the meme coin launchpad industry to prioritize security and implement robust measures to prevent similar incidents. As the Web3 space continues to grow, it is essential to stay vigilant and proactive in addressing emerging threats.
FAQs
- What was the vulnerability exploited in Four.Meme?
The vulnerability allowed attackers to manipulate PancakeSwap v3 pools, enabling them to exploit token launches and drain pool assets. - How much was lost in the attack?
Approximately $183,000 was drained by attackers. - How did Four.Meme respond to the attack?
Four.Meme suspended token liquidity pools on PancakeSwap and is working on addressing the issue, with plans to restore liquidity once a fix is implemented. - What is the current user engagement on Four.Meme?
As of February 11, user engagement has significantly contracted to 5,301 addresses, down from a peak of 11,473 unique addresses on February 9.
