Meme coin deployer Four.Meme has suspended new token liquidity pool launches on PancakeSwap following a security breach.
According to a February 11 announcement, the BNB Chain-based platform suffered an exploit that compelled it to suspend some of its operations while addressing the issue.
When writing, the exploit was yet to be patched, but as of the protocol’s latest update, developers managed to “immediately address the issue.”
Four.Meme did not disclose details of how the attack transpired or the extent of losses incurred in the attack but reassured users that internal funds remain safe and “unaffected by the attack.”
However, initial estimates from blockchain security firm PeckSheild put current losses at roughly $183,000 worth of BNB tokens.
A post-exploit update from CertiK put losses slightly higher at $200k.
What happened?
According to SlowMist, a fellow blockchain security firm, the exploit took advantage of a loophole in how Four.Meme handles liquidity pool migrations.
The attacker allegedly set up a skewed liquidity pool on PancakeSwap v3 with an extreme price imbalance before a new token’s launch
“Since [Four.Meme] does not check the pool’s price, the liquidity added simply follows the price set by the malicious user,” it added. This allowed the attacker to drain the pool.
At the moment, the platform remains partially operational. On-chain trading is still live, allowing users to continue buying and selling tokens.
However, liquidity pool (LP) launches on PancakeSwap are temporarily on hold as the team works on a fix.
Four.Meme has not yet specified when LP launches will resume and stated that additional details will be shared in upcoming announcements.
Some community members, however, have slammed the Four.Meme team for allegedly ignoring multiple warnings about the exploit.
According to X posts seen by Invezz, multiple users had been flagging suspicious activity for hours before the attack drained liquidity from dozens of meme coins.
One user claimed that at least 50 tokens had been completely wiped out due to what they called “Four.Meme’s incompetence.”
Another X post, made a few hours before, Four.Meme’s official announcement directly tagged the project’s official X account, urging them to fix the issue immediately.
On-chain data shared in the post reveals large BNB transfers linked to the exploit.
DeFi sector remains at risk
As previously reported by Invezz, roughly 53.5% of attacks across the cryptocurrency sector were targeted toward the decentralised finance sector.
Some of the biggest attacks in DeFi include the exploit of the blockchain-based gaming platform PlayDapp in early February 2024.
Hackers compromised PlayDapp’s smart contracts, minting an unlimited supply of PLA tokens, which were then dumped on the market.
The exploit led to over $290 million in losses and forced the platform to issue a migration plan to a new token contract in an attempt to mitigate further losses.
Meanwhile, the Gala Games hack in May 2024 led to roughly $200 million in losses after an attacker exploited poor access control over a privileged account.
The post BNB Chain’s Four.Meme hit with $180k exploit: report appeared first on Invezz
