Blockchain security firm SlowMist has identified a critical vulnerability in Four.Meme, a meme coin launchpad on Binance Smart Chain (BSC), where attackers could manipulate PancakeSwap v3 pools to exploit token launches.
The vulnerability stemmed from the fact that Four.Meme does not implement price verification checks which allowed malicious users to create pools with deliberately skewed prices before scheduled token launches.
SlowMist explained that when new tokens migrate to PancakeSwap v3 and add liquidity, they automatically adopt these manipulated price points, thereby enabling attackers to drain pool assets.
According to blockchain security company PeckShield’s findings, the incident resulted in attackers making off with approximately $183,000.
BSC-Based Meme Coin Launchpad Reacts
In response to a recent malicious attack, Four.Meme announced suspending token liquidity pools on PancakeSwap to safeguard user assets. The development team also said that it is actively addressing the issue and will restore liquidity once a fix is implemented. Meanwhile, on-chain trading remains operational.
In its official statement, Four.Meme stated,
“Rest assured, internal funds are SAFU and unaffected by this attack. We will continue to monitor the situation and provide timely updates to the community. Thank you for your understanding and support!”
Four.Meme initially captured market attention following the volatile performance of the Test (TST) token. Since then, the platform’s popularity surged dramatically. In fact, data compiled by Dune analytics reveal user growth reached its peak on February 9 with 11,473 unique addresses. However, as of February 11th, data shows user engagement has significantly contracted to 5,301 addresses.
The latest attack has increased concerns regarding the security of meme coin launchpads as it reflected a pattern of similar incidents in the industry. This event is reminiscent of last May when Solana-based meme coin launchpad Pump.fun suffered a flash loan attack, which caused $2 million in losses.
Increasing Illicit Activities Targeting Web3
Zooming out, with the rise in cryptocurrency adoption, there has been an increase in the variety of illicit on-chain activities. SlowMist’s January report revealed Web3 security incidents climbed to $98.19 million in losses across 40 hacking attacks, which caused about $87.94 million in damages, with $1.47 million successfully recovered.
Major incidents include a $70 million hot wallet breach at Singapore-based exchange Phemex on January 23 and a $7.2 million exploit of P2P trading platform NoOnes’ Solana bridge on January 1.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
Source: https://cryptopotato.com/bsc-based-meme-coin-launchpad-four-meme-suffers-183k-exploit/