SlowMist uncovered a critical vulnerability in the Four.Meme platform on Binance Smart Chain that allowed attackers to manipulate PancakeSwap v3 pools and exploit token launches.
Vulnerability on the Four.Meme Platform
The vulnerability stemmed from the absence of price verification checks on Four.Meme, which allowed malicious users to create pools with skewed prices before scheduled token launches. This enabled attackers to drain pool assets as new tokens migrated to PancakeSwap v3 and added liquidity. According to PeckShield, the incident resulted in attackers making off with approximately $183,000.
Four.Meme's Reaction to the Attack
In response to the attack, Four.Meme announced suspending token liquidity on PancakeSwap to protect user assets. The development team also stated they are actively addressing the issue and will restore liquidity once a fix is implemented. In its official statement, Four.Meme assured: "Rest assured, internal funds are SAFU and unaffected by this attack. We will continue to monitor the situation and provide timely updates to the community."
Increase in Illicit Activities in Web3
With the increase in cryptocurrency adoption, there has been a rise in various illicit on-chain activities. SlowMist's January report revealed Web3 security incidents led to $98.19 million in losses across 40 hacking attacks. Among major incidents were a $70 million hot wallet breach at Phemex in January and a $7.2 million attack on the NoOnes Solana bridge.
The recent attack on Four.Meme highlights the importance of enhancing security measures on launch platforms for cryptocurrencies like meme coins, as such incidents continue to increase.
