Detailed Analysis of Recent Attack on Based Doge Protocol
On May 27, the Based Doge (BOGE) protocol within the Base network encountered a security breach, as communicated by the project's team. This breach, reminiscent of the attack on Normie, leveraged a common security vulnerability, resulting in the unauthorized transfer of a substantial quantity of BOGE tokens.
Incident Overview
Based Doge, a meme-inspired cryptocurrency drawing influence from Doge memes, had recently stepped into the Web3 sector with the introduction of FlappyBoge, a video game, and plans for an NFT collection. In light of the breach, the project team pledged to compensate all affected parties by securing current token balances and initiating the project anew.
Execution Details of the Breach
Analysis of blockchain data identified an account under the suffix 'bAOC' that initiated more than 120 transactions on Base at 20:48 on May 27. These transactions resulted in significant transfers of BOGE tokens to this account, aggregating to approximately 91.4 million BOGE tokens. By exploiting an unchecked function within a smart contract, the attacker concealed the function's code, subsequently converting the stolen tokens into 4.47 Ethereum, valued at around $16,926 during the occurrence.
Ramifications of the Breach
While the financial gains for the attacker were limited, the impact on BOGE's market value was notable. The token's value plummeted from $0.002983 to $0.000072, leading to a market value loss of over $2.8 million. Moreover, the total token supply of one billion experienced a significant reduction, impacting investors and the project's future sustainability.
Crucial Takeaways for Crypto Community
- Ensure thorough review of smart contracts before entering transactions.
- Keep abreast of security protocols and vulnerabilities prevalent in the cryptocurrency domain.
- Opt for reliable platforms with a history of secure transactions.
- Report any doubtful activities or vulnerabilities promptly to the project's team.
- Consider utilizing insurance services to bolster protection against potential cyber threats.
Analysis and Reflection
In the aftermath of the Normie attack, Neptune Mutual, an insurance provider in the Web3 space, identified a flawed function as the origin of unauthorized token minting. This occurrence, coupled with recent assaults on DeFi protocols, underscores the persistent risks associated with vulnerabilities in smart contracts. Notable events include the $20 million breach at Sonne Finance on May 17 and an alleged exploitation of privileged access by a former Pump.fun employee, emphasizing the critical need for robust security measures to safeguard cryptocurrency assets.
