Four.Meme Resumes Operations After $120K Sandwich Attack

The BNB Chain-based memecoin launch platform Four.Memehas resumed its operations following a significant security breach that resulted in a $120,000 loss due to a sandwich attack. The platform temporarily suspended its launch function to investigate the incident, which involved an attacker exploiting a vulnerability to manipulate the liquidity pool and siphon off funds. 

In a statement posted on March 18, Four.Meme confirmed that its launch function was back online after a thorough inspection and fix of the security issue. The team reassured users that the problem had been addressed and that compensation for affected individuals was in progress.

The Sandwich Attack Explained

According to ExVul, a Web3 security firm, the attack was a classic example of a sandwich attack, a form of market manipulation that is common in decentralized finance (DeFi) platforms. The attacker exploited a pre-launch vulnerability in the platform to steal liquidity by manipulating the price of the token at launch.

ExVul's analysis revealed that the attacker had “pre-calculated the address for creating the liquidity pool’s trading pair” and then used one of Four.Meme’s functions to purchase tokens, bypassing the platform’s token transfer restrictions. After the attacker acquired the tokens, they waited for Four.Meme to add liquidity to the transaction, before finally draining the funds.

CertiK's Findings

Blockchain security firm CertiK corroborated this analysis, stating that the attacker had transferred an imbalanced amount of un-launched tokens to pre-paired addresses before the liquidity pool was created. By doing so, the attacker was able to manipulate the token price at launch, eventually selling the tokens at a profit.

For example, in the case of the SBL token, the attacker sent some of the token to the pre-calculated pair address before the launch and profited by 21.1 BNB (around $120,000). CertiK tracked the stolen funds and found that they were sent to the decentralized crypto exchange FixedFloat.

A Growing Trend of Crypto Exploits

This attack marks the second time in recent months that Four.Meme has fallen victim to an exploit. The first occurred on February 11, when an attack led to the loss of approximately $183,000 in digital assets.

The broader crypto industry is facing an increasing number of such exploits. In February 2024, a staggering $1.53 billion in losses were recorded due to scams, exploits, and hacks. The largest portion of these losses came from the Bybit hackm, which accounted for $1.4 billion. 

According toChainalysis, the past year has seen $51 billion in illicit transaction volume across the crypto industry. The rise in crypto crime has been attributed to more professionalized schemes driven by AI-powered scams, stablecoin laundering, and cyber syndicates that efficiently execute these attacks.

Conclusion

While Four.Meme has resumed operations and is working to compensate affected users, the incident underscores the continuing challenges in the crypto space related to security and fraud prevention. The recent rise in attacks and exploits, particularly involving sandwich attacks and other forms of market manipulation, highlights the need for greater scrutiny and improved security measures within the DeFi ecosystem.

As the industry grows, the lessons from these security breaches may drive further innovation in securing platforms and protecting users from similar attacks in the future. However, until more robust safeguards are implemented, platforms like Four.Meme may continue to face such vulnerabilities, making it essential for users to exercise caution in the rapidly evolving space of cryptocurrency and DeFi.