Under the enthusiastic promotion of Binance founder Zhao Changpeng, the recent meme coin frenzy on BNB Chain has reignited. However, at this moment, the meme coin issuance platform on BNB Chain, Four.meme, was hacked today, resulting in a loss of approximately $130,000. Four.meme stated that it would fully compensate the victims.
(Background: Binance: Full Compensation for Losses from BNB Chain’s Orders Within a Limited Time, Binance Wallet with Zero Fees for Six Months… A Full Push for the Meme Season)
(Additional Context: BNB Chain’s Trading Volume Surpasses SOL and ETH! CZ Donates to Buy $Mubarak and $TST, Shares Token Issuance Tutorials)
Earlier this afternoon, a blockchain player revealed that there was a vulnerability in the Four.meme platform on BNB Chain. The attacker exploited an MEV (Maximal Extractable Value) strategy while adding liquidity to PancakeSwap through Four.meme, running the addLig operation ahead of time to manipulate the price, causing the internal system to prematurely add a one-sided pool and drain the liquidity pool.
https://t.co/ghyXiH5BXE
Big vulnerability discovered!!!
Through MEV, the attacker manipulated the price when adding liquidity to PancakeSwap on Four.meme by running addLig ahead of time, resulting in a one-sided pool draining the liquidity pool.
SlowMist Security Chief 23pds also tweeted that Four.meme had been hacked, resulting in a loss of approximately $120,000, and confirmed that no vulnerability existed in any of the contracts. The root cause was the leak of the transaction for adding liquidity to PancakeSwap. The hacker somehow bundled with the launch transaction, which should have been private, enabling the sandwich attack.
Fourmeme was hacked for ~$120K. None of the contracts was vulnerable. The root cause is the launch (add liquidity to Pancakeswap) tx got leaked. The hacker managed to sandwich by bundling with the launch tx, which was supposed to be private. @cz_binance what’s going on… https://t.co/8S7tN6mEeF
According to further analysis by SlowMist, the attacker’s method was to purchase a small amount of tokens before the official launch through the 0x7f79f6df function, and use this feature to send tokens to a PancakeSwap pair address that had not yet been created. This allowed the attacker to directly create a trading pair and add liquidity without needing to transfer new tokens, bypassing the transfer restrictions (MODE_TRANSFER_RESTRICTED) that should have applied before the Four.meme token issuance. Eventually, the attacker added liquidity at an unexpected price range and stole funds from the liquidity pool.
SlowMist Security Alert
The attacker purchased a small amount of tokens before launch through the 0x7f79f6df function of @four_meme, and used this feature to send tokens to a specified PancakeSwap Pair address that had not yet been created.
This allowed the attacker to… https://t.co/hyXyKcc2Oq
According to PeckShield monitoring, the hacker stole about 200 BNB, worth approximately $130,000, and transferred the funds to the decentralized exchange FixedFloat.
Four.Meme Confirmed the Hack and Will Compensate Victims in Full
Four.Meme released a statement earlier confirming the attack. It has suspended the Launch feature for urgent investigation and will compensate affected users. A loss submission form has been provided to collect relevant information:
We will fully compensate affected users for their losses. Once the verification process is complete, compensation will be issued within this week.