An opportunistic hacker has been targeting abandoned meme tokens, draining their remaining liquidity in what some have labeled as an almost-victimless crime. The attacker utilizes flash loans from DeFi protocol Balancer to borrow a significant amount of money which is then redirected to drive up the volume of a chosen token’s pool. Once the volume increases, the remaining liquidity is drained from the pool, and the borrowed money is returned.
This method was first spotted by Giorgi Khazarade, CEO of Aurox, as he was testing for bugs and data inconsistencies in Aurox’s screener functionality. He discovered that a token called CATOSHI had nearly $2M in volume but $0 in liquidity, which seemed unusual. Further investigation revealed that an attacker had borrowed an estimated $184 million in wETH through a flash loan, using approximately $1 million from that loan to purchase CATOSHI tokens.
CATOSHI’s tokenomics were based on reflect finance’s (RFI) frictionless yield generation code. Due to a 6% tax, token holders received a 3% redistribution reward whenever anyone bought or sold the CATOSHI token. After purchasing over 166K CATS, the attacker bridged the tokens onto the BNB chain, sold them for roughly 10 BNB, and made a total profit of $3,000-$4,000. The remaining funds were returned to pay back the flash loan.
Another token, IMMORTAN, experienced a similar fate. According to its white paper published in 2021, a 10% tax was applied to buyers and sellers, with 8% of that tax being redistributed to holders and 2% given to the development team for operational purposes. The attacker has been draining the liquidity pool of about $2-3k by executing multiple attacks using flash loans.
While these attacks may yield relatively small profits, they highlight potential vulnerabilities in the tokenomics of abandoned meme tokens. As more tokens have their pools drained, including a project named CRAB which saw $2,000 in ETH cleared from its pool, there is increasing speculation that these attackers routinely deploy malicious smart contracts to drain liquidities.
In conclusion, abandoned meme tokens may provide an attractive target for hackers due to their vulnerability to flash loan-based attacks. It is crucial for those in the crypto space to be aware of these risks and ensure the security of any investments they make. On the other hand, these attacks can be seen as a way to clean up the crypto ecosystem, eliminating risky and potentially fraudulent tokens. However, the growing number of drained pools highlights the need for more robust security measures to protect investors from potential losses.
Source: Blockworks