QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$77 000 USD
APRIL 2025
GLOBAL
LIBERTY COIN
DESCRIPTION OF EVENTS
Liberty Life is a decentralized finance (DeFi) project built around Liberty Coin (LBTC), a token on the Binance Smart Chain (BSC). The project promotes itself as a community-driven, 100% decentralized platform with no central ownership or developer wallets. LBTC cannot be bought on centralized exchanges; instead, users earn it through participation in the Liberty Life DApp ecosystem via staking, governance, and referrals. The token is only listed on PancakeSwap, and its liquidity is reportedly locked for 15 years, reinforcing its claims of decentralization and transparency.
The project introduces several financial mechanisms, including a staking system that offers daily returns of 0.5% up to a cap of 2x the original stake. A minimum of $100 USDT is required to begin staking, and withdrawals are restricted based on this cap. Liberty Life also features a multi-level affiliate program, offering direct and level-based income, as well as weekly and royalty bonuses for high-performing referrers. A $10 registration fee is required to join, which is used to provide liquidity on PancakeSwap. Participants interact through smart contracts, and all rewards are issued directly via on-chain mechanisms.
The token has several hardcoded limitations to promote stability: it's unmintable, unburnable, has renounced ownership, and all supply is community-distributed. The ecosystem positions itself as resistant to traditional crypto manipulation (like pump-and-dump schemes) by requiring active participation rather than speculative buying. The smart contract was first launched on December 16th, 2024.
While the platform emphasizes decentralization and transparency, the use of aggressive staking incentives and referral-based income structures may raise concerns similar to those found in multi-level marketing (MLM) or high-yield investment programs.
The LibertyUseCase smart contract was vulnerable to a price manipulation attack by using the spot price.
The attacker first registered and staked a small amount, then executed a complex transaction involving price manipulation on PancakeSwap—specifically, by injecting $35,000 in liquidity to spike the LBTC price. Once the price was inflated, they used the BreakStake function to withdraw a much larger amount of USDT than their original stake was worth. The contract relied on the spot price from PancakeSwap, which is not resistant to short-term manipulation, making the exploit possible. The attacker also used a custom contract to make multiple rapid calls, compounding the impact.
The attack targeted the LibertyUseCase smart contract, which uses the spot price from a UniswapV2 LBTC/USDT pair to calculate token values in its stakeinlbtc and breakstakeinlbtc functions. Specifically, the contract relies on a getPriceFromUniswapV2 function to fetch the current price, assuming it to be a fair market rate. This approach created a critical vulnerability, as UniswapV2 prices are determined by token reserves and can be easily manipulated within a single transaction.
To exploit this, the attacker manipulated the LBTC/USDT price by executing a series of trades that drastically altered the token ratio in the liquidity pool. For example, by purchasing a large amount of LBTC with USDT or vice versa, they were able to skew the price in their favor. Since Uniswap does not have built-in price oracles or time-weighted averages, this spot price manipulation was immediately reflected in the contract’s price calculation.
With the price artificially inflated, the attacker then invoked the breakstakeinlbtc function, causing the contract to calculate and distribute a significantly higher USDT reward than it should have. After claiming the inflated reward, the attacker likely reverted the manipulated price by reversing trades or simply walked away with the excess funds. The core issue lies in the flawed assumption that UniswapV2 spot prices are resistant to manipulation, highlighting the importance of using time-weighted average prices (TWAPs) or external oracles for reliable pricing.
The blockchain wallet on Binance Smart Chain shows a balance change of 70,882.7 USDC. TenArmor, Tikkala Research, and BlockSec all appear to have rounded this value to $70k. Tikkala Research later noted an additional $6000 loss from a subsequent replay of the attack.
Liberty Life/Liberty Coin reports a total loss of $106,199.70. It is unclear the reason for their higher number. The loss amount has been set based on blockchain verifiable numbers.
As a result of the price spike, other users also began selling LBTC on PancakeSwap, draining the liquidity pool and taking more USDT than anticipated. The Liberty team insists the contract was "secure" in terms of technical deployment, but the logic flaw in using spot price for critical value calculations created an opening for exploitation.
A later update from Liberty Life describes an ongoing crisis resulting from a smart contract exploit that led to the loss of over $106,000 from their ecosystem. According to the statement, the attacker exploited a function called BreakStake in the newly deployed Liberty UseCase contract. This function, intended to allow users to exit their stakes early, was misused by the attacker to manipulate token values and extract large amounts of USDT by artificially inflating the LBTC price on PancakeSwap.
Liberty Life posted an update on their website as follows:
"Important Update for All Participants Hello participants A sad incident has happened which is very important to share with all of you. After implementing the Liberty Usecase contract, ethical hacking happened in the contract due to which the hacker hacked 106,119.7$ kept in the contract. This hacking can raise many questions in your mind. Like How can this happen? Was the contract not secure? Answer - The contract was completely secure, but the hacker took advantage of the 'Break stake' feature kept for the user. The user had the option to break his staking which the hacker took advantage of. Understand the hacking process step by step 1. The hacker first registered in Liberty 2.0 and placed a stake. See the link - https://bscscan.com/tx/0x0c3a8d3126676600bf37a7f804a05af36819aab029b248cd726bbc74001ae547 https://bscscan.com/tx/0xf0f81525380cc49ebbda683c1fad8c9661e753a0507d9e0f37e7a3d07ac5d2e8 https://bscscan.com/tx/0xa7f49ff8c95ead248d2bc7a42981c580fd03d1de27772e55616f8d1ea32aa13d 2. The hacker also registered on the Usecase (new) contract and placed a stake of 217$ USD and after breaking the stake, withdrew about 676,435.299793801532055906 LBTC from the new contract. Check link - https://bscscan.com/tx/0xff77c9d0530fe6bbf6a5f24c5ddff466e0eaaa7630ecdd8cc6015c2eabf57881 LBTC was staked by a new user in the new contract. https://bscscan.com/tx/0xa62394bf76318b4886f18b24c6a646bc8a223589ed330997aaea61604fb3b020 Final stage 3. The hacker created a contract in which multiple calls were made on the same action, you will be able to find out transaction by transaction. How did he get 106,119.7$. Answer - When the hacker sent $35,000 to PANCAKE SWAP the price immediately increased and the new contract was staked multiple times after that. Check link - https://bscscan.com/tx/0xff77c9d0530fe6bbf6a5f24c5ddff466e0eaaa7630ecdd8cc6015c2eabf57881 And now immediately after increasing the price, the value of the LBTC he had staked also increased and he broke the stake and took USDT from the contract. Check link - https://bscscan.com/tx/0xff77c9d0530fe6bbf6a5f24c5ddff466e0eaaa7630ecdd8cc6015c2eabf57881 Meanwhile, when the price increased on pancakeswap, the public sold the LBTC they had and also emptied PancakeSwap. In this, many people got more USDT from PancakeSwap than expected. Check transactions - https://www.geckoterminal.com/bsc/pools/0x69d5dec252ab9972d8a36db4ba1ccecf84f91385 Even now many people will not believe us, but this is true. You should check all the transactions yourself, because a person can lie but blockchain transaction brings out the truth. Very soon we will provide a better platform to all of you on which no hacker will be able to do anything, please be patient. And I want to tell you one more thing. From Liberty 1.0 till now there has been no greedy activity from our side. We are still dedicated to the public, despite the needle of suspicion is like us. Many schemes have come in the market which go away after causing loss of lakhs and crores to the public but there is no noise. 30000$ is available in Liberty 2.0 which will be triggered daily. Keep withdrawing and selling till the entire reserve fund is exhausted and wait for the new update. Thank you, I hope you will understand. Long live Liberty"
While the team has proposed to launch a new smart contract which will be more secure, it is unclear if there is any recovery possible from the team.
The Liberty Life platform team acknowledges the incident, asks users for patience, and says they plan to launch a new platform, claiming they still have $30,000 in reserves (Liberty 2.0) for ongoing user withdrawals. They emphasize their commitment to the community despite the breach and state they will continue updating users.
Liberty Life, a DeFi project built around Liberty Coin (LBTC) on Binance Smart Chain, recently suffered a major exploit due to a flaw in its new smart contract. The vulnerability stemmed from relying on PancakeSwap’s spot price to calculate token values for staking and withdrawals. An attacker manipulated the LBTC/USDT price by injecting $35,000 into PancakeSwap, inflating the price, then used the flawed BreakStake function to withdraw over $106,000 in USDT from the contract. The team has acknowledged the exploit, confirmed the funds were drained, and stated they have $30,000 remaining in reserves for user withdrawals. They plan to launch a more secure version of the platform, though it's unclear if full recovery is possible.
TenArmor - "Our system has detected a suspicious attack involving #LibertyUseCase on #BSC, resulting in an approximately loss of $70K." - Twitter/X (Aug 7)
LibertyUseCase Attack Transaction - BSCScan (Aug 7)
BlockSec - "ALERT! Our system has detected a suspicious transaction targeting an unknown contract named #LibertyUseCase on BSC, resulting in a loss of approximately $70K. This appears to be a typical price manipulation attack, stemming from reliance on the spot price of the LBTC token." - Twitter/X (Aug 7)
Week 15, 2025 - BlockThreat (Aug 6)
LibertyUseCase Attack Transaction - BlockSet Explorer (Aug 7)
Storage Smart Contract - BSCScan (Aug 7)
Liberty Life/Liberty Coin Homepage (Aug 7)
Liberty Life Whitepaper (Aug 7)
Liberty Coin Address - BSCScan (Aug 7)
Storage Smart Contract Launched - BSCScan (Aug 7)
Tikkala Research - "A contract was attacked one day after creation due to a price manipulation bug in the staking and breakstaking process." - Twitter/X (Aug 7)
Replay Attack Transaction - BSCScan (Aug 7)
