Mar 2025 - Four.meme Liquidity Theft via Pre-Launch Restriction Bypass - $130k (Global)
Four Meme is a decentralized platform focused on meme coins, allowing users to create, trade, and explore a wide range of meme-based digital assets. The platform supports various meme coins with diverse themes, including AI-driven, meme-centric, and culturally inspired tokens like Trump Sleep, CZ BUNI, and Chinese Pepe. Each token is typically launched on Binance Smart Chain (BNB) and features fluctuating market caps that highlight the speculative nature of meme coin investments.
Four Meme enables users to create their own meme tokens, which are listed and traded on PancakeSwap and other decentralized exchanges. The platform provides a user-friendly environment to search, create, and rank tokens. It also offers a unique feature to track token performance, including market cap and percentage changes, allowing users to stay updated on their investments. Despite the playful nature of meme coins, Four Meme maintains a disclaimer emphasizing the speculative and volatile nature of these digital assets, encouraging users to conduct their own research before trading.
"Four.meme is a streamlined, low-cost pathway to introduce even more meme tokens into the world. Create anything. Any meme you want to put out into the blockchain ecosystem. We’re here to be your canvas and your logistical minion. We’ll help you get the most traction possible with users on BSC. All we’re asking is you create the best viral memes that can potentially make you famous."
Four.meme had a vulnerability where an attacker was able to use a function to purchase a small number of tokens before the official launch and send them to a PancakeSwap Pair address that hadn’t yet been created. This could be used to create the Pair and add liquidity without triggering the token’s pre-launch transfer restrictions (MODE_TRANSFER_RESTRICTED). By bypassing these restrictions, it was possible to set the initial liquidity at a manipulated price, allowing liquidity pool theft.
"The attacker purchased a small amount of tokens before launch through the 0x7f79f6df function of @four_meme_, and used this feature to send tokens to a specified PancakeSwap Pair address that had not yet been created.
This allowed the attacker to create the Pair and add liquidity without needing to transfer the yet-to-be-launched tokens to the Pair, bypassing the transfer restrictions (MODE_TRANSFER_RESTRICTED) that applied before the http://Four.meme Token launch.
Ultimately, the attacker was able to add liquidity at an unintended price to steal pool liquidity."
SlowMist reports the loss amount as $130k. Other sources have reported $120k.
In response to the attack, Four.meme promptly suspended its launch function for emergency investigation. They assured users that affected individuals would be compensated and provided a damage submission form to collect relevant information. The team worked diligently to address the issue and enhance system security.
Once the problem was resolved, Four.meme resumed operations and continued to update the community on their progress.
Users were reportedly fully compensated for their losses.
The Four.meme platform continues to operate. It is unclear if the attacker has been caught or any funds have been recovered by the platform.
Further Analysis
Four Meme is a decentralized platform on Binance Smart Chain that allows users to create, trade, and explore a variety of meme-based tokens with themes ranging from cultural references to AI-driven concepts. With a playful focus, the platform offers tools for token creation, trading on decentralized exchanges like PancakeSwap, and real-time performance tracking. In 2024, Four Meme experienced a security breach that allowed an attacker to manipulate token launch mechanics, leading to a liquidity pool theft estimated between $120K and $130K. The platform quickly responded by halting operations, investigating the issue, compensating affected users, and enhancing its security measures. It has since resumed operations, although the attacker remains unidentified.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
Voltage Finance Malicious Developer Simple Staking Exploit > > < < Kaito AI and Yu Hu Twitter/X Compromised Short Selling
Sources/Further Reading
SlowMist - "The attacker purchased a small amount of tokens before launch through the 0x7f79f6df function of @four_meme_, and used this feature to send tokens to a specified PancakeSwap Pair address that had not yet been created." - Twitter/X (Dec 31)
"The launch function has now been resumed after a thorough security inspection. Our team has addressed the issue and reinforced system security." - Twitter/X (Dec 31)
Four.Meme Resumes Launch Feature on BNB Chain After Attack - BTCC (Dec 31)
Four.Meme Resumes Launch Feature on BNB Chain After Attack - CryptoNews (Dec 31)
CertiK Alert - "In this case of SBL token for example, the attacker sent a bit of SBL token to the pre-calcualted pair address in advance, then profited 21.1 BNB by sandwiching the add liquidity transaction at launch." - Twitter/X (Dec 31)
CertiK Alert - "We have seen an ongoing attack on the @four_meme_ platform. By transferring an imbalanced amount of un-launched tokens to pair addresses before the pair was created, the attacker can manipulate the pair price at launch before selling them afterward for profit." - Twitter/X (Dec 31)
Zhengqiang Li - "The flow cell manipulation bug reappeared. Through MEV, when fourmeme joins the pancake liquidity pool, addLiq is run first to manipulate the price." - Twitter/X (Dec 31)
(Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|