Mar 2025 - Min Token Multi-Level Marketing Referral Logic Bug Exploited - $21k (Global)
Min Token appears to feature "an MLM mechanism."
"When A "introduces" B (A->B) to buy $MIN, A can get 50% amount of what B buys."
"And this can be an intro-chain where A->B->C, when C buys x, A and B both get 50% x. (maybe the dev wants it to be B gets 50% while A gets 25%? but still exploitable)"
It is unclear who owns or operates the Min Token network.
They appear to have had an airdrop partnership with LibreGold/LibreCoin, however there doesn't appear to be a website or social media associated with the project.
SlowMist: "Exploited the burnPairToken function"
"Funny token design with an MLM mechanism. When A "introduces" B (A->B) to buy $MIN, A can get 50% amount of what B buys.
And this can be an intro-chain where A->B->C, when C buys x, A and B both get 50% x. (maybe the dev wants it to be B gets 50% while A gets 25%? but still exploitable)
The attacker builds an intro chain of 8 and swapped BUSD for $MIN, got much more $MIN and swapped back to profit.
The hacker borrowed BUSD flashloan from 4 pools."
"resulting in a loss of approximately $21,400."
From the blockchain, this may be 21,421.446310962716549294 BSC-USD.
The Min Token appears to have continued operating, and there is no indication that the exploit was even noticed.
The Min Token appears to have continued operating, and there is no indication that the exploit was even noticed.
It's unknown if Min Token is still actively being promoted. Very little information appears to be available about the token project.
Further Analysis
Min Token appears to use a multi-level marketing (MLM) mechanism, where users earn rewards when others they refer purchase the token—initially 50% of the purchase amount, with further rewards for additional referral levels. This design is exploitable and was in fact abused via a flash loan attack involving an 8-level intro chain, resulting in a profit of over $21,000 for the attacker. The token lacks transparency, with no known operator, website, or social media presence, and was previously linked to an airdrop with LibreGold/LibreCoin. Despite the exploit, there’s no sign the issue was addressed, and it's unclear if the project is still active.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
Alkimiya SilicaPools uint128 Truncation Unsafe Downcasting > > < < Abracadabra Money Deposit Fail Self-Liquidate Vulnerability
Sources/Further Reading
SlowMist - "We detected potential suspicious activity related to $MIN. As always, stay vigilant!" - Twitter/X (Dec 31)
Min Token Smart Contract - BSCScan (Dec 31)
Min Token Exploit Transaction For 21,421.446310962716549294 BSC-USD - BSCScan (Dec 31)
Min Token Example Referral Transaction - BSCScan (Dec 31)
Min Token Smart Contract Creation - BSCScan (Dec 31)
Weilin Li - "Funny token design with an MLM mechanism. When A "introduces" B (A->B) to buy $MIN, A can get 50% amount of what B buys." - Twitter/X (Dec 31)
Libre Gold - "Libre dual currency linkage airdrop activity has begun! ... Libre+Min strong boost: first incubation of cooperative ecological tokens $min blockbuster debut! Grab it and you can cash it right away!" - Twitter/X (Dec 31)
Libre Gold - Chinese Min Partnership Launch Email - Twitter/X (Dec 31)
PutiZu99550 - "MIN*Libre dual-currency linkage will definitely create miracles. The number of dividend nodes is about to be sold out. Grab it and earn it." - Twitter/X (Dec 31)
PutiZu99550 - "MIN*Libre dual-currency linkage will definitely create miracles. The number of dividend nodes is about to be sold out. Grab it and earn it." - Twitter/X (Dec 31)
PutiZu99550 - "MIN*Libre dual-currency linkage will definitely create miracles. The number of dividend nodes is about to be sold out. Grab it and earn it." - Twitter/X (Dec 31)
Libre / MinMotion Homepage - Archive January 21st, 2025 8:22:37 PM MST (Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|