QI Quadriga Initiative

Apr 2024 - Z123 Smart Contract Vulnerability - $136k (Global)

"Token holders count: 3,331"

"In April 2024, a seemingly new hacker emerged, targeting Wall Street Memes and Z123 projects in quick succession with flash loan attacks, resulting in losses of $18,000 and $144,000 respectively."

"Z123 on BSC was attacked by a hacker due to a contract vulnerability, resulting in a loss of approximately $136k. The .update() function of Z123 was repeatedly called which burned extra tokens and inflated the price."

"Today, attacker activate itself again and deployed a new contract which was picked by ML service again (2024-04-22 07:55:32): 0x61Dd07Ce0cEcF0d7BaCf5EB208C57D16bBdEE168

Very soon (2024-04-22 10:02 AM), malicious transaction was detected (Mixer Malicious Contract): 0xc0c4e99a76da80a4cf43d3110364840151226c0a197c1728bb60dc3f1b3a6a27

Victim losses: $140K"

"Malicious actor using Flash loan to manipulate the price of the token in pool."

"By doing 81 iterations of token swaps and calling the ‘Update’ function of the pool, the price was manipulated."

Further Analysis

Z123 was a popular token with over 3,000 holders. Unfortunately the smart contract was vulnerable to price manipulation, which allowed an attacker to take $136k from the liquidity pools.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

Cruiz Fake Token Rug Pull > > < < ZKasino Ethereum Bridge Rugpull

Sources/Further Reading

SlowMist Hacked - SlowMist Zone (Dec 31)
@SlowMist_Team Twitter (Dec 31)
SesameCloudToken | Address 0xb000f121a173d7dd638bb080fee669a2f3af9760 | BscScan (Dec 31)
@SlowMist_Team Twitter (Dec 31)
CUBE3.AI Detects Multiple Price Manipulations by Same Address | by CUBE3.AI | Apr, 2024 | Medium (Dec 31)
@CertiKAlert Twitter (Dec 31)
67m Rug Pulls New Serial Crypto Hacker And The Zkasino Debacle April 2024 Crypto Crime Report (Dec 31)
Z123 (Z123) Token Tracker | BscScan (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
CUBE3.AI Detects Multiple Price Manipulations by Same Address - CUBE3.AI (Dec 31)
GitHub - SunWeb3Sec/DeFiHackLabs: Reproduce DeFi hacked incidents using Foundry. (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.