Four.Meme, a memecoin launchpad on the BNB Chain, has suspended its Liquidity Provider (LP) on PancakeSwap after detecting a malicious exploit targeting its system.
The team confirmed the attack on Feb. 11 and assured users that steps were being taken to resolve the issue. The platform halted its token LP to prevent further damage while keeping on-chain trading operational.
Despite the attack, Four.Meme emphasized that its internal funds remain secure. The team has committed to monitoring the situation and keeping the community informed.
The incident follows the platform’s recent rise in prominence, primarily fueled by the unexpected success of the Test (TST) token.
Initially created for an educational video, TST saw an astonishing 10,000% surge after a social media post from former Binance CEO Changpeng Zhao. Since then, the token has gained traction, even securing a listing on Binance.
$200k in losses
Web3 security firm CertiK revealed that the attacker leveraged the vulnerabilities in multiple unverified contracts to steal assets worth approximately $200,000.
Meanwhile, security firm PeckShield estimated the loss at around 287 BNB, equivalent to roughly $183,000.
SlowMist, another blockchain security firm, provided further analysis, pointing to liquidity manipulation as the primary attack method.
According to their findings, the exploit involved a malicious actor front-running the token launch by creating a pool on PancakeSwap V3. This strategy allowed the attacker to set an artificial price for the token before its migration. When the token officially launched and integrated with PancakeSwap, the fraudulent pool dictated liquidity distribution, enabling the attacker to siphon assets.
The security firm identified a critical oversight in Four.Meme’s protocol—the absence of a verification mechanism for liquidity pool prices before deposits. This flaw left the system vulnerable to price distortions and liquidity drain.
SlowMist’s founder, Yu Xian, attributed the exploit to weak security measures, stressing that attackers can repeatedly exploit similar loopholes unless platforms implement rigorous verification processes.
Mentioned in this article
