QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
DECEMBER 2024
GLOBAL
CAT PROTOCOL
DESCRIPTION OF EVENTS
CAT Protocol is a novel token protocol on Bitcoin that uses a UTXO-based system and smart contracts, specifically covenants, to manage token minting and transfers. It operates directly on the Bitcoin blockchain, ensuring that token rules and data are guaranteed by Bitcoin's consensus, without relying on off-chain indexers. The protocol is modular and programmable, allowing for customizable minting rules and supporting both fungible (CAT20) and non-fungible (CAT721) tokens. CAT Protocol also enables cross-chain interoperability and is compatible with Simplified Payment Verification (SPV), allowing light clients like mobile phones to verify token transactions independently. It aims to expand Bitcoin’s use cases by enabling decentralized applications, such as automated market makers, lending, and staking.
The CAT Protocol had a weakness that allowed for unauthorized token creation.
The CAT Protocol experienced a vulnerability where an exploit allowed an individual or group to create 1.2 million $OPCAT tokens out of thin air and sell them, causing the token’s price to decline. The exploit was related to a weakness in the protocol that allowed for unauthorized token creation. This vulnerability was identified when a suspicious address was observed selling large amounts of the token. The CAT Protocol team, along with their security partner @SlowMist_Team, acted quickly to contain the issue by halting trading, deploying a hotfix, and preventing further inflation of the token. They also took steps to burn the inflated tokens and maintain the total supply at 21 million.
All losses were related to the decline in market price of the token.
"On Jan 12, some community members reported a suspicious address (bc1pdx55mhrtu7duv97s9q68rsqf2hk6jv0qhmdtttfrunral0dqp9ps6q80k8) selling ~50K $OPCAT tokens almost daily since Dec 15. Our team immediately investigated and identified a vulnerability that had been exploited."
"With help from our security partner @SlowMist_Team, the issue was quickly contained, and we took decisive steps to prevent any further attempts."
"We immediately notified exchanges and paused trading of the $OPCAT token. We promptly released a hotfix the next day and deployed it to all exchanges to prevent further token inflation."
"We are implementing enhanced measures to prevent similar attacks in the future and engaging with leading security auditors to perform an in-depth review of the protocol."
"We are pleased to confirm that no user funds were lost, and the situation is actively being resolved."
"To compensate users who have accidentally bought these inflated tokens, we have purchased 1.2M tokens, which will be burned to ensure the total circulating supply remains exactly 21M. Users’ balances will not be affected and no further action is required. In line with our commitment to transparency, we are publishing the holding addresses"
"We are collaborating with leading security firms such as @SlowMist_Team and law enforcement agencies to trace and hold those responsible accountable. If your intent was to expose a vulnerability, we encourage you to engage responsibly and ethically. Reach out through our official email at opcatprotocol@gmail.com, and we’re willing to reward such disclosures within our policies.
Let’s work together to strengthen the ecosystem rather than harm it."
"Update: Incident Resolved
We’re pleased to announce that the recent security incident has been resolved amicably. The individual(s) acted in good faith, demonstrating ethical intent and returning the affected assets.
We officially recognize this as a white hat action and thank them for their cooperation.
No user funds were lost. Enhanced measures are now being put in place.
Thank you for your trust and support as we continue to prioritize security and transparency. Special thanks goes to @SlowMist_Team for their assistance."
The CAT Protocol continues to operate.
CAT Protocol is an innovative token protocol built on Bitcoin using a UTXO-based system and smart contracts, specifically covenants, to manage token minting and transfers. It operates directly on the Bitcoin blockchain, ensuring token rules and data are enforced by Bitcoin's consensus, without relying on off-chain indexers. The protocol faced a vulnerability in December 2024 which allowed for the unauthorized creation of 1.2 million $OPCAT tokens, which were sold and caused a decline in the token price. The CAT Protocol team, in collaboration with @SlowMist_Team, quickly mitigated the exploit by halting trading, deploying a hotfix and burning the inflated tokens to restore the supply to 21 million. No user funds were lost, and the protocol is implementing enhanced security measures to prevent similar incidents. The exploit was later recognized as a white-hat action when the responsible party returned the assets in good faith.
CAT Protcol - "Recently, we detected and mitigated an attempted exploit targeting CAT protocol. We are pleased to confirm that no user funds were lost, and the situation is actively being resolved." - Twitter/X (Mar 6)
CAT Protocol - "On Jan 12, some community members reported a suspicious address (bc1pdx55mhrtu7duv97s9q68rsqf2hk6jv0qhmdtttfrunral0dqp9ps6q80k8) selling ~50K $OPCAT tokens almost daily since Dec 15. Our team immediately investigated and identified...ter/X (Mar 7)
CAT Protocol - "We are collaborating with leading security firms such as @SlowMist_Team and law enforcement agencies to trace and hold those responsible accountable. If your intent was to expose a vulnerability, we encourage you to engage responsi...ter/X (Mar 7)
CAT Protocol - "We’re pleased to announce that the recent security incident has been resolved amicably. The individual(s) acted in good faith, demonstrating ethical intent and returning the affected assets. We officially recognize this as a whit...ter/X (Mar 7)
CAT Protocol - "To compensate users who have accidentally bought these inflated tokens, we have purchased 1.2M tokens, which will be burned to ensure the total circulating supply remains exactly 21M. Users’ balances will not be affected and no f...ter/X (Mar 7)
Address: bc1pdx55mhrtu7duv97s9q68rsqf2hk6jv0qhmdtttfrunral0dqp9ps6q80k8 (Mar 7)
