Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

$190 000 USD

APRIL 2024

GLOBAL

FENGSHOU (NGFS)

DESCRIPTION OF EVENTS

"Shortly after the deployment of the FENGSHOU (NGFS) token, it was attacked, resulting in a loss of approximately $191,000. The vulnerability lies in a public `delegateCallReserves` function which allows the attacker to set an arbitrary address to a UniSwapV2 proxy."

 

"The FENGSHOU (NGFS) Token was hacked shortly after deployment. The attack was a simple 3-step process which was possible because the deployer didn't initialize the contract properly.

 

1. The attacker called `delegateCallReserves` which sets the uniswapV2Proxy to msg.sender."

 

"2. Then it was easy for the attacker to set the `_uniswapV2Library` to any address he wants and to be able to call the third critical function."

 

"3. The `reserveMultiSync` allowed him to sync(transfer) all of the funds from the PancakeSwap BSC-USD - NGFS pool to his address. And just like that ~$191k has been affected."

 

"The data of the token and the pair are no longer updated as the token is SCAM" "Very high start liquidity, it looks like a scam!"

 

Explore This Case Further On Our Wiki

It is unclear the intent behind the launch of the NGFS (FENGSHOU) token, however it most likely wasn't to give an attacker full access to take all of the liquidity. A couple days after the token launched on April 23rd, an exploit took advantage of a delegateCallReserves vulnerability, which allowed the attacker to set whatever library smart contract he wanted, including a malicious one which transferred all the liquidity to themselves.

SlowMist Hacked - SlowMist Zone (May 13)
@ddimitrovv22 Twitter (May 16)
FENGSHOU (NGFS) Price Today | Real-Time On-Chain Metrics | Moralis Money | Discover & Trade Undervalued Altcoins (May 16)
$0.{3}1704 | تبديل FENGSHOU (NGFS) بمحفظة Bitget | NGFS السعر والمخطط البياني | محفظة Bitget (May 16)
StandardToken | Address 0xe8a11cb7671ebcb9bcaeedad449fe02683b585d6 | BscScan  (May 16)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan  (May 16)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan  (May 16)
NGFSToken | Address 0xa608985f5b40cdf6862bec775207f84280a91e3a | BscScan  (May 16)
FENGSHOU (NGFS) Token Smart Contract | Binance (BNB) Smart Chain Mainnet  (May 16)
FENGSHOU (NGFS) - SCAM. Do not buy this token! (May 16)
NGFS/USDT Real-time On-chain PancakeSwap v2 (BSC) DEX Data (May 16)
https://www.immunebytes.com/blog/list-of-crypto-hacks-in-the-month-of-april/ (May 16)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan  (May 16)
@ImmuneBytes Twitter (May 16)

Sources And Further Reading

More case studies

IO.NET Fake
Ethereum Token

Pike Finance USDC
Withdrawal Vulnerability

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2026 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.