QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$70 000 USD
DECEMBER 2024
GLOBAL
GAGAW
DESCRIPTION OF EVENTS

GAGAW is a token launched on the Binance smart chain.
"The primary issue lies in the flawed accounting logic within the token's transfer function.
When a transfer is mistakenly identified as a removeLiquidity action, the recipient’s balance is increased by the balance of the 0xdead address.
This allowed the attacker to repeatedly simulate removeLiquidity transfers, accumulating a significant amount of tokens effortlessly.
It's unclear what the true intent behind this logic is—perhaps a simple typo or even a deliberate backdoor?
Additionally, the decision logic for removeLiquidity and addLiquidity can be manipulated through token transfers.
Despite restrictions on buying and selling, the attacker bypassed these limitations by simulating addLiquidity transfers, ultimately securing profit.
Interestingly, the attacker deposited the profits into a pre-created Uniswap pair."
"Our system has detected a suspicious attack involving #GAGAW on #BSC, resulting in an approximately loss of $69.7K."
The GAGAW token was launched in a new smart contract on the Binance smart chain on November 23rd. Unfortunately, there was a vulnerability in the token transfer logic, which was later exploited on December 2nd. This resulted in a loss of roughly $70k. It's unclear where the GAGAW community resides, or what their response has been.
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan
(Jan 20)
GAGAW/USDT Real-time On-chain PancakeSwap v2 (BSC) DEX Data (Jan 20)
https://apespace.io/bsc/0x3ee9934da662ccf3cbb087cf096ef9e28ecbe017 (Jan 20)
@TenArmorAlert Twitter (Jan 20)
@0xCommitAudits Twitter (Jan 20)
@0xNickLFranklin Twitter (Jan 20)
GAGAW token exploit. – Defi hack analysis (Jan 20)
GAGAW exploiter | Address 0x86c5e027ffd8868278e1e113f65571055a10951c | BscScan
(Jan 20)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan
(Jan 20)
@TenArmorAlert Twitter (Jan 21)
