Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

$136 000 USD

APRIL 2024

GLOBAL

Z123

DESCRIPTION OF EVENTS

"Token holders count: 3,331"

 

"In April 2024, a seemingly new hacker emerged, targeting Wall Street Memes and Z123 projects in quick succession with flash loan attacks, resulting in losses of $18,000 and $144,000 respectively."

 

"Z123 on BSC was attacked by a hacker due to a contract vulnerability, resulting in a loss of approximately $136k. The .update() function of Z123 was repeatedly called which burned extra tokens and inflated the price."

 

"Today, attacker activate itself again and deployed a new contract which was picked by ML service again (2024-04-22 07:55:32): 0x61Dd07Ce0cEcF0d7BaCf5EB208C57D16bBdEE168

 

Very soon (2024-04-22 10:02 AM), malicious transaction was detected (Mixer Malicious Contract): 0xc0c4e99a76da80a4cf43d3110364840151226c0a197c1728bb60dc3f1b3a6a27

 

Victim losses: $140K"

 

"Malicious actor using Flash loan to manipulate the price of the token in pool."

 

"By doing 81 iterations of token swaps and calling the ‘Update’ function of the pool, the price was manipulated."

 

Explore This Case Further On Our Wiki

Z123 was a popular token with over 3,000 holders. Unfortunately the smart contract was vulnerable to price manipulation, which allowed an attacker to take $136k from the liquidity pools.

SlowMist Hacked - SlowMist Zone (May 13)
@SlowMist_Team Twitter (May 13)
SesameCloudToken | Address 0xb000f121a173d7dd638bb080fee669a2f3af9760 | BscScan  (May 13)
@SlowMist_Team Twitter (May 13)
CUBE3.AI Detects Multiple Price Manipulations by Same Address | by CUBE3.AI | Apr, 2024 | Medium (May 13)
@CertiKAlert Twitter (May 13)
67m Rug Pulls New Serial Crypto Hacker And The Zkasino Debacle April 2024 Crypto Crime Report (May 13)
Z123 (Z123) Token Tracker | BscScan  (May 13)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan  (May 13)
CUBE3.AI Detects Multiple Price Manipulations by Same Address - CUBE3.AI (May 13)
GitHub - SunWeb3Sec/DeFiHackLabs: Reproduce DeFi hacked incidents using Foundry. (May 13)

Sources And Further Reading

More case studies

ZKasino Ethereum
Bridge Rugpull

Cruiz Fake
Token Rug Pull

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.