Based Doge Tax Vulnerability Exploited
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Boge (Based Doge) is a memecoin on the Base blockchain. There was an exploit in the smart contract (similar to Normie) which was used to mint and sell 91 million BOGE tokens. The team relaunched the token in a new smart contract, and appears to have airdropped all of the original holders with the same number of BOGE as they originally had.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40]
About BOGE (Based Doge)
BOGE is shaking things up in the world of meme coins, bringing a fresh and fun vibe to the BASE blockchain scene.
Born from the playful world of memes, this iconic new token is here on BASE to sprinkle some excitement and good vibes into the crypto community.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
"An attacker minted 91 million BOGE tokens and crashed its price, relying on a similar vulnerability as the Normie exploit one day earlier."
| Date | Event | Description |
|---|---|---|
| May 27th, 2024 11:35:45 AM MDT | Malicious Contract Creation | The attacker creates their first malicious contract, which will be used in the exploit. |
| May 27th, 2024 11:48:41 AM MDT | First Exploit Transaction | The very first exploit transaction starts draining funds. |
| May 27th, 2024 12:49:00 PM MDT | Boge Team Tweet | The Boge team tweets to inform their community about the compromise. |
| May 28th, 2024 11:10:59 AM MDT | CoinTelegraph Article Published | CoinTelegraph publishes an article about the incident. |
| June 3rd, 2024 9:31:00 PM MDT | Airdrops Completed | The Boge team announces that airdrops have been completed to all affected users, except those who bought after the exploit. |
| June 5th, 2024 10:10:00 PM MDT | CoinBase Wallet Update | The address for the CoinBase wallet has been updated ot the new contract. |
| June 12th, 2024 2:14:00 PM MDT | MEXC Holders Plan | A special plan is announced for those who held BOGE on the MEXC exchange. The exchange is delisting the token, and those who held Boge prior to the exploit have a special form to fill out to get their Boge. |
Technical Details
"Below we point you to a section of code within Normies and Boge's contract that we believe facilitated the Exploit.
Normie and Boge share the same contract and we suggest you compare your memecoins contract to Normie and boge's
To do this head to Basescan, paste your coins contract address in the seach bar, scroll down and select contract and start comparing."
Total Amount Lost
"$17k $16,926 (91.4 M BOGE)"
The total amount lost has been estimated at $17,000 USD.
Immediate Reactions
"An attacker minted 91 million BOGE tokens and crashed its price, relying on a similar vulnerability as the Normie exploit one day earlier."
"Memecoin protocol Based Doge (BOGE) on the Base network was exploited on May 27, the team has confirmed. The attack was “the same as Normie,” the team stated, implying that the attacker exploited a vulnerability similar to the one that caused the recent Normie exploit."
"BOGERS
We regret to inform you that BOGE was recently compromised by a hacking incident (the same as Normie). However, we want to assure you that our team is fully committed to the project's success and to your continued trust and support.
We have taken a snapshot of all current holders and are preparing to relaunch the project. Our primary focus is on ensuring that every one of you is taken care of during this transition. We will redistribute the total supply of BOGE tokens to all holders at no cost.
Thank you for your patience and understanding during this challenging time. We remain dedicated to building a secure and prosperous future for BOGE and its community.
Stay tuned for further updates, and rest assured, we are working tirelessly to make things right."
Ultimate Outcome
"$BOGE is now officially live on Base, and airdrops have been successfully sent to holders!
For those on MEXC, the process takes a bit longer. Your airdrops should be available in your MEXC account within the next 24 hours.
Please note: If you bought $BOGE after the exploit, you are not eligible for the airdrop."
"We want to address an issue regarding MEXC, which represented only 3% of our holders. As you know, the exploiter was able to mint tokens and dump them all at once, significantly increasing the supply. MEXC demanded that we send them 30% of our supply because the post-exploit holders, who bought BOGE at a negligible price (-99%), now represented 30% of the supply. However, we had already airdropped 94% of the supply to our on-chain holders.
Our proposal was to airdrop the pre-exploit holders and refund the others for their purchases up until May 28, when deposits were blocked on MEXC.
Unfortunately, MEXC chose to delist BOGE instead of supporting our approach and insisted on having 30% of the supply. As MEXC is unable to provide us with a CSV file of the holders, we are obliged to conduct the airdrop manually, holder by holder."
Total Amount Recovered
The total amount recovered is unknown.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ https://www.ccn.com/education/crypto/crypto-hacks-exploits-full-list-scams-vulnerabilities/ (Accessed Jun 28, 2024)
- ↑ https://cointelegraph.com/news/based-doge-normie-exploit-91-4-million-boge-drained (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ Base Transaction Hash (Txhash) Details | BaseScan (Accessed Jun 28, 2024)
- ↑ Base Transaction Hash (Txhash) Details | BaseScan (Accessed Jun 28, 2024)
- ↑ Address 0xbA2bd237266A1A853e014240Af254055B526Ba0C | BaseScan (Accessed Jun 28, 2024)
- ↑ Token Transfer | BaseScan (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @gohardst007 Twitter (Accessed Jun 28, 2024)
- ↑ @bogeonbase Twitter (Accessed Jun 28, 2024)
- ↑ @BIFwifhat Twitter (Accessed Jun 28, 2024)
- ↑ @DazeMikail Twitter (Accessed Jun 28, 2024)
- ↑ @BaseNFTMaxi Twitter (Accessed Jun 28, 2024)
- ↑ @Cybermaterial_ Twitter (Accessed Jun 28, 2024)
- ↑ @HackWiizard Twitter (Accessed Jun 28, 2024)
- ↑ @Kireonchain Twitter (Accessed Jun 28, 2024)
- ↑ @Non_ny_23 Twitter (Accessed Jun 28, 2024)
- ↑ @gohardst007 Twitter (Accessed Jun 28, 2024)
- ↑ @0xWosobu Twitter (Accessed Jun 28, 2024)
- ↑ @K1Officer Twitter (Accessed Jun 28, 2024)
- ↑ @BOBOBearCoin Twitter (Accessed Jun 28, 2024)
- ↑ @CryptoClassic99 Twitter (Accessed Jun 28, 2024)
- ↑ @peikaitan Twitter (Accessed Jun 28, 2024)
- ↑ @chambial_harsh Twitter (Accessed Jun 28, 2024)
- ↑ @CryptoTraderPro Twitter (Accessed Jun 28, 2024)
- ↑ @vespermystcl Twitter (Accessed Jun 28, 2024)
- ↑ @DKUKDnA Twitter (Accessed Jun 28, 2024)
- ↑ @Kryptopuns Twitter (Accessed Jun 28, 2024)
- ↑ @_TOBTC Twitter (Accessed Jun 28, 2024)
- ↑ BOGE – Based BOGE (Accessed Jun 28, 2024)