Four.meme Liquidity Theft via Pre-Launch Restriction Bypass

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 15:51, 14 May 2025 by Azoundria (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Four.meme Logo/Homepage

Four Meme is a decentralized platform on Binance Smart Chain that allows users to create, trade, and explore a variety of meme-based tokens with themes ranging from cultural references to AI-driven concepts. With a playful focus, the platform offers tools for token creation, trading on decentralized exchanges like PancakeSwap, and real-time performance tracking. In 2024, Four Meme experienced a security breach that allowed an attacker to manipulate token launch mechanics, leading to a liquidity pool theft estimated between $120K and $130K. The platform quickly responded by halting operations, investigating the issue, compensating affected users, and enhancing its security measures. It has since resumed operations, although the attacker remains unidentified.[1][2][3][4][5][6][7][8]

About Four.meme

Four Meme is a decentralized platform focused on meme coins, allowing users to create, trade, and explore a wide range of meme-based digital assets. The platform supports various meme coins with diverse themes, including AI-driven, meme-centric, and culturally inspired tokens like Trump Sleep, CZ BUNI, and Chinese Pepe. Each token is typically launched on Binance Smart Chain (BNB) and features fluctuating market caps that highlight the speculative nature of meme coin investments.

Four Meme enables users to create their own meme tokens, which are listed and traded on PancakeSwap and other decentralized exchanges. The platform provides a user-friendly environment to search, create, and rank tokens. It also offers a unique feature to track token performance, including market cap and percentage changes, allowing users to stay updated on their investments. Despite the playful nature of meme coins, Four Meme maintains a disclaimer emphasizing the speculative and volatile nature of these digital assets, encouraging users to conduct their own research before trading.

"Four.meme is a streamlined, low-cost pathway to introduce even more meme tokens into the world. Create anything. Any meme you want to put out into the blockchain ecosystem. We’re here to be your canvas and your logistical minion. We’ll help you get the most traction possible with users on BSC. All we’re asking is you create the best viral memes that can potentially make you famous."

The Reality

Four.meme had a vulnerability where an attacker was able to use a function to purchase a small number of tokens before the official launch and send them to a PancakeSwap Pair address that hadn’t yet been created. This could be used to create the Pair and add liquidity without triggering the token’s pre-launch transfer restrictions (MODE_TRANSFER_RESTRICTED). By bypassing these restrictions, it was possible to set the initial liquidity at a manipulated price, allowing liquidity pool theft.

What Happened

An attacker exploited a function in @four_meme_ to bypass pre-launch transfer restrictions, create a liquidity pair at an unintended price, and steal liquidity.

Key Event Timeline - Four.meme Liquidity Theft via Pre-Launch Restriction Bypass
Date Event Description
March 17th, 2025 4:54:53 PM MDT Binance Theft Transaction One of the theft transactions on the Binance Smart Chain.
March 17th, 2025 9:01:05 PM MDT Additional Theft Transaction Another Binance Smart Chain transaction related to the theft.
March 17th, 2025 9:06:00 PM MDT Zhengqiang Li Tweet A report by Zhengqiang Li is translated to report that the "flow cell manipulation bug reappeared". "Through MEV, when fourmeme joins the pancake liquidity pool, addLiq is run first to manipulate the price."
March 17th, 2025 9:59:00 PM MDT SlowMist Shares Tweet SlowMist posts details that an attacker exploited the 0x7f79f6df function of @four_meme_ to acquire tokens pre-launch and send them to a not-yet-created PancakeSwap Pair address. This let the attacker create the Pair and add liquidity without triggering the pre-launch transfer restrictions (MODE_TRANSFER_RESTRICTED). As a result, the attacker manipulated pricing and stole liquidity from the pool.
March 17th, 2025 10:44:00 PM MDT Four.meme Post About Attack Four.meme updates their community that the platform is currently under attack, prompting the suspension of the launch function for emergency investigation. The team is actively working to resolve the issue, enhance security, and will compensate affected users through a damage submission form. They thank users for their support and will
March 17th, 2025 10:58:00 PM MDT CertiK Posts Alert Tweet CertiK posts an alert tweet with some details about how the exploit occurred.
March 18th, 2025 3:23:00 AM MDT Launch Function Resumed SlowMist reports that the launch function has now been resumed "after a thorough security inspection".

Technical Details

"The attacker purchased a small amount of tokens before launch through the 0x7f79f6df function of @four_meme_, and used this feature to send tokens to a specified PancakeSwap Pair address that had not yet been created.

This allowed the attacker to create the Pair and add liquidity without needing to transfer the yet-to-be-launched tokens to the Pair, bypassing the transfer restrictions (MODE_TRANSFER_RESTRICTED) that applied before the http://Four.meme Token launch.

Ultimately, the attacker was able to add liquidity at an unintended price to steal pool liquidity."

Total Amount Lost

SlowMist reports the loss amount as $130k. Other sources have reported $120k.

The total amount lost has been estimated at $130,000 USD.

Immediate Reactions

In response to the attack, Four.meme promptly suspended its launch function for emergency investigation. They assured users that affected individuals would be compensated and provided a damage submission form to collect relevant information. The team worked diligently to address the issue and enhance system security.

Ultimate Outcome

Once the problem was resolved, Four.meme resumed operations and continued to update the community on their progress.

Total Amount Recovered

Users were reportedly fully compensated for their losses.

There do not appear to have been any funds recovered in this case.

Ongoing Developments

The Four.meme platform continues to operate. It is unclear if the attacker has been caught or any funds have been recovered by the platform.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist - "The attacker purchased a small amount of tokens before launch through the 0x7f79f6df function of @four_meme_, and used this feature to send tokens to a specified PancakeSwap Pair address that had not yet been created." - Twitter/X (Accessed May 12, 2025)
  2. "The launch function has now been resumed after a thorough security inspection. Our team has addressed the issue and reinforced system security." - Twitter/X (Accessed May 12, 2025)
  3. Four.Meme Resumes Launch Feature on BNB Chain After Attack - BTCC (Accessed May 12, 2025)
  4. Four.Meme Resumes Launch Feature on BNB Chain After Attack - CryptoNews (Accessed May 12, 2025)
  5. CertiK Alert - "In this case of SBL token for example, the attacker sent a bit of SBL token to the pre-calcualted pair address in advance, then profited 21.1 BNB by sandwiching the add liquidity transaction at launch." - Twitter/X (Accessed May 12, 2025)
  6. CertiK Alert - "We have seen an ongoing attack on the @four_meme_ platform. By transferring an imbalanced amount of un-launched tokens to pair addresses before the pair was created, the attacker can manipulate the pair price at launch before selling them afterward for profit." - Twitter/X (Accessed May 12, 2025)
  7. Zhengqiang Li - "The flow cell manipulation bug reappeared. Through MEV, when fourmeme joins the pancake liquidity pool, addLiq is run first to manipulate the price." - Twitter/X (Accessed May 12, 2025)
  8. [ ] (Accessed Jan 16, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Four.meme_Liquidity_Theft_via_Pre-Launch_Restriction_Bypass&oldid=6711"