LIFE Protocol Price Not Updated When Sold Price Manipulation

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

LIFE Protocol Logo/Homepage

LIFE Protocol is a digital asset ecosystem that grows in value with every transaction, driven by an algorithmic pricing model and a 20-level referral system designed to reward community engagement and incentivize network growth. It also uses a reserve-backed liquidity model to maintain price stability. However, a critical flaw in the smart contract—where the token price (currentPrice) was only updated during buy transactions and not during sells—allowed attackers to manipulate the price by inflating it through repeated buys and then selling at the outdated, higher rate. This vulnerability led to a $51,000 exploit, first identified by Tikkala Security and later analyzed by CertiK’s AI Agent, with confirmation from SlowMist. Despite the severity of the incident, LIFE Protocol has not issued any public response or recovery plan for affected users. The website currently states that buying and selling are paused for a “security upgrade and maintenance,” with no clear timeline for resumption.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17]

About LIFE Protocol

LIFE Protocol is a digital asset ecosystem designed to grow in value with every transaction. Central to its appeal is an algorithmic pricing model that increases the token's price with each purchase, ensuring that holders benefit from continuous financial growth as the user base expands. The protocol positions itself as a long-term investment opportunity, emphasizing both value appreciation and network-driven rewards.

A key feature of LIFE Protocol is its 20-level referral system, which allows users to earn passive income through both direct and indirect connections. This structure not only incentivizes community growth but also maximizes user engagement by offering increasing returns as the network deepens. Through this affiliate program, participants can introduce just two people to unlock a broad and potentially lucrative earning structure.

To maintain price stability and investor confidence, LIFE employs an algorithmic liquidity model backed by a reserve fund. This ensures that token buybacks can be executed as needed, reinforcing sustainability.

The Reality

Unfortunately, the Life Protocol smart contract contained a critical flaw where the currentPrice variable was updated only during buy transactions but not during sell transactions. This oversight could allow manipulating the token price by buying heavily to inflate it, then selling tokens at the outdated, higher price.

What Happened

LIFE Protocol suffered an attack resulting in a loss exceeding $51,000, according to SlowMist.

Key Event Timeline - LIFE Protocol Price Not Updated When Sold Price Manipulation
Date Event Description
January 16th, 2025 9:06:15 AM MST Life Protocol Smart Contract Created The Life Protocol smart contract is created.
April 26th, 2025 12:43:10 PM MDT First Exploit BSC Transaction The first exploit transaction takes over $15k of BSC-USD.
April 26th, 2025 12:43:13 PM MDT Second Exploit BSC Transaction The second exploit transaction takes over $11k of BSC-USD from the Life Protocol smart contract.
April 26th, 2025 5:13:00 PM MDT Tikkala Security Tweets Tikkala Security appears to be the first to notice the suspicious transactions and identified a critical flaw in Life Protocol’s contract: the ‘currentPrice’ was updated during buys but not after sells. This oversight allowed attackers to inflate the token price by buying heavily, then sell at the artificially high fixed rate, resulting in a $26,000 loss from the protocol. The two flagged transactions demonstrate this exploit in action.
April 26th, 2025 7:50:00 PM MDT CertiK AI Agent Tweets CertiK's AI Agent posts a public warning and analysis of the suspicious second transaction, highlighting a potential exploit involving repeated self-trades and flash loans to artificially inflate Life Protocol's token price. The flagged transaction shows multiple buy() operations with stablecoins causing incremental price increases, suggesting price manipulation for profit. The analysis urges projects to implement trade frequency limits, monitor abnormal trading behavior, and strengthen DEX pricing mechanisms to prevent such exploits.
April 26th, 2025 8:04:00 PM MDT Ten Armor Posting Tweet Ten Armor posts an announcement with details of the transactions, reporting $26k in impact so far.
April 26th, 2025 11:48:32 PM MDT Third Exploit BSC Transaction A malicious transaction on the Binance Smart Chain takes $20k BSC-USD.
April 26th, 2025 11:59:00 PM MDT Ten Armor Posting Tweet Ten Armor posts an updated tweet about the second attack.
April 27th, 2025 1:17:00 AM MDT SlowMist Announcement Tweet SlowMist posts a security alert and reports the loss as $51k, with a link to LifeProtocol's Twitter/X account.
April 27th, 2025 12:29:00 PM MDT Token Purchase Promotion Life Protocol posts on Twitter/X to encourage more purchases of their $LIFE token. The protocol is evidently still online and promoting itself on Twitter/X.
May 8th, 2025 10:46:00 AM MDT Life Protocol Assurances Life Protocol returns with a tweet about how investors are "always backed by an immutable USDT reserve you can verify on-chain". This is followed shortly by multiple other tweets, about how selling fees adds 10% to the reserve, information about exit mechanics being available, 100% collateral backing and low fees, and how you can exit safely anytime.
May 29th, 2025 4:06:00 PM MDT Bitcoin2025 Conference The team posts about Bitcoin2025, suggesting that they are among those attending the conference.

Technical Details

The exploit stemmed from a flaw in the Life Protocol smart contract where the token price (currentPrice) was updated only during buy() operations but not after sell() operations. This allowed attackers to artificially inflate the token price by repeatedly buying large amounts, causing incremental price increases, and then selling tokens at the outdated, higher fixed price since the sell() function failed to update the price accordingly. This mismatch enabled attackers to profit by selling overpriced tokens, manipulating the price through repeated trades without proper price adjustment after sales.

Total Amount Lost

SlowMist reports that the total amount lost was $51k.

The total amount lost has been estimated at $51,000 USD.

Immediate Reactions

The incident was first noticed and publicly flagged by Tikkala Security, who identified the root cause and alerted the Life Protocol team and community via social media. They provided detailed technical insights, pointing out that the currentPrice was updated during buys but not during sells, allowing attackers to exploit the pricing logic. Shortly after, CertiK's AI Agent also responded by issuing a public warning and detailed analysis of a suspicious second transaction, identifying flash loan use and repeated self-trades to manipulate token prices. The incident was later noted by SlowMist.

Ultimate Outcome

It does not appear that Life Protocol has posted any announcements on Twitter/X

The Life Protocol website currently displays a message "Buying and selling is on pause for security upgrade and maintenance.".

Total Amount Recovered

Life Protocol does not appear to have prepared any public plans to make users whole.

There do not appear to have been any funds recovered in this case.

Ongoing Developments

The message remains active on the Life Protocol website and it is unclear when the buying and selling of the token will resume.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist - "We have detected that @LifeProto is being continuously exploited, with losses exceeding $51K. As always, stay vigilant!" - Twitter/X (Accessed May 28, 2025)
  2. Life Protocol Homepage (Accessed May 28, 2025)
  3. Life Protocol - "Ready to buy? Jump in now" - Twitter/X (Accessed May 28, 2025)
  4. Thirst Transaction Takes $20k BSC-USD From Life Protocol - BSCScan (Accessed May 28, 2025)
  5. TenArmorAlert - "another exploit again, @LifeProto Do something!" - Twitter/X (Accessed May 28, 2025)
  6. First Transaction Takes $15,114.79k BSC-USD - BSCScan (Accessed May 28, 2025)
  7. CertiK AI Agent - "A suspicious transaction flagged involving repeated self-trades—potential exploit using flash loans to manipulate token prices!" - Twitter/X (Accessed May 28, 2025)
  8. Tikkala Research - "Hi @LifeProto @JeanPhilippeBea You may need to take a look these two" - Twitter/X (Accessed May 28, 2025)
  9. Second Transaction Takes $11,288.97 BSC-USD - BSCScan (Accessed May 28, 2025)
  10. Life Protocol - Twitter/X (Accessed May 28, 2025)
  11. Jean-Philippe Beaudet - Founder Of Life Protocol - Twitter/X (Accessed May 28, 2025)
  12. Ten Armor - "It appears that attacks have been active recently. Here's another hack. Our system has detected that #LIFE Protocol @LifeProto on #BSC was attacked, resulting in an approximately loss of $26K." - Twitter/X (Accessed Aug 5, 2025)
  13. Life Protocol Smart Contract - BSCScan (Accessed Aug 5, 2025)
  14. Life Protocol Smart Contract Creation - BSCScan (Accessed Aug 5, 2025)
  15. Life Protocol - "Pro tip: Always verify token address on BscScan before buying: 0x19B2834f99Fb9eB4164CB5b49046Ec207F894197." - Twitter/X (Accessed Aug 5, 2025)
  16. Life Protocol - "You’re always backed by an immutable USDT reserve you can verify on-chain." - Twitter/X (Accessed Aug 5, 2025)
  17. BitAngels - "The BitAngels team is having an absolute blast at BITCOIN2025! Catch us at the @btcstartuplab and @TokenizeCon events tonight." - Twitter/X (Accessed Aug 5, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=LIFE_Protocol_Price_Not_Updated_When_Sold_Price_Manipulation&oldid=6914"