Wall Street Memes Staking Contract Exploited

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Wall Street Memes Logo/Homepages

Wall Street Memes is a token to celebrate the short squeeze conducted on the GameStop stock. Late on January 24th, 2024, an attacker was able to exploit the Wall Street Memes smart contract and access the staked tokens. This allowed them to acquire 769.4 million WSM tokens, which they promptly began to sell. They stopped selling with 369.2 million tokens remainign in 17 wallets, with the value of the token having dropped 35% and at high risk of dropping further. The Wall Street Memes team ultimately relaunched the smart contract on the Binance Smart Chain and airdropped tokens to the original holders based on their balances prior to the exploit.

This is a global/international case not involving a specific country.[1]

About Wall Street Memes

"The $WSM token celebrates the little guys, the retail investors. The guys that took on wall street and won.

With a buyback program to support token price, WSMCasino to get your blood pumping, and a staking program to reward diamond hands, the $WSM token is the hottest meme token out there."

"The Wall Street Memes community is the home of the degen. Born out of the GameStop saga, we’ve assembled a community of over 1.1 million diamond hands on social, serving the best memes Wall Street doesn’t want you to see.

Looking to work with Wall Street Memes? We work with selective partners to offer collaborative content and ad placements. To find out more about Wall Street Memes partnerships click here."

"Welcome to the new home of the degen - Wall St Memes Casino is the ultimate destination to spend your well earned gains. With custom Wall St Memes games, sports betting, a live casino, and $WSM token integration, it’s the perfect place to grow your bags!"

"We did audit the token."

"The end to hack attacks targeting the cryptocurrency world is not in sight. Hackers most recently targeted the staking contract of Wall Street Memes (WSM), created under the motto “the ultimate expression of the internet’s victory against rampant capitalism.” Following the hack attack, the altcoin’s price sharply fell."

"On-chain data provider Spot On Chain reported that after the hack targeting Wall Street Memes’ WSM staking contract, the altcoin’s price dropped by approximately 35% in the last 24 hours.

In the hack attack, a wallet address starting with 0xb52… stole 769.4 million WSM tokens from the WSM staking contract and began selling the stolen tokens on Uniswap and MEXC exchanges for Ethereum (ETH). Currently, the hacker has 369.2 million WSM tokens worth $3.58 million in 17 wallet addresses, indicating that the selling pressure will continue and the altcoin’s decline will persist."

On January 24th, 2024, "the Wall Street Memes token was subject to a coordinated attack. The hackers exploited a vulnerability with our staking provider and accessed the $WSM staking contract.

Our team acted fast, pulling liquidity from Uniswap and asked exchanges to temporarily halt trading. These quick actions have made it difficult for the hackers to sell the stolen tokens, and limited the impact on the $WSM token."

"The team has been working around the clock to execute a plan to restore users staked tokens, and renew the liquidity pool.

Over the coming days, we’ll be working to deploy an upgraded token contract. This will allow us to:

Create a new staking pool and mirror all the staked token information from the current staking contract. Meaning users still have all of their staked tokens. Create a new liquidity pool that matches the current one, maintaining consistency of price as we switch to the new contract.

What does this mean for holders?

As we move to the new token contract, we’ll be doing the following.

The current WSM token will cease to be tradable, and we’re working with exchanges to move all holder funds to the new token contract. Staked funds will be moved to a new staking contract and users will be able to access their staked funds via the new contract. DeFi and non-custodial holders will be airdropped the equivalent of the new token. The team are still investigating the root cause of the hack, and are diligently working with providers and exchanges to facilitate a smooth transition to the new token. We’ll keep you all updated on our community channels as soon as we have updates."

"We’re still investigating the root cause of the hack with our staking provider."

"The new contract will feature enhanced security, we’ll update you more on that as development progresses."

"According to Spot On Chain, the hacker still holds 396.2 million WSM tokens out of the 769.4 million exploited during the attack. At the time of the report, the tokens stored in 17 different wallet addresses are worth around $3.58million.

Given WSM’s current total market capitalization, a dump of the remaining token by the hacker would significantly hurt WSM’s value. Currently, the meme network has a total market cap of $17.4 million and a circulating supply of 1.92 billion tokens."

"No normal communication from the team on official telegram channel, banning users who ask important questions and kicking out from the chat, deleting user posted important comments, very fishy"

"That's fine but why I am blocked or expelled from the Telegram group? I am holding wsm coins right from presale and what's wrong in asking the status of my coins because of this attack?"

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Wall Street Memes Staking Contract Exploited
Date Event Description
January 25th, 2024 4:55:57 AM MST The Crypto Times The Crypto Times publishes an article showing about the exploit, and referencing the tweet. (which wouldn't be published for another hour - double check time TBD).
January 25th, 2024 6:01:37 AM MST Medium Post An "important security update" is posted about the exploit.
January 25th, 2024 6:06:00 AM MST Twitter Post There is a post made on Twitter about the exploit.
January 26th, 2024 7:40:00 AM MST CoinEdition Article CoinEdition publushes an article on the exploit. Roughly half of the tokens remain in the exploiters wallet and they have no way to sell presently.
February 10th, 2024 12:45:27 PM MST YouTube Video A YouTube video covers the attack, the price dropping a lot, and a move from Ethereum to Binance Smart Chain.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

Couldn't find the transaction: https://etherscan.io/advanced-filter?tkn=0xb62e45c3df611dce236a6ddc7a493d79f9dfadef&txntype=2&age=2024-01-25%7e2024-01-26&ps=100&p=38

The total amount lost has been estimated at $3,580,000 USD.

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Wall Street Memes Faces Coordinated Attack on $WSM Network | The Crypto Times (May 2, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Wall_Street_Memes_Staking_Contract_Exploited&oldid=5742"