Hackers Are Targeting Abandoned Meme Tokens in Almost-victimless Crime

The hacker has been targeting tokens with redistribution rewards

by Bessie Liu /
article-image

Dall-e modified by Blockworks

share

An opportunistic hacker has been draining the remaining liquidity from abandoned token pools in what some have called an almost-victimless exploit.

The attacker uses flash loans from DeFi protocol Balancer to borrow a significant amount of money. They then redirect those funds to drive up the volume of a chosen token’s pool. 

Once the volume of the pool increases, the attacker drains the remaining liquidity from the pool and returns the money it borrowed from the flash loan.

These attacks were first spotted by Giorgi Khazarade, the CEO of Aurox, when he was testing to find bugs and data inconsistencies in Aurox’s screener functionality.

“I noticed one token (CATOSHI) had nearly $2M in volume but $0 in liquidity, which is extremely odd,” Khazarade told Blockworks. “I thought it was a bug but when looking more into it, I found the stats our platform displayed were correct.”

In the CATOSHI exploit noted by Khazarade, the hacker borrowed an estimated $184 million in wETH through a flash loan, using approximately $1 million from that loan to purchase CATOSHI tokens.

Newsletter

Subscribe to Blockworks Daily

According to a CATOSHI white paper that was published in 2022, the token had launched on Ethereum with an initial supply of 21 million. This amount was later burnt down to 11 million. 

CATOSHI’s tokenomics were a reworked version of reflect finance’s (RFI) frictionless yield generation code. It included a 6% tax, where 3% of it was redistributed to holders, 2% was burnt and 1% was directed to a charity wallet. 

This means that token holders would be given a 3% redistribution reward whenever anyone bought or sold the CATOSHI token. 

After purchasing over 166K in CATS, the attacker bridged the tokens onto the BNB chain. There they sold the tokens for roughly 10 BNB, leaving them with a total profit of $3,000-$4,000. The remaining funds were returned to pay back their flash loan.

Khazarade noted that another token, IMMORTAN, also saw a similar fate

“I noticed a second token (IMMORTAN) in our Screener with similar stats,” Khazarade said. “Large volume and just a couple hundred dollars in liquidity. A similar attack using flash loans had been launched against that token multiple times over the past week to drain the liquidity pool of about $2-3k.”

Similar to CATOSHI, IMMORTAN also had redistribution awards. According to its white paper published in 2021, a 10% tax was applied to buyers and sellers, with 8% of that tax being redistributed to holders and 2% given to the development team for operational purposes. 

“In this instance though, he executed the attack a lot. In fact, he’s still doing it even though there’s ~$100 in liquidity left. He’s basically trying to drain every penny of it,” Khazarade said. “Each attack only yielded a small amount of profit, and by my estimates, he made a combined ~$3k.”

CATOSHI and IMMORTAN are not the only tokens that have had their pools completely drained. More recently, Khazarade noted that the attacker extracted $4,000 in ETH from CATS V3. A project named ​​CRAB has also seen $2,000 in ETH cleared from its pools. 

Just yesterday, the attacker used a similar method to extract WEEB of almost $30,000 in ETH liquidity.

“I’m not 100% certain but it seems like [the attacker] routinely deployed malicious smart contracts that abuse a variety of tokens and drain their liquidities,” Khazarade said.

“Some seem to be specialized which only attack one individual token, whereas other contracts can do it for various tokens…probably because the tokens use some template code with the same bug.”

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Digital Asset Summit 2025

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Unlocked by Template.png

Research

GEODNET: Enabling Ubiquitous Autonomy

RTK networks are critical to enabling a world of ubiquitous autonomous drones, vehicles, and industrial robots. We believe the GEOD token enables both a cost and product advantage for the GEODNET RTK network, which will allow it to out-compete multi-billion dollar incumbents Trimble and Hexagon.

by Ryan Connor

/

news

article-image

Empire NewsletterMarkets

Expect a ‘massive altcoin season’ once bitcoin dominance hits 65%

HashKey’s Jupiter Zheng highlighted three success areas he’s watching: Ethereum, Solana and certain tokens in DeFi

by Katherine Ross /
article-image

Lightspeed NewsletterWeb3

Crypto AI agents are mostly old tech in new packaging

Jack explored the various AI and memecoin projects that have sprung up over the past month

by Jack Kubinec /
article-image

Empire NewsletterMarkets

Bitcoin is inches away from cracking all-time high against gold

If gold remains steady today, a single move from bitcoin to $98,500 would do it

by David Canellis /
article-image

Forward Guidance NewsletterMarkets

Nvidia heads into earnings as its star chip continues to glitch 

Revenue estimates for the third quarter come in at $33 billion, which would be an 83% increase from the prior year

by Casey Wagner /
article-image

Forward Guidance NewsletterPolicy

What the US election outcome spurred in crypto land  

Senator Cynthia Lummis hopes a US strategic bitcoin reserve can be teed up for “adoption in 2025”

by Ben Strack /
article-image

0xResearch NewsletterDeFi

The blobs conundrum: Ethereum’s balancing act

As EIP-4844 “blobs” transform the economics of Ethereum layer-2s, a growing debate pits long-term scalability against immediate ETH value

by Donovan Choy /