Hackers Are Targeting Abandoned Meme Tokens in Almost-victimless Crime

The hacker has been targeting tokens with redistribution rewards


Dall-e modified by Blockworks


An opportunistic hacker has been draining the remaining liquidity from abandoned token pools in what some have called an almost-victimless exploit.

The attacker uses flash loans from DeFi protocol Balancer to borrow a significant amount of money. They then redirect those funds to drive up the volume of a chosen token’s pool. 

Once the volume of the pool increases, the attacker drains the remaining liquidity from the pool and returns the money it borrowed from the flash loan.

These attacks were first spotted by Giorgi Khazarade, the CEO of Aurox, when he was testing to find bugs and data inconsistencies in Aurox’s screener functionality.

“I noticed one token (CATOSHI) had nearly $2M in volume but $0 in liquidity, which is extremely odd,” Khazarade told Blockworks. “I thought it was a bug but when looking more into it, I found the stats our platform displayed were correct.”

In the CATOSHI exploit noted by Khazarade, the hacker borrowed an estimated $184 million in wETH through a flash loan, using approximately $1 million from that loan to purchase CATOSHI tokens.

According to a CATOSHI white paper that was published in 2022, the token had launched on Ethereum with an initial supply of 21 million. This amount was later burnt down to 11 million. 

CATOSHI’s tokenomics were a reworked version of reflect finance’s (RFI) frictionless yield generation code. It included a 6% tax, where 3% of it was redistributed to holders, 2% was burnt and 1% was directed to a charity wallet. 

This means that token holders would be given a 3% redistribution reward whenever anyone bought or sold the CATOSHI token. 

After purchasing over 166K in CATS, the attacker bridged the tokens onto the BNB chain. There they sold the tokens for roughly 10 BNB, leaving them with a total profit of $3,000-$4,000. The remaining funds were returned to pay back their flash loan.

Khazarade noted that another token, IMMORTAN, also saw a similar fate

“I noticed a second token (IMMORTAN) in our Screener with similar stats,” Khazarade said. “Large volume and just a couple hundred dollars in liquidity. A similar attack using flash loans had been launched against that token multiple times over the past week to drain the liquidity pool of about $2-3k.”

Similar to CATOSHI, IMMORTAN also had redistribution awards. According to its white paper published in 2021, a 10% tax was applied to buyers and sellers, with 8% of that tax being redistributed to holders and 2% given to the development team for operational purposes. 

“In this instance though, he executed the attack a lot. In fact, he’s still doing it even though there’s ~$100 in liquidity left. He’s basically trying to drain every penny of it,” Khazarade said. “Each attack only yielded a small amount of profit, and by my estimates, he made a combined ~$3k.”

CATOSHI and IMMORTAN are not the only tokens that have had their pools completely drained. More recently, Khazarade noted that the attacker extracted $4,000 in ETH from CATS V3. A project named ​​CRAB has also seen $2,000 in ETH cleared from its pools. 

Just yesterday, the attacker used a similar method to extract WEEB of almost $30,000 in ETH liquidity.

“I’m not 100% certain but it seems like [the attacker] routinely deployed malicious smart contracts that abuse a variety of tokens and drain their liquidities,” Khazarade said.

“Some seem to be specialized which only attack one individual token, whereas other contracts can do it for various tokens…probably because the tokens use some template code with the same bug.”

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research report - cover graphics (1).jpg


In this report, we dive into crypto private market data to gather insights on where the future of the industry is headed. Despite a notable downturn in private raises, capital continues to infuse promising projects that aim to transform payments, banking, consumer experiences, community, and more, with 2023 being the fourth-largest year for crypto venture capital.


BUZZ holds shares of Coinbase, Robinhood and MicroStrategy


Opinion: Even though I didn’t pay for my “Diamond Hands” burger with BTC, don’t let that fool you into thinking that crypto’s development is futile


The results mark “a major positive inflection point,” one analyst says, as the exchange carries net income momentum into a crypto rally


While the slate of 10 US spot bitcoin funds have tallied $4.6 billion of net inflows thus far, half of the field is lagging the leaders


Trading volumes totalled $154 billion in Q4, including $125 billion in institutional volume


DeFi on Bitcoin is all the rage right now and Stacks is positioned to benefit