Following an exploit that led to a $130,000 loss, the memecoin launchpad on BNB Chain, Four.Meme, has restored its token launch capabilities.
In a post on March 18 on X, the Four.Meme team acknowledged that they were the target of an attack, which led to the urgent suspension of their launch features. The platform addressed users, stating:
“At this time, Four.Meme is experiencing an attack, necessitating the suspension of the launch function for immediate investigation. We will ensure compensation for affected users and provide a claims form to gather necessary details.”
Several hours later, the team reported that they had resumed the launch function after conducting a comprehensive security assessment.
They also announced that compensation for affected users had begun and encouraged claims to be submitted for processing. Individuals impacted will need to be verified, and payouts are anticipated within the week.
Despite these updates, Four.Meme did not specify the total amount lost during the attack or the exact nature of the security breach.
This incident represents the second major exploit involving Four.Meme within a two-month timeframe.
Earlier, on February 11, the platform was hit by a liquidity manipulation attack, which resulted in the suspension of its Liquidity Provider (LP). Analysts estimated the losses from that event to be between $183,000 and $200,000.
Understanding this incident
According to a Web3 security firm, the attacker took advantage of a weakness in the 0x7f79f6df function, permitting them to acquire tokens prior to their official launch.
By leveraging this function, the attackers managed to send tokens to a PancakeSwap Pair address that hadn’t been established yet. This loophole allowed them to create the Pair and add liquidity without needing to transfer tokens that had yet to launch.
The attacker circumvented Four.Meme’s transfer restrictions (MODE_TRANSFER_RESTRICTED) and manipulated liquidity at an unexpected price, depleting the pool funds.
Through this breach, a blockchain security firm reported that the hacker extracted around 200 BNB (worth $130,000) and transferred the funds to FixedFloat.
