在幣安創辦人趙長鵬賣力帶貨之下,BNB Chain 近期迷因幣熱潮再起,不過值此之際,BNB Chain 上迷因幣發行平台 Four.meme 卻在今日遭遇駭客攻擊,損失約 13 萬美元,Four.meme 表示,將向受害者全額補償。
(前情提要:幣安:限時內遇 BNB Chain 夾單損失全額賠償、Binance wallet 半年內0手續費…全力衝刺迷因季)
(背景補充:BNB鏈交易量超越SOL、ETH!CZ 捐贈地址買入$Mubarak、$TST,分享發幣教學)
今午有鏈上玩家披露,BNB Chain 上迷因幣發行平台 Four.meme 出現漏洞,攻擊者透過 MEV 在 Four.meme 加入 pancake 流動池的時候,提前跑 addLig 操縱價格,導致內盤會瞬間提前加單邊池子,來掏空池子。
https://t.co/ghyXiH5BXE
出现大漏洞!!!!!!!!!
通过MEV,再fourmeme加入pancake流动池的时候前跑addLig,操纵价格,内盘会瞬间提前加单边池子掏空池子@four_meme_ pic.twitter.com/T4MDDARUH9— 币海星辰 (@Zg1000X) March 18, 2025
慢霧資安長 23pds 隨後也發推指出,Four.Meme 遭駭客攻擊,損失約 12 萬美元,所有合約均未出現漏洞。根本原因是 Four.Meme 向 PancakeSwap 添加流動性的交易外洩,駭客不知道用什麼捆綁了本應是私密的啟動交易,從而實現夾層操作。
Fourmeme was hacked for ~$120K. None of the contracts was vulnerable. The root cause is the launch (add liquidity to pancakeswap) tx got leaked. The hacker managed to sandwich by bundling with the launch tx, which was supposed to be private.@cz_binance whats going on… https://t.co/8S7tN6mEeF pic.twitter.com/HqmzCw4RTR
— Chaofan Shou (svm/acc) (@shoucccc) March 18, 2025
根據慢霧進一步分析,攻擊者的手法是,在 Four.meme 的多個新代幣正式發行前,通過 0x7f79f6df 函數購買少量代幣,並利用該功能將代幣發送到一個尚未創建的 PancakeSwap 交易對地址。
這使得攻擊者能在不需要額外轉移新代幣的情況下,直接創建交易對,並添加流動性,從而繞過 Four.meme 代幣發行前適用的轉帳限制(MODE_TRANSFER_RESTRICTED),最終攻擊者得以在非預期的價格範圍內添加流動性,進而竊取池內流動性資金。
🚨SlowMist Security Alert🚨
The attacker purchased a small amount of tokens before launch through the 0x7f79f6df function of @four_meme_, and used this feature to send tokens to a specified PancakeSwap Pair address that had not yet been created.
This allowed the attacker to… https://t.co/hyXyKcc2Oq pic.twitter.com/Tjgz9tvuw8
— SlowMist (@SlowMist_Team) March 18, 2025
據派盾監測,Four.Meme 駭客已竊取約 200 枚 BNB,約價值 13 萬美元,並將資金轉移到去中心化交易所 FixedFloat 。
#PeckShieldAlert Four[.]Meme @four_meme_ has suffered an attack. The hacker has already stolen ~200 $BNB (~worth 130K) and transferred the funds to #FixedFloathttps://t.co/SOy2lYdIjz pic.twitter.com/UslMa8cg7t
— PeckShieldAlert (@PeckShieldAlert) March 18, 2025
Four.Meme 證實遭駭、將全額賠償受害者
Four.Meme 稍早發聲明證實遭受攻擊,已暫停 Launch 功能,進行緊急調查,將對受影響用戶進行補償,並提供損失提交表單,以收集相關資訊:
我們將全額補償受影響用戶的損失。驗證過程完成後,將在本週內發放賠償金。
Additionally, we will fully compensate affected users for their losses. Once the verification process is complete, compensation will be issued within this week.
— Four.Meme (@four_meme_) March 18, 2025
📍相關報導📍
Alpha掘金》BNB Chain迷因季崛起,如何以追蹤工具Chain.fm鎖定下個$Mubarak?
