- Lorem tweeted that the Ethereum mainnet had rug pull attacks.
- The rug pulls were followed by the attack on Binance.
- The official addresses of the hackers didn’t match each other.
A Web3 developer, Lorem, tweeted that the Ethereum mainnet had been facing rug pull attacks, after the hack on Binance. Following the initial attack, a malicious BNBHACKERINU token was created and later removed, causing the rug pull.
A few hours before, Binance was reported to have lost almost $600 million due to an exploit that occurred on a cross-chain bridge. Immediately after the hack, the blockchain suspended its transactions, conveying apologies for the inconvenience.
Lorem said that a malicious user created fake tokens to attack the Ethereum mainnet. Though attempts were made to cross-check the addresses of both hackers, the Ethereum hacker’s address didn’t match the BNB hacker’s.
However, the team was able to find a variable named “lead deployer” in the contract that matched the initial address. Though the addresses didn’t really match, four contract methods stood out.
Lorem put forward a detailed analysis of the different methods by which the attack was carried out. The initial method of adding an arbitrary number of tokens to the owner’s balance wasn’t suspected to be a rug pull. But the remaining three were obviously malicious.
Furthermore, the three other methods, including execTransaction(), wrap(), and run(), allowed the owner to take the tokens from any holder’s wallet and to transact them to any other wallet.
Eventually, Lorem identified that the owner was constantly repeating these steps and the stolen tokens were sent to an account with 0 ETH. Though initially it was thought that the attacker was collecting all the tokens for sale, Lorem concluded that the owner could prevent the sale, as he saw the tokens eventually rug.
The hackers literally minted over 1 quadrillion tokens. Afterward, they created a memecoin, HACKERSHIBA, to carry out another hack. After their initial successful exploit, Lorem added that it was the first time he saw a hacker creating a meme coin. He called it an “absolute goblin tactic”.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
