A careless hacker has recently been taking advantage of the profit-making opportunity from abandoned token pools. The hacker borrows a large amount from Decentralized Finance (DeFi) protocol Balancer and moves the funds to increase the token pool's volume. Then, the attacker drains the remaining liquidity and returns the borrowed money, leaving with profits.

This method was first found by Giorgi Khazarade, the CEO of Aurox in testing the platform’s screener functionality. One of the tokens he discovered, CATOSHI, had a $2 million volume but $0 liquidity, causing Khazarade to investigate further. It was found that the token had a 6% tax, of which 3% was redistributed to token holders, 2% burned and 1% put in a charity wallet. A flash loan of $184 million was taken out using $1 million for buying 140K of the token. The tokens were then sold for a total profit of $3,000-$4,000 on the BNB chain.

IMMORTAN was another token discovered by Khazardee that was exploited. This token had a 10% tax of which 8% was distributed to holders and 2% to the development fund. The hacker had run this attack a multitude of times and despite there being only $100 in liquidity, he seemingly still continued to drain the pool.

On similar lines, CATOSHI V3, CRAB and WEEB have also had huge parts of their pools drained out. Khazarade believes that the attacker was simply deploying malicious smart contracts which abused the tokens and drained their liquidities, the contracts either targeting only one token or multiple because they used the same template code.

Although this attack has likely resulted in the attacker only making a few thousand dollars each time, these tokens are almost victimless exploits as they have already largely been abandoned and have very little liquidity. It is probable that most of the tokens were formed with a faulty template code which gave the attacker the opportunity to profit easily.



Other News from Today