According to blockchain security firm PeckShield, Web3Memes (W3M), a memecoin based on the Binance Smart Chain (BSC), had its liquidity pools drained of almost 625 Binance Coins (BNB). This is the latest rug pull to have occurred using Tornado Cash.
At the time of publication, the sum was valued at $235,000 USD. PeckShield reported the exploit via a tweet from their official Twitter handle.
So what went down?
According to Blockchain data, the currency was launched in the early hours of the morning and listed on BSC-based PancakeSwap shortly after. In the following hours, W3M saw over 1,800 transactions and over 1,000 holders, at the time of writing.
However, five hours after its issuance, the mysterious creators removed W3M’s liquidity, resulting in the infamous ‘rug pull’, a crypto market term for such acts.
After the rug pull, W3M prices plummeted from highs of $0.000000204 to around $0.00000000277, a near 100% drop.
How was the rug pull carried out?
Anyone on the BSC or other networks can create a token like Web3Memes. Issuers can then pair such tokens with another popular token, like Tether or BNB, and offer the pair on a decentralized exchange as a way to provide initial liquidity. Instead of third parties or centralized bodies, the procedure is entirely automated and based on smart contracts.
Once the act has been carried out, hackers must cash out the money once it has been taken (permanently moved to malefactors’ accounts). Typically, they send the funds to Tornado Cash, a crypto mixing environment.
Without Tornado-based obfuscation, crypto trading platforms quickly blacklist the attackers‘ addresses, allowing them to sell stolen crypto on crypto-to-fiat exchanges. All addresses engaged in rug pulls are branded on major explorers within minutes of the initial statements about the fraud gaining viral on Crypto Twitter.
Tornado Cash’s history with stolen tokens
Tornado Cash has had a controversial rep off-late when it comes to hackers getting away with stolen tokens. Previously Tornado Cash was used by the hackers who made away with 440 ETH from Bent Finance. PeckShield has warned users to stay away from tokens that are deployed by funds withdrawn from Tornado Cash.