Normie Dumps 99% as Attacker Calls Meme Coin’s Tax Contract a 'Copy-Paste' Job

Attackers exploited a tax function in the token’s code that allowed them to issue more tokens and completely drain liquidity pools.

AccessTimeIconMay 27, 2024 at 7:33 a.m. UTC
Updated May 27, 2024 at 7:49 a.m. UTC

Hyped Base meme coin normie (NORMIE) plunged 99% on Sunday after being hit by an exploit that saw attackers manipulate the token’s total supply, completely draining its liquidity pools.

Blockchain sleuths said attackers exploited a so-called tax function in the token’s contract to issue more tokens than the intended 1 billion supply. The extra tokens were then traded for ether.

NORMIE prices plunged 99% after an exploit targeting a tax function in its code. (DEXTools)
NORMIE prices plunged 99% after an exploit targeting a tax function in its code. (DEXTools)

In an on-chain message late on Sunday, the attacker offered Normie developers a way to receive 90% of the stolen funds back if they agreed to relaunch the project.

“I offer to return 90% of the exploited ETH, keeping 10% as a bug bounty (with no reprisals,” the on-chain message reads. “One condition: it, and the 600 ETH in the dev wallet, are used to fairly launch a new token that is used to reimburse NORMIE holders.”

Six hundred ether is worth nearly $2.3 million at current prices. The move marked one of the first instances of an attacker keeping a project relaunch as a condition to return funds. Normie developers accepted the bounty offer as of early Monday, messages on the project's official Telegram group viewed by CoinDesk showed.

In another on-chain message in Asian morning hours on Monday, the attacker called Normie’s contract code a “copy-paste” job which was likely not thoroughly reviewed by its developers prior to being pushed live.

“This exact code is present in a number of other token contracts, a few of which significantly pre-date Normie. Most meme tokens are simply copy-paste jobs from the same small set of contracts, all with over-complicated tax logic in the transfer function,” the attacker said.

“I suspect this simply a case of them re-using code they didn't thoroughly review,” they added. Before the dump, NORMIE was among the top meme coins on Base with a market capitalization of over $40 million and nearly 90,000 on-chain token holders, as per DEXTools metrics. Normie is slang for a “normal person,” and the Base version was modeled after a blue coloured frog that resembled the popular Pepe the Frog character.

It sits at a market capitalization of just $700 as of early Monday following the exploit.

Meanwhile, at least one NORMIE investor faced a massive loss due to the attack, with their $1.6 million in investment turning to just $150 in seconds.

“Since $NORMIE was exploited, the 11.23M $NORMIE that this trader spent $1.16M to buy is now worth less than $150,” analysis firm Lookonchain posted on X. “He spent $1.16M to buy 11.23M $NORMIE at $0.1035 from Mar 25 to Apr 9 and has held it until now without selling it.”

Normie’s X has been suspended as of early Asian hours on Monday.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.

Read more about