Normie Dumps 99% as Attacker Calls Meme Coin’s Tax Contract a 'Copy-Paste' Job
Attackers exploited a tax function in the token’s code that allowed them to issue more tokens and completely drain liquidity pools.
May 27, 2024 at 7:33 a.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/6QFXMVRJVVDKVH3AINAOKWKMCY.png)
Hyped Base meme coin normie (NORMIE) plunged 99% on Sunday after being hit by an exploit that saw attackers manipulate the token’s total supply, completely draining its liquidity pools.
Blockchain sleuths said attackers exploited a so-called tax function in the token’s contract to issue more tokens than the intended 1 billion supply. The extra tokens were then traded for ether.
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/WMYA77KD5NCUBGUPQDA5H3QQ3U.png)
In an on-chain message late on Sunday, the attacker offered Normie developers a way to receive 90% of the stolen funds back if they agreed to relaunch the project.
“I offer to return 90% of the exploited ETH, keeping 10% as a bug bounty (with no reprisals,” the on-chain message reads. “One condition: it, and the 600 ETH in the dev wallet, are used to fairly launch a new token that is used to reimburse NORMIE holders.”
Six hundred ether is worth nearly $2.3 million at current prices. The move marked one of the first instances of an attacker keeping a project relaunch as a condition to return funds. Normie developers accepted the bounty offer as of early Monday, messages on the project's official Telegram group viewed by CoinDesk showed.
In another on-chain message in Asian morning hours on Monday, the attacker called Normie’s contract code a “copy-paste” job which was likely not thoroughly reviewed by its developers prior to being pushed live.
“This exact code is present in a number of other token contracts, a few of which significantly pre-date Normie. Most meme tokens are simply copy-paste jobs from the same small set of contracts, all with over-complicated tax logic in the transfer function,” the attacker said.
“I suspect this simply a case of them re-using code they didn't thoroughly review,” they added. Before the dump, NORMIE was among the top meme coins on Base with a market capitalization of over $40 million and nearly 90,000 on-chain token holders, as per DEXTools metrics. Normie is slang for a “normal person,” and the Base version was modeled after a blue coloured frog that resembled the popular Pepe the Frog character.
It sits at a market capitalization of just $700 as of early Monday following the exploit.
Meanwhile, at least one NORMIE investor faced a massive loss due to the attack, with their $1.6 million in investment turning to just $150 in seconds.
“Since $NORMIE was exploited, the 11.23M $NORMIE that this trader spent $1.16M to buy is now worth less than $150,” analysis firm Lookonchain posted on X. “He spent $1.16M to buy 11.23M $NORMIE at $0.1035 from Mar 25 to Apr 9 and has held it until now without selling it.”
Normie’s X has been suspended as of early Asian hours on Monday.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/6c6bb5af-692c-4fcf-9f8b-a75d0549effd.png)
Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.