Meme trading platform suffers a major cyber attack, losses could reach hundreds of millions of dollars

As of November 17, a certain data platform's statistics on major cryptocurrencies show:

The discussion volume for Bitcoin last week was 18.23K times, a decrease of 13.67% compared to the previous week; the price on Sunday was $91,956, an increase of 13.2% compared to the previous week.

The discussion volume on Ethereum last week was 4.27K, a decrease of 26.98% compared to the previous period; the price last Sunday was $3134, a decrease of 2% compared to the previous period.

The discussion volume for TON last week was 777 times, a decrease of 3.63% compared to the previous week; the price on Sunday was $5.52, an increase of 0.2% compared to the previous week.

In the late night of November 16, a decentralized trading platform focused on Meme tokens suffered a severe cyber attack, resulting in a large amount of user assets being illegally transferred. Preliminary estimates suggest that the platform may have lost up to hundreds of millions of dollars, with specific figures still under investigation. Web3 security expert Yu Xian pointed out that user private key information has been leaked, but the specific leakage channel is still to be investigated. This incident has caused a significant blow to the recently active on-chain Meme market, once again raising concerns about the security of on-chain assets.

Is the platform suspected of embezzlement? Latest developments

The trading platform holds an important position in the Meme sector, providing comprehensive services such as trading, liquidity, launch, staking, and lending for Meme tokens, with daily trading volume consistently ranking among the top in decentralized exchanges. Theoretically, as a platform that operates through smart contracts, users should manage their asset private keys themselves, which should be more secure. So where exactly is the problem?

A certain blockchain security company has detected the following serious security vulnerabilities on the platform:

1. Non-custodial platform that records user private keys; if the system is attacked, hackers can easily obtain the private keys to steal assets.
2. When users export their private keys without encryption measures, the private keys are transmitted in plaintext, making them easy to intercept.

The platform founder Roy responded to the concerns about his disappearance on social media on the 17th, stating "Due to special reasons, I am temporarily unable to provide updates and need more time to handle this." Previously, the official statement indicated that the team is working hard to resolve the issues, assuring that there will be no escape and that progress will be reported in a timely manner. Roy also stated that he will provide compensation and has isolated some users.

However, as the amount stolen continues to increase, most users' trust in the platform has plummeted, suspecting that this is an inside job. The community has discovered that when exporting private keys, the private keys are presented in plaintext, meaning that users' private keys are actually stored on the official server. If the communication is not encrypted, attackers may intercept the private keys during transmission.

Additionally, wallet applications have pointed out that the platform has repeatedly requested "upload user clipboard content" permission, which may have uploaded users' clipboard content. Users are advised to transfer their assets as soon as possible if they have copied private keys or mnemonic phrases on their phones.

Impact of Meme Tokens on the Market and Future Outlook

According to market data, affected by this event, many Meme tokens have experienced varying degrees of decline:

• BAN fell by about 30%
• LUCE has dropped by about 20%
• PNUT dropped by about 12.5% at most.

It is worth noting that this hacker attack is not over yet. If the platform's security team fails to resolve the issue in a timely manner, user assets still face the risk of being stolen. As of the 17th, based on information from over 500 victims, the confirmed stolen amount is at least 13 million dollars. The actual losses may far exceed this amount, as a large number of recently popular meme tokens and SOL have also been stolen, in addition to stablecoins.

A certain Web3 security team has stated that they have collected approximately 2,800 victim addresses and analyzed over 9,000 stolen transactions. Currently, the stolen funds are still stored in addresses controlled by hackers, with no signs of transfer. This means that the hackers have not yet revealed their ultimate intentions, and the stolen Meme tokens could be sold off at any time. Coupled with the unique FOMO sentiment in the Meme market, this could have an immeasurable impact on the entire cryptocurrency market.

How to Safely Custody Funds?

In light of the frequent security incidents in the Meme domain, users should take the following measures to protect their assets:

1. Use hardware wallets to store major assets, such as Ledger, Trezor, etc., and ensure that the firmware is up to date.
2. Distribute storage assets to avoid concentrating them in a single address or exchange.
3. Choose a verified decentralized custody solution, such as a multi-signature wallet.
4. Review the security measures of the exchange or platform and understand its fund custody mechanisms.
5. Consider purchasing crypto insurance against hacking attacks.

Other security recommendations:

• Be cautious of recommendations from others and conduct in-depth research on the product mechanisms.
• Give priority to automated tools with a long operating time and a strong team.
• Be wary of scams on social platforms, do not click on unknown links.
• Transfer funds to a self-controlled wallet promptly after large transactions.

Finally, it is recommended to reread "The Blockchain Dark Forest Self-Help Manual" and always prioritize security in the blockchain world.