EPIC Meme Coin HACK (Not So Safemoon)
Everyday on this channel, I show you how to make money in crypto. If you like money and crypto, make sure to hit that subscribe button. Today, we’re going to discuss a crippling bug in the biggest memecoins and how you can avoid getting wrecked. Before we get into it though, make sure to enter the 5 ETH to 5 Million giveaway. We’re almost there growing the BitSquad to 5 million people across the Interwebs. You can get in on the action. We’re giving away 5 Ethereum, $1,000 in Cardano, XRP, VeChain and MATIC. Click the gleam.io link in the description to enter for your chance to win. Look, folks. I don’t like memecoins. That’s pretty obvious. In fact, you can watch this video here for a breakdown on the worst of them. But I’m not alone. A lot of crypto OGs aren’t fans either. In fact, even the Russ Hanneman of crypto himself, Richard Heart, preached about SafeMoon and that it is a fork of an old Ponzi project known as Proof of Weak Hands or reflection tokens. It’s the same basic concept. Buyers get taxed and sellers get taxed. Those that hold get rewarded based off of how much of the supply they actually hold. So if you got in super early, you’ll get rewarded more than if you just got in now.
Again, SafeMoon is literally the definition of a Ponzi scheme. New buyers pay those already involved with a percentage of transaction fees an old user sell out. But if the buying stops, then you’re not only left holding your current bag, but you will no longer receive rewards. Like the stock market. However, this isn’t about SafeMoon being potentially one of the world’s biggest Ponzi since Plus Token. This is about a massive exploit to steal funds from its contract and from any reflection or redistribution tokens contract. With that out out of the way, what if I told you that along with crypto security team CEEZEE SAFU and SatoshiStreetBets, BitBoy Crypto has uncovered an exploited Safemoon’s contract. This exploit allows you to capture liquidity pool rewards and sell them all without ever owning the token. This in turn allows an exploiter to drain not only SafeMoon but every fork iteration of it. We’ll get to that list in a bit, but first, allow me to explain this a little more thoroughly.
This exploit allows the siphoning of tokens from holders without their knowledge. CEEZEE recently wrote on Medium, “During our investigation, we identified a series of unexplainable micro-sells that are either unnoticed or written off as bots manipulating buys/sells (e.g., front-running). Going down this rabbit hole is tricky as you will stand in confusion with how there had been a sell when the person never held the token.” While that sounds crazy, it’s actually possible to create a bot that can catch the auto-reflection to the liquidity pair, sell it against the BNB pair and ultimately steal that BNB all without ever owning the token being attacked. That’s the equivalent to going in the bank, robbing it, then turning around and selling that worthless fiat back to the bank in exchange for gold. It’s a pretty nuanced exploit. Here are some of the suspicious micro transactions in question on DEXTools. So you’re probably asking, “Who sells that little?” When tracking one of these exploit sells, it becomes apparent that this address never actually held any tokens at all. So that establishes this isn’t a front-run bot as front-run bots purchase right before your transaction goes through to push the price higher and then sell to you. We’ll use this specific address on the screen to illustrate and show the exploit. You can check the wallet balance or the BEP-20 transactions for yourself and see how it shows this address never held any of the token. When you look a little deeper at the transaction hash, it becomes more clear that there was a sell that took place engaging with the token, yet it’s selling the token on the market to recoup some BNB.
So, how did it sell something it never had? This is hedge fund levels of graft. This exploit is hard to spot, but we know that it uses the infamous miner extractable value (MEV) exploit. It calls a function in the reflection token contract. With that said, unless you’re a trained blockchain coder, you won’t be able to pull this off because you need to write a bot that executes the call in the contract and MEV exploit at the same exact time. Take a look at these three transaction hashes showing other projects being exploited in this manner. You can clearly see that it has been targeted and engaged with. When we explore the wallet address, these exploits are tied to even further. We can see this is being done to several projects snatching up small amounts of BNB. This all adds up in the end. And this is being done on a large scale to hundreds if not thousands of projects. Don’t miss the fact that SafeMoon has already been exploited with millions of dollars stolen. And it will happen again. So, what are other projects that are affected by this attack other than SafeMoon? Well, here’s a partial list. EverRise PooCoin SafeMars Bonfire Safe Shepherd ApeSwap Dogefather ELONGATE and several more we’ll have listed in the description. But as a rule of thumb, if the project has a built-in reflection token or some kind of payback mechanism to HODLers, it’s probably susceptible to this exploit. While memecoins are fun, and I’m not going to say that you can’t make money off of them because people have, just like the lottery though, just because people win the lottery doesn’t mean it’s sound financial practice. In fact, this is financial advice. Don’t play the lottery. Whew! I feel a lot better telling you that. Fact is these memecoins are 99% just pump-and-dumps, and most serve no real purpose. Very few memecoins will be around in the future as they have no use case. They’re just a fad. And once that trend is over, they will drop to zero or close to it during the bear cycle. The other problem is that most are just forks of other coins, which means that if the original contract or code is not audited and safe, the fork project will have the same issues. This is one reason that you shouldn’t just throw your money at random projects. The other reason is malicious contracts that will steal all your funds in MetaMask when you connect your wallet to their contract. But more on that in another video. So, how do projects fix their contracts to prevent this exploit from happening to their coin? Simple solution is to blacklist the liquidity pair from the auto-reflection or auto-redistribution of the contract. However, there’s one key problem with many of these coins. The creators or founders including SafeMoon have renounced ownership of the contract in good faith to appeal to the community as not being a rug pull. Although this is seen as a positive thing, by doing so, they’ve actually left themselves wide open for this attack and others which allows consistent sell pressure without a way to intervene. I hope this is a lesson for you all. SafeMoon and its forks with redistribution of rewards are anything but safe. A renounced contract is a dead contract. Please understand that when a contract is renounced, simple problems like this can never be fixed, leaving you as a pawn to the scammers. The other lesson here is never trust something that has “safe” in its name. Once again, thanks so much to CEEZEE SAFU and SatoshiStreetBets for working with us to get this information out to the public. That’s all I got. Be blessed. BitBoy out.