Drainer Steals $91 Million Memecoin with Zero Liquidity: Major Incidents from Past Week

SlowMist estimated the weekly losses at $10.1 million, but the FixedFloat exploit led to much greater damage than initially evaluated, adding $21 million to the final figure.

Sad thief
The drainer was expected to gain $91 million in the attack, but the stolen token turned out to have no liquidity.

Today, the cybersecurity firm SlowMist shared its weekly incident statistics covering the period between February 11 and February 17. SlowMist has mentioned four major exploits affecting FixedFloat, xPET, Miner, and Duelbits that occurred last week, estimating the total losses at over $10.1 million.

Read also: Crypto Crooks Celebrate Valentine’s Day: Duelbits Casino and Miner Exploited

The largest incident reported by SlowMist affected the automatic cryptocurrency exchange FixedFloat, which suffered a theft of 1,700 ETH valued at $4.77 million. However, according to the real-time on-chain security monitoring platform Cyvers, FixedFloat also lost 409 Bitcoin worth $21 million, which increased the total damage experienced by the exchange to almost $26 million.

Yesterday, pseudonymous threat researcher Officer_CIA shared with their X followers the post from another X user, 0xJosh, which included a screenshot of a reply from the FixedFloat team to a customer complaining about a failed transaction. In the message, FixedFloat explained that they had "encountered some minor technical problems" and subsequently "switched the service to maintenance mode." The exact recovery timeframe was not yet known, as stated by FixedFloat.

Still, according to further screenshots of messages from FixedFloat posted by Officer_CIA, the crypto exchange finally confirmed the hack and theft of funds.

"We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate," FixedFloat stated, promising, that "the service will be available soon again."

SlowMist labeled the incident as "mysterious," with no details revealed yet. However, a representative of the Quai Mining Farm, one of FixedFloat's users, shared a concerning dialogue with the FixedFloat support team that reportedly occurred a day before the exploit. In this conversation, the exchange’s team claimed a private key would help the FixedFloat specialists ensure the coins had been sent to their address.

Another significant exploit outlined in SlowMist’s report impacted the Duelbits casino, popular in the crypto community due to its cryptocurrency payment support. Just before February 14th, the casino fell prey to a hacker, which led to approximately $4.6 million in losses. This incident was attributed to a private key compromise.

Last week, cybercriminals also targeted Miner, a Web3 project showcasing avatars and counterparts. Exploiting the "_update" function within the contract, attackers doubled their token balance through malicious transactions, resulting in losses of nearly 168.8 ETH, valued at over $463,000.

Yesterday, ahead of the project's relaunch, Miner shared updates with the community. Miner’s team announced that the project had undergone an audit from Cyberscope and addressed major issues.

"We have decided to change the total supply of $MINER to 10,000 tokens. Consequently, your token balance will automatically become one-tenth of what you previously held. However, the dollar value of your tokens will remain unchanged," Miner shared some of the important changes with its users.

The team behind the project also plans to organize an airdrop after adding liquidity. "We have made every effort to ensure fairness, but there may be edge cases where some individuals do not receive the airdrop as expected," Miner warned the community, adding that in such a scenario, the team "will provide details on which mod you should contact to have your case reviewed."

Another incident highlighted by SlowMist in its weekly security report was the attack on the socialFi platform xPet, resulting in the theft of 91.5 RTH worth nearly $254,000.

According to MichaelTalksTech, the CEO of xPet, the exploit originated from a bug in the functionality allowing swapping from POTION to BPET tokens. This vulnerability allowed the hacker to withdraw excessive amounts of $BPET tokens from the PvP contract after staking their own tokens.

"In conjunction with working closely with third-party partners, we kept the conversation with the exploiter on Twitter message," MichaelTalksTech stated on X, further adding that "On Feb 17th, the exploiter started to reach back and we brought to the table a win-win deal and also made a promise to suspend all the efforts to track him down and clear all future legal action against him."

Subsequently, the stolen funds were returned to their address on the Ethereum mainnet, resulting in the full recovery of the amount.

GeckoTerminal Live Chart
Source: Scam Sniffer, X

Meanwhile, the team behind the Web3 anti-scam solution, Scam Sniffer, detected unusual on-chain activity. According to Scam Sniffer, one of the drainers managed to conduct a transaction involving the YOUC coin worth $91 million. "Wallet drainers became excited after seeing this drainer transaction," the team stated on X. However, unfortunately for the drainer, the cryptocurrency involved in the transaction turned out to be a memecoin.

Scam Sniffer believes there was an issue with the coin’s price, while Web3 fraud researcher SomaXBT assumes Etherscan might be "considering the last trade price to calculate the value of the token."

Read also: Spear Phishing vs Phishing: Most Popular Scam Techniques

Yet, not all incidents recently reported by Scam Sniffer are comical. Thus, yesterday, another cryptocurrency user fell victim to highly popular phishing scams, losing stETH, aUSDC, and exETH worth $864,984. The criminal used a strategy common these days, luring the victim into signing multiple "increaseAllowance" and ERC20 Permit signatures.

Some other incidents reported by Scam Sniffer last week included the loss of BEAM tokens worth $5.17 million on February 16, as well as the theft of $96,164 worth of Uniswap liquidity NFT on February 14. On February 11, the team detected the theft of USDC and USDT worth $416,212 empowered by phishing scams.

Earlier in February, Scam Sniffer shared popular scenarios of phishing scams to educate the crypto community about common threats. The team emphasized the common use of social media platforms to initiate phishing activities.

According to Scam Sniffer, cases of scammers hacking X accounts by SIM swapping or the use of malicious third-party applications are particularly popular in phishing attacks involving X. Moreover, X appears to be a perfect social network for sharing malicious content through comments and mentions.

In the case of Discord, hacks are often conducted through malicious bots or bookmark phishing. It is also possible to use fraudulent invite links on Discord which, once expired, can start a malicious takeover of the platform.

Read also: What is an airdrop? Key things to know about crypto airdrops: earnings, types, scams, risk factors

Furthermore, Scam Sniffer warned the community against airdrop phishing for NFTs and tokens, along with more advanced tactics: scam ads, primarily relying on Google Search ads and X ads, as well as frontend compromises conducted by DNS and supply chain attacks.

Among the most common phishing signatures for tokens, Scam Sniffer mentioned "Increase Allowance," "Permit/Uniswap Permit 2," "Approve/Transfer/Swap," "Apecoin - Withdraw," and "GMX - signalTranfer." For native tokens, these include "SevurityUpdate," "Claim/ClaimRewards," "NetworkMerge," and "Accept/Verify/Connect."