Normie Meme Coin Holders Left in Limbo After Major Exploit

The hacker agreed to return 90% of the stolen funds if the Normies team uses it to launch a new token that will refund the almost 72,000 holders that were impacted by the hack.

The crypto community is reeling after the recent security breach involving the meme coin Normie (NORMIE). The exploit caused Normie’s market cap to plummet by $41.7 million and its price to drop by more than 90%. The hacker proposed to return 90% of the stolen tokens if Normie's team agreed to their terms, including launching a new token to refund those who were affected by the exploit. Meanwhile, another meme coin project, CAT, was implicated in hacking a crypto influencer's X account to manipulate prices.

Normie Navigates Hacker Demands

The crypto community has been shaken by a major security breach involving Base meme coin Normie (NORMIE), which resulted in a $41.7 million drop in its market cap and a staggering 90+% drop in the meme coin’s price. The breach happened because of a smart contract vulnerability that was already identified in March, and was first detected by blockchain analytics firm Lookonchain on May 26.

Shortly after the exploit, the hacker reached out through an on-chain message to Normie's deployer address, and offered to return 90% of the stolen tokens if Normie's team agreed to the hacker's terms that the funds, combined with $2.3 million from their development wallet, be used to launch a new token that will reimburse the affected NORMIE holders. The hacker also demanded that the new token should be launched before the return of the funds.

While these negotiations were happening, Normie's social media presence was hit with suspensions, first on their main account and then on a temporary one created afterwards.

The price of NORMIE plunged from $0.32 to a low of $0.0016, which ended up erasing almost all of its market value. There was, at least, a slight $200,000 recovery to its market cap.

As things stands, any resolution for the 72,000 impacted holders is still very uncertain as no clear timeline for recovery has been made public. Dinho, an administrator from the official NORMIE Telegram group, was also unable to actually confirm when or if the stolen funds might be returned to the holders.

Trader Loses $1M in Normie Exploit

One unfortunate trader was hit especially hard by the Normie exploit as he lost over $1 million in digital assets. The trader invested $1.16 million to buy 11.23 million NORMIE, and the investment was made between Mar. 25 and Apr. 9 at an average price of $0.1035 per coin. Unfortunately, the value of these coins plummeted by over 90%, leaving the investment worth only $150.

Unfortunately, those impacted by the Normie exploit still have a target on their backs. After the Normie team apparently accepted the hacker’s demands of launching a new token to refund holders on May 27, X was flooded with fake posts falsely claiming the relaunch of the new Normie token. These fraudulent posts are designed to trick people into clicking on malicious links.

What Exactly are Meme Coins?

Meme coins are a type of cryptocurrency characterized by their vibrant online communities and often whimsical themes. They are also frequently associated with animated characters or animal memes.

Some of the more well known examples of meme coins include Dogecoin (DOGE) and Shiba Inu (SHIB), which have achieved massive market caps. Other meme coins, like Bonk, Pepe, Floki, and Dogelon Mars are a bit less well-known, but also have some pretty impressive market values.

Unlike major cryptos like Bitcoin (BTC) and Ethereum (ETH), meme coins are used mostly as trading instruments rather than for specific blockchain functionalities.

These meme coins operate on blockchain technology, and many use well established blockchains.SHIB, for example, is an ERC-20 token running on the Ethereum blockchain. However, unlike utility cryptos that serve specific purposes in their ecosystems, meme coins often lack inherent utility. For example, ETH is used to compensate validators on the Ethereum network, a function meme coins typically do not have.

The meme coin market is extremely volatile and risky. According to CoinMarketCap, there are well over 1,000 meme coins listed, but many of these are inactive and essentially worthless.These coins are mostly considered to be speculative investments and are sometimes likened to pump-and-dump schemes.

While some may start as jokes or social experiments, they can still attract a lot of investor interest and capital, leading to unpredictable and often sharp fluctuations in their value.

Meme Coin Team Linked to Influencer Hack

Meme coin projects are not only hacking victims, but it seems like in some cases they are actually the hackers. An investigation has linked the team behind the newly launched meme coin CAT to a recent hack of a crypto influencer's account.

Pseudonymous investigator ZachXBT revealed that the Sol team, who are the creators of the Solana-based memecoin CAT, compromised the X account of crypto influencer Gigantic-Cassocked-Rebirth (GCR) on May 26 to manipulate the prices of specific coins.

The Sol team also reportedly manipulated their coin launch on May 24 to gain control of over 63% of the CAT supply. They then sold more than $5 million worth of CAT and divided the profits across multiple wallets. Some funds were deposited into Hyperliquid for trading.

Just before the hack, the exploiters opened long positions worth $2.3 million on ORDI and $1 million on Ether.fi (ETHFI), betting that the prices of these assets would rise. Then, using GCR's hacked account, the attackers posted about ORDI, temporarily spiking the token's price and netting about $34,000.

A second post targeting ETHFI did not yield the same result, and ended up costing the attackers $3,500 before the position was closed.

The breach of the influencer's account was caused by a SIM swap attack. During these attacks, a scammer tricks a mobile carrier into transferring the victim's phone number to a new SIM card that is controlled by the scammer.

Exploit Victim Recovers 80% of Stolen Funds

Sometimes, exploit victims still get lucky. A victim who lost 1,807 liquid staked Ether (ETH) worth $6.91 million on May 26 managed to recover a big portion of the stolen funds. The victim was targeted by the phishing group Inferno Drainer, which used a permit offline authorization signature to steal almost $7 million in ETH re-pledged assets. The victim got back 80% of the stolen amount, with the scammers keeping a 20% bounty.

The attack was a permit phishing attack, where a malicious actor generates an authentic off-chain authorization signature to transfer ERC-20 tokens from a wallet not owned by them. This exploit is made possible because of a feature in Ethereum permits introduced through EIP-2612 that allows users to interact with smart contracts without prior authorization. If users have compromised their wallet signatures on phishing websites, scammers can use the permit function to steal tokens from their wallets.

While most people in the crypto community are happy that the victim was able to recover at least some of their stolen funds, not everyone was very sympathetic to the victim.

DeFi investigator ZachXBT questioned the victim's carelessness and also pointed out that the same person was phished last year for $638,000 and again this year for $6.9 million. So far, cryptocurrency-related scams have risen by 53% over the past year. According to FBI reports, cryptocurrency-related investment fraud accounted for 86% of all investment losses in the United States in 2023.