Analysis of Web3Memes events

KingData ·2022-03-07

A security incident happened to Web3Memes, a project deployed on BSC on February 23, 2022. This incident was highly suspected to be a rug-pull.

Here is the basic information about this incident:

The project was deployed on BSC.

The deployer ’s address was 0x0790171f0eC46fc8F2bC0327e3905F55F62D1f00.

The beneficiary’s address was0x5AdBFfa751AbcdFc94d2A81F5657113D37a3494f

The token’s (SuperHeavy) smart contract was deployed at:


The attacker got its gas to launch this attack from Tornado.Cash.

The total exploited assets were 125 BNBs which are valued at around $45,000 at the time of writing.

Here is how the attacker launched the attack:

On Feb 16, 2022, the attacker got 0.05 BNBs from Tornado.Cash as its gas to deploy the SuperHeavy token contract. Note: This token had a function to enable/disable its swap function.

It created a liquidity pair of SuperHeavy/BNB on Pancake and supplied 1 billion SuperHeavys to the liquidity.

On Feb 23, 2022, at around 01:35, the attacker obtained 200 BNBs from Tornado.Cash and supplied 196.9 BNBs and 1 billion SuperHeavy tokens to the SuperHeavy/BNB pair.

The attacker enabled SuperHeavy’s openTrade function and allowed the token to be traded.

On Feb 23, 2022, at around 01:40, the attacker obtained 300 BNBs from Tornado.Cash.

The attacker then did some wash-trading to manipulate the price of SuperHeavy.

On Feb 23, 2022, at around 04:15, the attacker withdrew all the liquidity deployed on Pancake, which amounted to 464.39 BNBs and 420,000,000 SuperHeavy tokens.

The attacker sent some exploited assets including 467.3 BNBs all to the beneficiary address:


The attacker then sent the BNBs

at 0x5AdBFfa751AbcdFc94d2A81F5657113D37a3494f to Tornado.Cash to cash out.

In summary, the attacker obtained 500 BNBs from Tornado.Cash and eventually sent 625 BNBs to Tornado.Cash to cash out. The total exploited assets were around 125 BNBs valued at around $45,000 at the time of writing.

The Web3memes project was deployed 7 days ago, its swap function was enabled today and it was open to the public today. The incident happened in less than 3 hours after it was open andits swap function was enabled. This surprised the community and users.

The team behind the project was anonymous. The gas was from Tornado.Cash. The token contract had both a whitelist and a blacklist. It had functions to enable/disable the swap function. All these features make this project highly suspicious.

A kind reminder to all users from Fairyproof: before participating in a project, please make sure you check if it is audited and if its team is anonymous. In addition, you should be alert to a project which was deployed by using gas from Tornado.Cash.

© The copyright of this article belongs to KingData, and can't be reproduced and used without KingData's permission.