The crypto world witnessed another brutal hit as Normie (NORMIE), a popular meme token, crashed by a staggering 99.8% in minutes after a devastating flash loan attack. This attack on Normie, once again, highlights the risk associated with the decentralized finance (DeFi) space, especially with meme coins.
Also Read: Marathon Digital To Transform Kenya’s Renewable Energy
The hacker’s strategy was brutally effective. By exploiting the contract’s tax mechanism, they inflated the token supply, causing a massive drop in NORMIE’s price. Within a couple of hours, the token’s value was nearly wiped out.
NORMIE Suffers a Flash Loan Attack
On May 26, 2024, an unknown hacker, conducted a flash loan attack and exploited a loophole in NORMIE’s contract tax mechanism. This allowed the hacker to borrow a large amount of cryptocurrency without collateral, manipulate the token’s supply, and repay the loan in the same transaction.
Also Read: Experts Don’t Have Confidence in Ethereum Like They Do Bitcoin
The instant nature of blockchain transactions facilitated this attack, rapidly increasing NORMIE’s token supply. The manipulation plummeted the token’s price by more than 99%, reducing its market value from $40 million to less than $200,000.
Normie Team Negotiates With the Hacker
Just this morning, the Normie project team announced that the hacker had contacted them and agreed to return 90% of the stolen funds. The team plans to use these funds to relaunch the project and rectify the situation. In their official statement, they said:
The team also urged affected token holders to register for a snapshot to receive compensation. They tweeted, “If you were affected in the latest exploit you may now register for the snapshot. We will be taking on entries until the end of May. Everyone who was a holder and registers will be airdropped on the new contract.” Shortly after, the team’s X account was suspended.
Expert Details How The Attack Happened
On-chain analyst, Golden Degen, provided insights into the NORMIE exploit. Degen said the attack started when the exploiter’s wallet was funded through the Secret Network. In a detailed post, he explained the exploit process: “Secret Network funded the exploiter’s wallet. The NORMIE contract had a premarket user map that bypasses checks within the swapAndLiquify function, allowing tokens to be minted and sold.”
The expert highlighted the flaw in the contract, stating, “The dumb contract only checks if your token balance is the same as the team wallet, and if it is, you can mint tokens. The exploiter bought/sold NORMIE tokens to have the same amount of tokens as the team wallet, and started minting tokens and selling them on the open market.”
The best thing they could do is relaunch the coin, hire an actual dev to build the contract and not some Fiverr dev, and relaunch NORMIE, and snipe most of the supply at launch and control it to stop snipers.
Golden Degen
Additionally, Degen mentioned the possibility of blacklisting the exploiter’s wallet as a last resort if relaunching is not feasible. He emphasized that proper contract design and rigorous security measures are important to prevent such exploits.
Cryptopolitan reporting by Jai Hamid