Aurox CEO Giorgi Khazarade discovered that a hacker has been draining remaining liquidity from abandoned Meme token pools, leaving few victims in these attacks.

The attacker used a flash loan from the DeFi protocol Balancer to borrow a large amount of funds, and then redirected these funds to increase the quantity of the selected token pool. Once the capacity of the pool increased, the attacker drained the remaining liquidity from the pool and returned the tokens borrowed from the flash loan.

Khazarade noted that in the CATOSHI exploit (on-chain data shows that it was 29 days ago), the hacker borrowed approximately $184 million in wETH through a flash loan and used approximately $1 million of this loan to purchase CATS. According to the token economics, every time someone trades CATOSHI tokens, token holders will receive a 3% redistribution reward. After purchasing more than 166,000 CATS, the attacker bridged the tokens to the BNB chain and subsequently sold the tokens for approximately 10 BNB, with a total profit of $3,000 to $4,000, and the remaining funds were used to repay their flash loan.

The hacker also launched similar attacks on the IMMORTAN token several times to drain the liquidity pool of about $2,000 to $3,000. The hacker also extracted $4,000 in ETH from CATS V3. A project called CRAB also had $2,000 in ETH cleared from its pool. Just yesterday, the hacker used a similar method to extract nearly $30,000 in ETH liquidity from WEEB.

Khazarade said: "I'm not 100% sure, but it seems that attackers often deploy malicious smart contracts to abuse various tokens and drain their liquidity. Some seem to be specialized to attack only a single token, while other contracts can target various tokens, perhaps because these tokens use some template code with the same vulnerability." (Blockworks)