The BNB Chain-based memecoin launch platform, Four.Meme, has resumed its operations after falling victim to a sandwich attack that resulted in an exploit of approximately $120,000. 

In a March 18 post on X, Four.Meme announced that its launch function was back online after conducting a thorough security inspection and resolving the issue. The platform had temporarily suspended the function to investigate the attack, stating that it was “under attack.” 

“The launch function has now been restored following an extensive security review. Our team has addressed the vulnerability and strengthened system security. Compensation for affected users is in progress,” the Four.Meme team stated.

?? Update from https://t.co/IRnIR1BwDd ??

The launch function has now been resumed after a thorough security inspection. Our team has addressed the issue and reinforced system security.

Compensation for affected users is underway. If you haven’t submitted your claim yet, please… https://t.co/CV7JlmJC5V

— Four.Meme (@four_meme_) March 18, 2025

Web3 security firm ExVul, in its own March 18 post on X, explained that the exploit was a form of market manipulation known as a sandwich attack, which allowed the attacker to steal $120,000. 

According to ExVul, the attacker “pre-calculated the address for creating the liquidity pool’s trading pair” and used a platform function to purchase tokens, effectively bypassing Four.Meme’s token transfer restrictions. 

“The hacker then waited for Four.Meme to add liquidity to the transaction, ultimately draining the funds,” ExVul noted. 

After careful analysis, we found out that https://t.co/7EROxVMiVX @four_meme_ was hit by Sandwich Attack, Losing Approximately $120K

This incident was a classic sandwich attack. The hacker pre-calculated the address for creating the liquidity pool's trading pair and utilized… pic.twitter.com/KKAHXvk3xf

— ExVul (@exvulsec) March 18, 2025

Blockchain security firm CertiK reached a similar conclusion and said, explaining that the attacker manipulated the price by sending an unbalanced amount of un-launched tokens to pair addresses before the trading pair was created. This allowed them to exploit the system and sell the tokens at launch for a profit. 

“For instance, in the case of the SBL token, the attacker preemptively sent a small amount of SBL to a pre-calculated pair address, then leveraged the add liquidity transaction at launch to secure a profit of 21.1 BNB,” CertiK reported. 

1/ In this case of SBL token for example, the attacker sent a bit of SBL token to the pre-calcualted pair address in advance, then profited 21.1 BNB by sandwiching the add liquidity transaction at launch. pic.twitter.com/E0bcity5bR

— CertiK Alert (@CertiKAlert) March 18, 2025

As a result of this strategy, the attacker managed to acquire at least 192 BNB, valued at around $120,000, which they later transferred to the decentralized crypto exchange FixedFloat, according to CertiK.

This incident serves as a reminder of the inherent risks associated with DeFi platforms, particularly those involved in the volatile memecoin market. Security audits and ongoing vigilance are crucial for mitigating such vulnerabilities. This event also shows the speed at which exploits can occur, and the need for crypto platforms to be ready to react, and to compensate those that are effected.