The Doge-inspired memecoin protocol, Based Doge (BOGE), on the Base network, fell victim to an exploit on May 27, as confirmed by the team. The attack was described as “the same as Normie,” indicating that the attacker used a similar vulnerability to the recent Normie exploit.
The team expressed their regret in reporting the attack on X, stating, “We regret to inform you that BOGE was recently compromised by a hacking incident (the same as Normie).”
Source:
BOGE on Base
Normie
was exploited on May 26, the day before the Based Doge attack.
Based Doge is a project that draws inspiration from the Doge meme and has introduced a Web3 video game called “FlappyBoge.” They also have plans to release a collection of nonfungible tokens.
According to the team’s post, they will take a snapshot of the current token balances and relaunch the project to compensate all the victims of the attack.
Blockchain data reveals that at 5:48 pm UTC on May 27, an account ending in bAOC initiated over 120 transactions on Base. Each transaction involved the transfer of hundreds of thousands of BOGE tokens into the account, resulting in a total of approximately 91.4 million BOGE.
Exploit draining BOGE tokens. Source: Basescan
In each transaction, the attacker called an unverified function on a smart contract located at an address ending in 1a42. Since the contract is unverified, the code for this function cannot be read by humans.
Immediately after acquiring the 91.4 million BOGE tokens, the attacker exchanged them for roughly 4.47 Ether (ETH), equivalent to around $16,926 at the time.
Although the attacker’s gains were relatively small, the impact on the price of BOGE was significant. Prior to the attack, BOGE was valued at $0.002983, with a total coin supply of 1 billion, according to CoinMarketCap. This indicated a market capitalization of approximately $2.9 million.
As a result of the attack, the price plummeted to 0.000072, causing the 1 billion existing coins to lose over $2.8 million in value.
An analysis conducted by Neptune Mutual, a Web3 insurance provider, revealed that the previous Normie attack was caused by a flawed “get_premarket_user” function. This function allowed a user to mint new tokens if they were either a premarket user or had the same balance as the deployer wallet. The attacker executed trades until their balance matched that of the deployer wallet, granting them the status of a “privileged user” with the ability to mint new tokens.
Once they had the authority to mint tokens, they created over 170,000 Normie tokens and dumped them on the market, resulting in losses exceeding $800,000.
Related:
A memecoin trader suffers a loss of over $1 million following the Normie exploit.
Smart contract exploits continue to pose risks for cryptocurrency users. On May 17, an attacker drained $20 million from the DeFi protocol Sonne Finance. On the same day, a former employee of the Solana memecoin platform Pump.fun allegedly exploited the protocol using privileged access. The alleged attacker claimed to have been arrested by U.K. police in connection with the incident.