Hacking memecoins.
Part 1. What's wrong with the latest #memecoins?
In April-May #PEPE has piloted a very simple yet effective token distribution model using Uniswap v2 pools, which helped the memecoin hit nearly $2 billion market cap just 3 weeks after its launch, turning its early investors into multi-millionaires overnight. The similar token distribution model has been used by hundreds of copycat memecoins since PEPE's debut.
Let's have a quick look at this model:
- Almost all tokens are supplied to the liquidity pool paired against ether (ETH). In case of PEPE, it was paired with 2 ETH worth around $4,200 at the time of deployment.
https://www.ethvm.com/tx/0x273894b35d8c30d32e1ffa22ee6aa320cc9f55f2adbba0583594ed47c031f6f6
- Since centralized exchanges (CEXs) usually ask for a hefty sum of money as "listing fees", a portion of all tokens is saved in a multisig wallet to pay for CEX listings and other expenses like marketing. PEPE claimed to reserve 6.9% of the supply for such purposes.
- Liquidity Provider tokens (LPs) that represent a share in the TOKEN/ETH pool are burnt by sending them to a special null address or to a contract address itself, which ensures that the contract deployer cannot withdraw tokens supplied to the liquidity pool.
- The ownership of the token contract is renounced to make sure that the owner cannot withdraw any funds from the contract or execute any functions that can potentially hurt users.
- Discord, Twitter, Telegram and a website are used to spread the information about the project.
While this approach to token distribution looks very robust and many post-PEPE memecoins followed the same strategy with mild variations, it has major problems:
- The coin is very vulnerable to centralization in the hands of a few early adopters. For example, after the first liquidity has been added to the PEPE/ETH pool, it took just 2 ETH worth around $4,200 to buy almost half of the total supply of all PEPE tokens. To protect the token in the first few days of its distribution, developers added a blacklisting function so they can freeze the funds of certain addresses. However, that added unnecessary complexity, introduced attack vectors for exploits and legal persecution, and didn't really protect from insiders buying most of the token supply in small chunks using different addresses.
- Centralized exchanges end up controlling a large portion of token's total supply, which can be used to attack the project. At the time of writing, 20% of all PEPE tokens is held in only one wallet that belongs to Binance, which had previously used STEEM tokens of its customers without their consent in order to help a sophisticated adversary take over the STEEM blockchain.
https://www.ethvm.com/token/0x6982508145454ce325ddbe47a25d4ec3d2311933?t=holders
- Discord, Twitter, and Telegram are centralized web2 services that can censor projects and require an account to read messages. A website hosted on centralized hosting services can be shut down and a domain name can be seized.
- Lastly, a lot of recent memecoins are used as a gambling tool because many developers and early investors have a tendency to move to other projects after selling their tokens during a major pump.
In the next part we will look at how BLOOD is different from other memecoins.
Learn more about BLOOD and VAMPIRES:
ipns://darkvegas.eth
https://darkvegas.eth.limo
darkvegas /
npub1c7…n5zen
2023-07-11 06:14:41
Author Public Key
npub1c7atcdzugulqq2x8cufyycs593pmlcg85zl7gfrrgza4gyazcnqsdn5zenSeen on
wss://relay.nostr.bandPublished at
2023-07-11 06:14:41Event JSON
{
"id": "7e59294862d6ac0f03ec4dd859c4398e5600895798e223bfbdd9c2185a851604",
"pubkey": "c7babc345c473e0028c7c7124262142c43bfe107a0bfe4246340bb5413a2c4c1",
"created_at": 1689056081,
"kind": 1,
"tags": [
[
"t",
"memecoins"
],
[
"t",
"pepe"
]
],
"content": "Hacking memecoins.\n\nPart 1. What's wrong with the latest #memecoins?\n\nIn April-May #PEPE has piloted a very simple yet effective token distribution model using Uniswap v2 pools, which helped the memecoin hit nearly $2 billion market cap just 3 weeks after its launch, turning its early investors into multi-millionaires overnight. The similar token distribution model has been used by hundreds of copycat memecoins since PEPE's debut.\n\nLet's have a quick look at this model:\n\n- Almost all tokens are supplied to the liquidity pool paired against ether (ETH). In case of PEPE, it was paired with 2 ETH worth around $4,200 at the time of deployment.\n\nhttps://www.ethvm.com/tx/0x273894b35d8c30d32e1ffa22ee6aa320cc9f55f2adbba0583594ed47c031f6f6\n\n- Since centralized exchanges (CEXs) usually ask for a hefty sum of money as \"listing fees\", a portion of all tokens is saved in a multisig wallet to pay for CEX listings and other expenses like marketing. PEPE claimed to reserve 6.9% of the supply for such purposes.\n\n- Liquidity Provider tokens (LPs) that represent a share in the TOKEN/ETH pool are burnt by sending them to a special null address or to a contract address itself, which ensures that the contract deployer cannot withdraw tokens supplied to the liquidity pool.\n\n- The ownership of the token contract is renounced to make sure that the owner cannot withdraw any funds from the contract or execute any functions that can potentially hurt users.\n\n- Discord, Twitter, Telegram and a website are used to spread the information about the project.\n\nWhile this approach to token distribution looks very robust and many post-PEPE memecoins followed the same strategy with mild variations, it has major problems:\n\n- The coin is very vulnerable to centralization in the hands of a few early adopters. For example, after the first liquidity has been added to the PEPE/ETH pool, it took just 2 ETH worth around $4,200 to buy almost half of the total supply of all PEPE tokens. To protect the token in the first few days of its distribution, developers added a blacklisting function so they can freeze the funds of certain addresses. However, that added unnecessary complexity, introduced attack vectors for exploits and legal persecution, and didn't really protect from insiders buying most of the token supply in small chunks using different addresses.\n\n- Centralized exchanges end up controlling a large portion of token's total supply, which can be used to attack the project. At the time of writing, 20% of all PEPE tokens is held in only one wallet that belongs to Binance, which had previously used STEEM tokens of its customers without their consent in order to help a sophisticated adversary take over the STEEM blockchain.\n\nhttps://www.ethvm.com/token/0x6982508145454ce325ddbe47a25d4ec3d2311933?t=holders\n\n- Discord, Twitter, and Telegram are centralized web2 services that can censor projects and require an account to read messages. A website hosted on centralized hosting services can be shut down and a domain name can be seized.\n\n- Lastly, a lot of recent memecoins are used as a gambling tool because many developers and early investors have a tendency to move to other projects after selling their tokens during a major pump.\n\nIn the next part we will look at how BLOOD is different from other memecoins.\n\nLearn more about BLOOD and VAMPIRES:\nipns://darkvegas.eth\nhttps://darkvegas.eth.limo",
"sig": "fa9e9e881153d2d3a45a0e404f8f551a22c1f624c9c2171e258b9af9dca7cc65482d3a87039251dc5152be06bcdd2fb951e22ee68e512b0a2ad388668ad48d36"
}