images

Blog Details

Normie Dumps 99% as Attacker Calls Meme Coin’s Tax Contract a 'Copy-Paste' Job

blog

Attackers exploited a tax function in the token’s code that allowed them to issue more tokens and completely drain liquidity pools.


Hyped Base meme coin normie (NORMIE) plunged 99% on Sunday after being hit by an exploit that saw attackers manipulate the token’s total supply, completely draining its liquidity pools.

Blockchain sleuths said attackers exploited a so-called tax function in the token’s contract to issue more tokens than the intended 1 billion supply. The extra tokens were then traded for ether.


In an on-chain message late on Sunday, the attacker offered Normie developers a way to receive 90% of the stolen funds back if they agreed to relaunch the project.


“I offer to return 90% of the exploited ETH, keeping 10% as a bug bounty (with no reprisals,” the on-chain message reads. “One condition: it, and the 600 ETH in the dev wallet, are used to fairly launch a new token that is used to reimburse NORMIE holders.”

Six hundred ether is worth nearly $2.3 million at current prices. The move marked one of the first instances of an attacker keeping a project relaunch as a condition to return funds. Normie developers accepted the bounty offer as of early Monday, messages on the project's official Telegram group viewed by CoinDesk showed.

In another on-chain message in Asian morning hours on Monday, the attacker called Normie’s contract code a “copy-paste” job which was likely not thoroughly reviewed by its developers prior to being pushed live.


“This exact code is present in a number of other token contracts, a few of which significantly pre-date Normie. Most meme tokens are simply copy-paste jobs from the same small set of contracts, all with over-complicated tax logic in the transfer function,” the attacker said.

“I suspect this simply a case of them re-using code they didn't thoroughly review,” they added. Before the dump, NORMIE was among the top meme coins on Base with a market capitalization of over $40 million and nearly 90,000 on-chain token holders, as per DEXTools metrics. Normie is slang for a “normal person,” and the Base version was modeled after a blue coloured frog that resembled the popular Pepe the Frog character.


It sits at a market capitalization of just $700 as of early Monday following the exploit.

Meanwhile, at least one NORMIE investor faced a massive loss due to the attack, with their $1.6 million in investment turning to just $150 in seconds.

“Since $NORMIE was exploited, the 11.23M $NORMIE that this trader spent $1.16M to buy is now worth less than $150,” analysis firm Lookonchain posted on X. “He spent $1.16M to buy 11.23M $NORMIE at $0.1035 from Mar 25 to Apr 9 and has held it until now without selling it.”