Breaking News: Are your funds SAFU?

It has come to our attention that there is an exploit that has been uncovered and addressed. As a matter of fact, you may have fallen victim to the abuse of this tiny loophole that allows the siphoning of hundreds and thousands of dollars.

If you have invested, and or are currently holding reflection/redistribution tokens, this may apply to YOU.

During our investigation, we have identified a series of unexplainable micro-sells that are either unnoticed or written off as bots manipulating buys/sells (e.g., front-running). Going down this rabbit hole is tricky as you will stand in confusion with how there had been a sell when the person never held the token.

This is where this exploit is taking place.

There is a lot of hype in the BSC marketplace with auto-reflection and auto-redistribution tokens. It rewards holders with passive income when they hold. It’s a great idea to benefit long-term holders and believers in a project.

BUT. What if we told you, we could create a bot that could catch the auto-reflection to the liquidity pair, sell it against the BNB pair, and steal that BNB? Sounds too crazy?


That’s exactly what is happening. We’ll break this down in the simplest way we can so that EVERYONE can understand.

Check out the image below:

For those who use Dextools or Poocoin will be familiar with those unexplainable microsells and wonder “who sells that little?”. When tracking one of these exploit sells, one will quickly come to realize that this address never actually held any tokens! We could say, one would be left baffled at this mystery.

We’ll use a specific one for the series of images below: 0x35388c6aa5c958fd9c1265d3ff8e2b1ca38e556a

You can check the wallet balance or the BEP-20 transactions and it will not show this address ever holding this token. So, how did it sell something it never had?

When the Txn hash is opened, it becomes more clear that there was a sell that took place engaging with the token.

Take a look at the transaction hash of a couple projects exploited in this manner. You can clearly see that it has been targeted and engaged in some manner:

In simplest terms, this is a call-to-action bot that is catching the auto-reflection directed to the liquidity pair and selling against it, then returning the BNB to a specific address.

When we explore the wallet address it is tied to, we can see the vibrant interactions it is having with several projects and snatching small amounts of BNB.

You may be wondering, well it’s not that much. Wrong. This specific person made one crucial mistake and left behind a trail of breadcrumbs that exposed where all these funds were going.

Now, why don’t we go down that rabbit hole and see what we find, shall we?

Well, isn’t that surprising? Look at all those BNBs just flowing in from projects that are being exploited. Do you see that 1000 BNB withdrawal? Guess where that goes?

If you guessed Binance? You are correct!

There is a very simple solution to this exploit.

Sadly, many projects do not have access to such a simple solution: Blacklist the liquidity pair from the auto-reflection/auto-redistribution.

How do projects not have access to this? Well, many projects renounce ownership in good faith to appeal to the community. Although praiseworthy, by doing so, they’ve left themselves wide open for such an attack which allows consistent sell pressure.

This is a lesson for many people: A renounced contract is a dead contract. Please understand that when a contract is renounced, simple problems that arise like this can never be fixed.

For the more tech savvy people that want to chase this rabbit hole:

Explore the bitquery of the specific address used in the example above:

By doing so, you’ll be able to explore the different action calls as well as the process it is using to exploit this system.

Take a look at the following projects, their contract, and how they consistently fall victim to this as well:

Example 1)

  • LP address : 0xafa2b9977a5f893f3b44af8264925e2372686750
  • Contract address: 0xf2Df8458130F00c94bCDE2Dd3F288cF608187F87

Example 2)

  • LP address : 0xc736ca3d9b1e90af4230bd8f9626528b3d4e0ee0
  • Contract address: 0xc748673057861a797275CD8A068AbB95A902e8de

Example 3)

  • LP address: 0x51dcaf423fe39f620a13379cd26821cf8d433308
  • Contract address : 0x8850d2c68c632e3b258e612abaa8fada7e6958e5

We strongly urge all project owners that have NOT renounced ownership to quickly update their contract. To projects that have renounced their ownership, please trail your own transactions and see if there have been any breadcrumbs that exploiters have left behind, and if found, contact Binanace immediately to notify the wallet address to them. For projects that are starting, take heed of this and make the necessary adjustments to protect the integrity and longevity of your project.

Good luck to all.

Know that with CEEZEE, your funds are always SAFU.




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Leveling System & Kin Army recruits

Ransomware Attacks: The Cost of Not Being Prepared

5 Not-to-Ignore Best Practices for AWS NACLs (Network Access Control Lists)

5 Things to Look for When Buying a SOC as a Service

The day I fed my friends to an IBM algorithm

Here’s What to Do If Your Published Content is Stolen

HIPAA Compliance and Your Practice’s Shopify Store.

KISS Cloud Security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

Why Bitzznet going to be an EPIC Concept.

Doodle Apes

CS 373 Spring 2022: Saran Chockan Blog # 3

How to teach something to someone who doesn’t want to learn