Hackers Crypto Liquidity Pools

Crypto pool liquidity is the total assets locked in a decentralized finance (DeFi) liquidity pool.

Hackers manipulate the pool liquidity to create artificial imbalances that allow them to control prices and execute profitable trades. 


Not only that, it often results in significant financial gains at the expense of other users in the ecosystem.

Cybersecurity researchers at Check Point recently reported that their Threat Intelligence system flagged pool manipulation, causing a 22,000% token surge. 

In this manipulation, the attacker managed to steal $80,000 by exploiting the liquidity pool.

Hackers Exploiting Crypto Liquidity Pools

During the analysis, researchers found two wallets created by the scammer, and here below we have mentioned those:-

  • 0x48F7661E84A823505d683D092a2DccdA1e5aA119
  • 0x151a2498826F9fe6f214C92bB1811f7d1153b630

The wallet one deployed WIZ token (0x2ae38b2b47bf41ba4ab8f749b092fdd02b00bc1e) and its liquidity pool (0x6e0367d897a8fd8bcbc44b4e2a14bafa904360aa) with WETH and WIZ reserves.

The wallet two (0x151a2498826F9fe6f214C92bB1811f7d1153b630) created malicious contract (0x796042E0032aC5247bc04A49102d49c5b5A5cF0c), exploiting a backdoor for WIZ token price manipulation, leading to an $80,000 theft.

Here below, we have mentioned all the methods of operation:-

  • Token Creation
  • Token Promotion
  • Investor Participation
  • Pool Manipulation
  • Scammer’s Gain
Attack flow (Source – Check Point)

Imagine a digital reservoir holding Token A and Ethereum. Users freely swap these tokens, affecting their values. The scammer manipulates the pool by burning Token A, boosting its value through supply and demand dynamics. 

The reduction in Token A increases Ethereum’s value, causing a significant surge in the token price, especially for WIZ in the WIZ/WETH pool.

This strategy inflates token prices in liquidity pools temporarily by burning one side. Decentralized exchanges, relying on pool ratios, are vulnerable to exploitations like rug pulls. 

To reach the _burn function, the scammer bypasses checks by setting limitsEnabled to False, achieved through running ‘removeLimits.’ 

The second check requires the ‘from’ address to return False on ExcludeFromFees and True for isExcludedForMaxTxAmount. Running public functions with the scammer’s contract address as input verifies these conditions.

Check marks (Source – Check Point)

Examining the WIZ token, experts find a backdoor where the scammer, who is likely the creator, set the ExcludedForMaxTxAmount to True for the malicious contract address. 

This link suggests the same individual who designed both the WIZ token and the scam.

The scammer temporarily boosts token prices in the liquidity pool, manipulating balances to impact decentralized exchange rates. This tactic exposes the vulnerability in liquidity pools tied to different contracts.

Exploiting backdoors, scammers manipulate liquidity pools, underscoring the need for vigilance in decentralized finance against fraudulent schemes.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.