Normie Exploiter Offers to Return 90% of Stolen Funds If Team Relaunches Project

The meme coin Normie (NORMIE), built on Ethereum's Layer 2 network Base, fell victim to a sophisticated attack targeting a vulnerability in its smart contract's tax function.

A meme coin deployer on Base encountered a vulnerability in one of their smart contract's tax functions, which an attacker exploited to manipulate Normie's total supply and drain its liquidity pools.

Within hours, the meme coin's market capitalization, which once stood at a healthy $42 million, plummeted to a low of $100,000 at its lowest point.

The attacker's actions sparked widespread panic among investors, many of whom watched helplessly as the value of their holdings dwindled to almost nothing.

But in an unexpected turn of events, the attacker contacted Normie's deployer address, offering to return 90% of the stolen funds. However, there was a catch: the Normie team had to relaunch the project.

The attacker, who goes by the name "0xNormieExploiter," sent a message to the deployer address, which was later shared on Twitter by Base Block Builder.

According to the message, the attacker planned to keep 10% of the stolen funds as a bug bounty on the condition that there would be no reprisals.

“I offer to return 90% of the exploited ETH, keeping 10% as a bug bounty (with no reprisals). One condition: it, and the 600 ETH in the dev wallet, are used to fairly launch a new token that is used to reimburse NORMIE holders.”

At the time of the exploit, 600 ether was valued at approximately $2.3 million.

Faced with the massive loss of funds and a plummeting token value, the Normie team decided to accept the attacker's terms and continue operating the project.

The team later announced the decision to relaunch the project through a new X account after their main account was suspended.

“We will have to re-launch, yes. That will come after we get our main Twitter account back and after we get the funds from the exploiter.”

However, the temporary account used to make this announcement was also suspended shortly after.

The team planned to use the returned funds and $2.3 million from their development wallet to launch a new token, which would be used to reimburse current NORMIE holders, aiming to restore trust and stability within the community.

In another on-chain message, the attacker criticized the Normie contract code, calling it a “copy-paste job” that was likely not thoroughly reviewed by its developers before being pushed live.

The attacker went on to explain the ubiquity of this code among meme tokens, which could lead to further exploits if left unchecked.

“This exact code is present in a number of other token contracts, a few of which significantly pre-date Normie. Most meme tokens are simply copy-paste jobs from the same small set of contracts, all with over-complicated tax logic in the transfer function. I suspect this is simply a case of them re-using code they didn't thoroughly review.”

Before the exploit, NORMIE was among the top meme coins on Base, with a market capitalization of over $40 million and nearly 90,000 on-chain token holders.

Normie, slang for a “normal person,” was modeled after a blue-colored frog, which closely resembled the popular Pepe the Frog character.