6 out of 6 new Base meme coins are scams, 91% have vulnerabilities.

Since Denkun's upgrade that dramatically lowered fees on Ethereum's layer 2s, Coinbase's highly decentralized blockchain base has been locked in by user numbers, transactions, and total value.

Like Solana, the fast and cheap L1 blockchain, much of the activity is fueled by a fracked gamble on memecoins, with hopefuls racing to earn life-changing cash from minimal costs.

But an investigation by the magazine found that most of the memecoins on the platform have security vulnerabilities that could expose users to huge losses.

And almost one in five are intentionally malicious and use various methods to steal users' money.

Magazine collected the security profiles of 1,000 new base tokens – almost all memecoins or scams – launched between March 19 and 25. This is not a comprehensive audit, as there are currently over 380,000 ERC-20 tokens on Base. However, it is a representative sample of the 1,000 tokens launched that week.

The tokens are analyzed by automated auditors on the business analysis platform DEXTools to determine whether or not each project implements three basic security measures: locked-in liquidity, verified contracts and absence of honeypots.

For those who don't know, this means:

Liquidity is locked in decentralized finance (DeFi) when a portion of a cryptocurrency trading pair is sealed with a smart contract. This directly addresses remote pull concerns.

A verified contract means that a project's smart contract is accessible to investors to assess potential risks.

A highpot is a type of scam that lures investors with high profits but prevents them from selling.

According to the analysis, 908 projects or 90.8% of the sampled tokens failed at least one of these security conditions.

While some security flaws may indicate illegal activity, memecoin creators may reflect a lack of knowledge of proper security procedures, especially if they launch the token as a joke or to troll the industry.

“This situation highlights the challenges faced by projects that cannot afford to hire security experts or conduct an independent review of their smart contracts,” David Schwed, chief executive officer of security firm Holborn, told the magazine. Many projects simply copy and paste existing tokens, which means defects multiply, he added.

“The tendency of these projects to be forks of existing projects or generated through AI often inherit vulnerabilities or introduce new ones.”

17% of tokens on Base are clear crypto scams.

But while unsavory founders stumbling across startups explain most issues, a worryingly large number of tokens are outright scams.

According to the analysis, 16.9% of projects are suspected of malicious intent with inflated sales “taxes” or honey scams that involve conditions that prevent owners from selling tokens.

Potential honeypots were found in 121 projects. An additional 48 sales taxes are as high as 100%, which is no different than theft.

It should be noted that memecoin scams can take different forms and automated auditors may misidentify some signs or miss some creative schemes.

Early carpet pulling has become a growing trend on the Solana network, and they are difficult to identify because they often rely on social engineering methods and encouragement. Sometimes, a token presale is held for a project that doesn't even have a smart contract for auditing.

A recent study by Blockade revealed that half of the Solana presale tokens launched between November and February were reportedly malicious.

The most common memecoin vulnerability at Base is carpet crawling.

Among the 1,000 projects analyzed, the most common security vulnerability was found in their liquidity pools.

“Locked-in liquidity immediately prevents LP rag-pulling and provides a level of confidence that is the basis for any project interested in proving they are credible and legitimate,” MYSTCL On Base founder Vesper told the magazine.

Of the mentioned tokens, 905 projects or 90.5% have not locked their liquidity, which makes them vulnerable to carpet dragging.

In decentralized exchanges, a token must be tied to a more established asset such as Ether or a stablecoin. Investors contribute to increasing the value of the liquidity pool by exchanging these established tokens for the new memecoin.

Carpet pulling is a type of scam where developers withdraw all ETH, Stratacoin or other assets from the liquid pool and abandon the project.

A direct countermeasure to prevent carpet drag accidents is when builders lock their liquid pools. This step serves as a coded guarantee that you will not and cannot access the liquid pool. Sometimes these promises have an expiration date.

Just because a project doesn't have a locked-in liquid doesn't mean it's a carpet waiting to be ripped.

According to Vesper, there can be logical explanations when liquidity is opened, such as moving liquidity from one decentralized exchange (DEX) to another.

In such cases, projects can have additional layers of security, such as guaranteed contracts, to gain trust.

Of the 905 projects that did not have locked-in liquidation payments, 675 had guaranteed contracts.

The other 230 tokens have no locked-in liquidity or provable contracts, said Vesper, the lead developer of the projects he founded.

“DApps may protect their code for competitive reasons (auditing is important in this case) [but] “Tokens have no real reason not to verify their contracts,” Vesper says.

Coinbase gives a fairly boilerplate response to magazine queries, pointing out that Base is unlicensed.

“While we don't support specific assets, we support developers entering the base ecosystem, and we continue to focus on making on-chain technology accessible through faster and cheaper transactions.”

Memecoins move base defy to new heights

Business data provider Birdeye said there were about 1,300 new tokens in the seven days to March 25, when the magazine completed the security profiles of 1,000 base projects.

But in the week to April 2, that number exploded to 4,000.

During this period, new tokens launched on Solana have a weekly fixed valuation of 19,000.

While Base's rise to memecoin stardom has not had much impact on the volume of new projects on Solana, volumes on DEXs tell a different story.

In the seven days to April 2, trading volume in Solana DEXs declined, with five falling 20% ​​to a high of 59.5%, according to Defillama.

Meanwhile, four of the five major base DEXs had positive changes in trading volume, with Uniswap up 147% to $405.09 million.

Uniswap's trading volume on Solana is second only to Orca at $484.17 million.

Things that are not visible in the fungus

The recent memecoin pump has split the industry into two conflicting camps.

One side has criticized the popularity of memecoins due to the lack of utility and high fraud rates.

“Security weaknesses in new memecoin projects … reflect a broader trend in the memecoin ecosystem as a whole,” Schwed says.

On the other side of the public, some industry watchers cheered on memecoin's rally to bring new investors into the space.

“You can multiply these things as stupid and worthless, but if it brings attention and more engineers to the place, it is a positive value for the chain itself,” Arthur Hayes, founder of BitMEX accessories, told Real Vision CEO Raul. Pal in a recent interview.

Vesper says his dev roots tuned him into “consumer creation,” but he recently had a change of heart.

“I understand that there are intangible forces that drive the crypto space as well, and they are part of that, like blockchains and smart contracts.”

Subscribe

A very engaging read in Blockchain. It is given once a week.

John Yun

Yohan Yun is a multimedia journalist who has been reporting on blockchain since 2017. He has contributed as an editor to crypto media outlet Forkast and covered Asian technology stories as an assistant reporter for Bloomberg BNA and Forbes. He spends his free time cooking and experimenting with new recipes.