📣Dear community and partners,
$BADAI is SAFU✅ We sincerely apologize for the inconvenience caused during the
$BADAI launch and would like to share the full report on the behavior of the anti-sniping protection.
🛠️The anti-sniping protection is designed to prevent unfair liquidity purchases during the critical moments immediately after a launch. It limits the ability to rapidly acquire large amounts of liquidity using bots and MEV strategies, ensuring that all community members have fair access. However, a mistake made by our tech team while integrating the protection algorithm across two liquidity pools led to restrictions on regular trading activity and resulted in users being blacklisted for interacting with the liquidity pools on PancakeSwap and THENA.
📌To facilitate the launch, liquidity was added simultaneously to two decentralized exchanges—THENA and PancakeSwap. Only three addresses were added to the whitelist:
1. The smart contract of the PancakeSwap liquidity pool (0x3743a5e487964b408f210cb0ca7d57e6a540a359)
2. The smart contract of the THENA liquidity pool (0xbe08c67556ad499572c4fb92353d6bc3c2e71e90)
3. The Connector smart contracts that were used to supply liquidity from GraFun to these DEXs (PancakeSwap: 0x57AeBC69c299e69a38a12d6cC6C889855C6c7d03; THENA: 0x47F4BB5e5419A4b09C23173f250b72cc88044ce0)
No additional wallets or smart contracts were added to the whitelist. This means only addresses not flagged by the anti-sniping protection could sell tokens.
⚠️Unfortunately, due to an error in the integration process, the protection filters on both LPs ended up cross-blacklisting one another. This created a situation where users who interacted with these pools also became blacklisted.
👉The consequence of this error was a chain reaction:
1. While the liquidity pools themselves remained active and whitelisted, allowing purchases to proceed without issues.
2. Users who engaged with these pools were inadvertently blacklisted because the protection identified their transactions as involving “infected” addresses.
3. As a result, even though users could buy tokens, they were unable to sell them.
4. The pools continued to function normally, but the cross-blacklisting meant that any wallet interacting with either pool would also be blacklisted.
🆘Once the issue was identified, the team took immediate action to filter out sniper addresses. However, due to the large number of affected wallets, accurately distinguishing them within a short timeframe proved extremely challenging. Under pressure from the community, which faced significant inconvenience, the decision was made to keep wallets blocked in the first and second blocks for further investigation while unblocking all others and then disabling the protection entirely. However, due to the sheer volume of data, the limited time available, and the complexity of the situation, some wallets that had been initially blocked in the first two blocks were mistakenly unblocked during the protection deactivation process.
⚠️Additionally, some malicious actors find a way to bypass the protection by using the Connector smart contract. Attackers managed to reverse-engineer the Connector contract and leveraged it alongside PancakeSwap routing to create LP pairs with self-minted junk tokens. This method allowed them to confuse transaction traces and avoid direct blocking.
All the newly deployed LP pairs with these junk tokens were blocked in the next block, and attackers had already withdrawn most of the liquidity. In the first block, before the restriction took effect, they managed to swap the exploited tokens for BNB.
🔍Step-by-Step Breakdown:
1. Purchase and Transfer: The attacker’s contract bought tokens on a DEX and transferred the entire amount to the Connector contract.
2. Fake Token Minting: The attacker’s contract minted additional junk tokens on the exploiter contract, which were then transferred to the Connector contract.
3. Liquidity Pair Creation: Using both the purchased tokens and the newly minted junk tokens, the attacker created a new liquidity pair and provided liquidity to the pool.
4. Immediate Liquidity Withdrawal: In the same transaction, liquidity was immediately withdrawn from the newly created pair, and the tokens were transferred to the exploiter contract.
5. Selling Exploited Tokens: The extracted tokens were then sold in a standard token/wrapped BNB pair, allowing the attacker to cash out.
6. LP Token Manipulation: Since LP tokens were generated upon liquidity creation, they were sent to the attacker’s contract as part of the exploit, further facilitating liquidity extraction.
‼️These transactions are not related to any of dev or
$BADAI team wallets. The exploiters managed to take advantage of the Connector contract used to deploy liquidity and the PancakeSwap routing, washing out the traces and extracting BNBs in a one same transaction.
👉Ultimately, there were 2 points of failure during the integration on GraFun’s tech side:
1. A flaw in the protection logic led to the mass blacklisting of users while the pools themselves remained operational.
2. The reverse-engineered Connector contract and PancakeSwap routing allowed an attacker to bypass restrictions and withdraw funds using LP mechanics.
‼️The team has thoroughly analyzed the incident and implemented the necessary fixes to prevent such situations in the future.
👉As follows from the explanation above, during the period when the anti-sniping protection was active, only two categories of wallets had access to selling: snipers that managed to bypass the protection and wallets that received airdropped tokens.
👉The teams at GraFun and BADAI are actively collaborating to conduct a detailed investigation into each wallet and every transaction trace to identify the actors involved. Please note that the BADAI team has confirmed that their wallets and internal accounts are in no way connected to these transactions. Additionally, the GraFun team did not hold any allocation of tokens, nor did they possess any tokens at launch, and they were not involved in any part of the sales activity, which was solely carried out by malicious actors who bypassed the protection and by presale participants who received an airdrop.
Both teams did not originally intend for the anti-sniping and liquidity protection mechanisms to function this way, and this issue was the result of unforeseen complications in execution. We remain fully committed to resolving this situation transparently, bringing every detail to the table, and implementing stronger security measures to prevent such incidents in the future.
🔎For a more detailed understanding and transparency, below is an analysis of the TOP-10 traders by PNL on PancakeSwap.
Source:
dextools.io/app/en/bnb/pair-…
1. 0xbccbf00c9b046fd2a84174b7b7010fd3435cc032
Sniped ~750 BNB, blocked by protection, later sold ~650 BNB via main and supplementary wallets, still holding ~100 BNB worth of tokens (on a supplementary wallet: (0xb8713e63f79a34ab822e8f77c68e1b4d41af1738), with nearly 0 net profit
2. 0xd4f04374385341da7333b82b230cd223143c4d62
Sniper managed to bypass liquidity protection by using the methods of exploiter smart contract (0xbb4cdb9cbd36b01bd1cbaebf2de08d9173bc095c) as described above.
3. 0x64871eb1d2bee651182419edb882dc1290adf855
This wallet participated in presale, collected tokens from multiple wallets, and sold.
4. 0x132d9bbdbe718365af6cc9e43bac109a9a53b138
Sniper that managed to bypass the liquidity protection (Slurpycoin exploiter) by a described model
5. 0x982f63c2f16b0d07e300ed87ada3227d12b58e5e
Airdrop participant
6. 0x605389f7d213681d660ff3f11560c9af5e15415e
Sniper that managed to bypass the liquidity protection
7. 0xd7f382c0b1631e81ac73d0abd5f6f37613d44ef9
A sniper bought for 255 BNBs, then blocked by protection, and after unblocking, sold for 119 BNBs with over 50% loss.
8. 0x1111e09c4d899ba268dc0d6e5a3bb13379ac6051
Pre-sale participant
9. Supplementary wallet of the #1 in the list
0xb8713e63f79a34ab822e8f77c68e1b4d41af1738
10. 0x1cee9722d02c59b54fa50857490d943af804af45
Pre-sale participant
11. 0x47917fca14069885f85e6F52bd9623564E715dDa
Sniped for 742 BNB worth of tokens while paying 606 BNB to the MEV provider securing more than 80% of loss.
*More wallets and on-chain data will be investigated as soon as possible and will be provided to the public.
✅At this moment, since the deactivation of the anti-sniping protection, all trading remains fully operational. Everything is functioning as expected, and neither party holds the right to impose any further restrictions. This right has been fully renounced, ensuring that trades operate fully decentralized and autonomously.
$BADAI is fully SAFU now.
💡We have been actively collaborating and continue to work closely with trusted partners and their security teams, including BNB Chain, GoPlus, and QuickIntel. We sincerely appreciate their support in investigating this matter and ensuring full transparency for the community and our partners.
🛡It is important to note that most snipers were successfully blocked and did not secure significant profits. Had this been a standard token launch without integrated protection, the impact of sniper activity—especially on a highly anticipated token like $BADAI—would have been far more severe.
At the same time, we fully acknowledge the inconvenience this situation has caused to the community and partners. We deeply regret the disruptions and sincerely apologize to everyone affected.
✊The GraFun team remains committed to conducting a thorough investigation, identifying all attack vectors, and tracing the wallets involved in unauthorized activities. We will continue working to ensure transparency and strengthen security measures for future launches.