Swift action by CAT Protocol team prevents major damage after discovery of 1.2M unauthorized OPCAT tokens, with enhanced security measures now in place.
The CAT Protocol team recently addressed an exploit that allowed an unknown actor to create and sell unauthorized OPCAT tokens. Despite the severity of the issue, swift action and robust measures ensured that no user funds were lost, and the protocol remains secure.
On January 12, community members reported a suspicious wallet that had been consistently selling 50,000 OPCAT tokens daily since December 15. Upon receiving the information, the team quickly looked into the situation and identified a vulnerability exploited by the bad actor. It was revealed that 1.2 million tokens had been fraudulently generated and sold, leading to a decline in the token’s market price.
To address the issue, the CAT Protocol team immediately paused all OPCAT trading on exchanges and implemented a hotfix to prevent further token inflation. Working alongside their security partner, SlowMist, they also took steps to safeguard against future attempts.
To rectify the economic impact, the team bought 1.2 million tokens, which will be burned to maintain the total supply of 21 million OPCAT tokens. This approach ensures fairness and stability without affecting user balances. The team stated:
“To compensate users who have accidentally bought these inflated tokens, we have purchased 1.2M tokens, which will be burned to ensure the total circulating supply remains exactly 21M. Users’ balances will not be affected and no further action is required.”
Enhanced Security Measures and Ongoing Investigation
CAT Protocol informed users that it is implementing enhanced security measures to prevent similar issues in the future. The team is also collaborating with top security experts to review the system and address potential vulnerabilities, ensuring a safer and more reliable protocol.
The investigation into the exploit is ongoing, with critical clues already gathered. The team is working with SlowMist and law enforcement agencies to hold those responsible accountable. They encourage individuals who discover vulnerabilities to report them responsibly instead of exploiting them. CAT Protocol wrote:
“We are aware of your actions and have gathered critical clues about the attempted exploit. We are collaborating with leading security firms such as SlowMist Team and law enforcement agencies to trace and hold those responsible accountable. If your intent was to expose a vulnerability, we encourage you to engage responsibly and ethically.”
SlowMist confirmed the exploit on its X page, stating that CAT Protocol had suffered an attack due to a vulnerability. However, it intervened to mitigate the impact and assisted with the investigation, including profiling the attacker.
An innovative protocol in the Bitcoin ecosystem,@ProtocolCAT, recently suffered an attack due to a vulnerability. The SlowMist security team promptly stepped in to assist with the investigation and attacker profiling. Wishing for a smooth resolution.🛡️ https://t.co/gdMWFfZw52
— SlowMist (@SlowMist_Team) January 15, 2025
UniSat, a Bitcoin service provider, acknowledged the issue identified by the CAT Protocol team. Following the team’s recommendation, UniSat has partially reopened the CAT20 market, allowing sell orders while temporarily restricting new buy orders. Users are strongly encouraged to cancel any existing buy orders due to potential risks.
next